Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 4712 cmdline:
C:\Users\u ser\Deskto p\file.exe MD5: D0BF82E7840B3179B85D665A3AE895A5) - explorer.exe (PID: 3324 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - 1E3.exe (PID: 3536 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\1E3.exe MD5: B2FDE4A8B7D6AA7E0FA7F853899F1C4F)
- vgfsabt (PID: 3120 cmdline:
C:\Users\u ser\AppDat a\Roaming\ vgfsabt MD5: D0BF82E7840B3179B85D665A3AE895A5)
- cleanup
{"C2 list": ["http://skinndia.com/tmp/", "http://cracker.biz/tmp/", "http://piratia-life.ru/tmp/"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Windows_Trojan_Smokeloader_4e31426e | unknown | unknown |
| |
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Windows_Trojan_Smokeloader_4e31426e | unknown | unknown |
| |
Click to see the 4 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security |
Timestamp: | 192.168.2.593.112.238.8549715802851815 01/03/23-09:46:55.877154 |
SID: | 2851815 |
Source Port: | 49715 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5175.120.254.949709802851815 01/03/23-09:46:28.845991 |
SID: | 2851815 |
Source Port: | 49709 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5195.158.3.16249708802851815 01/03/23-09:46:27.109616 |
SID: | 2851815 |
Source Port: | 49708 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5175.120.254.949719802851815 01/03/23-09:46:58.922198 |
SID: | 2851815 |
Source Port: | 49719 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Malware Configuration Extractor: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 1_2_0040E624 | |
Source: | Code function: | 1_2_0040E0E0 | |
Source: | Code function: | 1_2_0040AAA8 | |
Source: | Code function: | 1_2_0040FB31 | |
Source: | Code function: | 1_2_0040DB9C | |
Source: | Code function: | 9_2_0040E0E0 | |
Source: | Code function: | 9_2_0040ED1C | |
Source: | Code function: | 9_2_0040E624 | |
Source: | Code function: | 9_2_0040AAA8 | |
Source: | Code function: | 9_2_00407B03 | |
Source: | Code function: | 9_2_0040FB31 | |
Source: | Code function: | 9_2_0040DB9C | |
Source: | Code function: | 10_2_0040E0E0 | |
Source: | Code function: | 10_2_0040ED1C | |
Source: | Code function: | 10_2_0040E624 | |
Source: | Code function: | 10_2_0040AAA8 | |
Source: | Code function: | 10_2_00407B03 | |
Source: | Code function: | 10_2_0040FB31 | |
Source: | Code function: | 10_2_0040DB9C |
Source: | Code function: | 1_2_00401615 | |
Source: | Code function: | 1_2_00401620 | |
Source: | Code function: | 1_2_00403428 | |
Source: | Code function: | 1_2_00401633 | |
Source: | Code function: | 1_2_00401636 | |
Source: | Code function: | 1_2_004017E4 | |
Source: | Code function: | 1_2_0040159D |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 9_2_0040297F |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 9_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC | |
Source: | Command line argument: | 10_2_00402ADC |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Code function: | 1_2_004020AD | |
Source: | Code function: | 1_2_00402DCF | |
Source: | Code function: | 1_2_00532114 | |
Source: | Code function: | 1_2_00532E36 | |
Source: | Code function: | 9_2_004048D4 | |
Source: | Code function: | 10_2_004048D4 |
Source: | Code function: | 9_2_004028BE |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File deleted: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Evasive API call chain: | graph_9-6262 | ||
Source: | Evasive API call chain: | graph_9-6515 | ||
Source: | Evasive API call chain: | graph_10-6514 | ||
Source: | Evasive API call chain: | graph_10-6261 |
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Process information queried: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | API call chain: | graph_9-6517 | ||
Source: | API call chain: | graph_10-6515 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | System information queried: | Jump to behavior |
Source: | Code function: | 9_2_00405EC0 |
Source: | Code function: | 9_2_004028BE |
Source: | Code function: | 1_2_0053092B | |
Source: | Code function: | 1_2_00530D90 |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 9_2_004039D2 | |
Source: | Code function: | 9_2_00406E1E | |
Source: | Code function: | 9_2_00405EC0 | |
Source: | Code function: | 9_2_0040472E | |
Source: | Code function: | 10_2_004039D2 | |
Source: | Code function: | 10_2_00406E1E | |
Source: | Code function: | 10_2_00405EC0 | |
Source: | Code function: | 10_2_0040472E |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File created: | Jump to dropped file |
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Thread created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 9_2_0040D99F | |
Source: | Code function: | 10_2_0040D99F |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 9_2_00407430 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 32 Process Injection | 11 Masquerading | 1 Input Capture | 1 System Time Discovery | Remote Services | 1 Input Capture | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 2 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 12 Virtualization/Sandbox Evasion | LSASS Memory | 221 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Exploitation for Client Execution | Logon Script (Windows) | Logon Script (Windows) | 32 Process Injection | Security Account Manager | 12 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 3 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Hidden Files and Directories | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 114 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Software Packing | Cached Domain Credentials | 14 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 File Deletion | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
degroeneuitzender.nl | 5.135.247.111 | true | true | unknown | |
vatra.at | 195.158.3.162 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
93.112.238.85 | unknown | Saudi Arabia | 25019 | SAUDINETSTC-ASSA | true | |
5.135.247.111 | degroeneuitzender.nl | France | 16276 | OVHFR | true | |
195.158.3.162 | vatra.at | Uzbekistan | 8193 | BRM-ASUZ | true | |
211.171.233.126 | unknown | Korea Republic of | 3786 | LGDACOMLGDACOMCorporationKR | false | |
181.215.246.89 | unknown | Chile | 60458 | ASN-XTUDIONETES | true | |
190.140.74.43 | unknown | Panama | 18809 | CableOndaPA | false | |
175.120.254.9 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | true | |
58.235.189.192 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | false |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 777186 |
Start date and time: | 2023-01-03 09:44:09 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 19s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | file.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@4/3@13/8 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ctldl.windowsupdate.com
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
09:46:26 | Task Scheduler |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
93.112.238.85 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
5.135.247.111 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
degroeneuitzender.nl | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
vatra.at | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
SAUDINETSTC-ASSA | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ce5f3254611a8c095a3d821d44539877 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | modified |
Size (bytes): | 650752 |
Entropy (8bit): | 7.459319971555059 |
Encrypted: | false |
SSDEEP: | 12288:8zehz7flyOy9EQZe6Zohw87Me/YlaJWD1KkVFe8tXTMENi+7:8UzByOyPZDZofge/hS1NVF3xTtN |
MD5: | B2FDE4A8B7D6AA7E0FA7F853899F1C4F |
SHA1: | 17349645171D6D99D95B597E462513BDDEED1D4C |
SHA-256: | 80F748BCBC373132E361C85DEF9887BAE38EA8F9B72B06539D24321BE8111D93 |
SHA-512: | 9653CEE1F673D4CA726C0790470260EE4EEBAD108A47F455844FAAC56880E98BE06901E3CB5E762CCFEE6DBD51BBC3762E7BB691D18856086212028C2A524B07 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 341504 |
Entropy (8bit): | 6.638746109906065 |
Encrypted: | false |
SSDEEP: | 6144:IdLLsrs6dNPpKqibWQFvVquxsV5p5KjAWTM4xVvkHb+ewB:ILgrs6daqo33jxsV5KXTMENi+7 |
MD5: | D0BF82E7840B3179B85D665A3AE895A5 |
SHA1: | F97D45F0DF4B91FA8756AF2A4AC4B7BC28A79C14 |
SHA-256: | 40C8ADAEE430093BF55E59066013C9EF5959D617751930D1B77944C5BC769527 |
SHA-512: | 50FCE94219099B9B5A44FF912F935E5302F209ADD82E2FEFB94DD763D1A7DA373A3293F73431807ABC4BDF7A726ED467E2AAB26B4687F75E0E861A47EF9E3896 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.638746109906065 |
TrID: |
|
File name: | file.exe |
File size: | 341504 |
MD5: | d0bf82e7840b3179b85d665a3ae895a5 |
SHA1: | f97d45f0df4b91fa8756af2a4ac4b7bc28a79c14 |
SHA256: | 40c8adaee430093bf55e59066013c9ef5959d617751930d1b77944c5bc769527 |
SHA512: | 50fce94219099b9b5a44ff912f935e5302f209add82e2fefb94dd763d1a7da373a3293f73431807abc4bdf7a726ed467e2aab26b4687f75e0e861a47ef9e3896 |
SSDEEP: | 6144:IdLLsrs6dNPpKqibWQFvVquxsV5p5KjAWTM4xVvkHb+ewB:ILgrs6daqo33jxsV5KXTMENi+7 |
TLSH: | FA74AD306390E875FB1A05758825DAE06E69F8738F506AB37328771F9A70DF1823ED94 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........=.snn.snn.snn.!.n.snn.!.n.snn.!.n.snn...n.snn.son.snn.!.n.snn.!.n.snn.!.n.snnRich.snn........................PE..L....~.`... |
Icon Hash: | b4bc96b6b69486e2 |
Entrypoint: | 0x403ffe |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x60EB7E99 [Sun Jul 11 23:28:25 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | ac60a8dcc69324c92e3ea84189250edd |
Instruction |
---|
call 00007F8DA8336FD2h |
jmp 00007F8DA8333A1Eh |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
call 00007F8DA8333BDCh |
xchg cl, ch |
jmp 00007F8DA8333BC4h |
call 00007F8DA8333BD3h |
fxch st(0), st(1) |
jmp 00007F8DA8333BBBh |
fabs |
fld1 |
mov ch, cl |
xor cl, cl |
jmp 00007F8DA8333BB1h |
mov byte ptr [ebp-00000090h], FFFFFFFEh |
fabs |
fxch st(0), st(1) |
fabs |
fxch st(0), st(1) |
fpatan |
or cl, cl |
je 00007F8DA8333BA6h |
fldpi |
fsubrp st(1), st(0) |
or ch, ch |
je 00007F8DA8333BA4h |
fchs |
ret |
fabs |
fld st(0), st(0) |
fld st(0), st(0) |
fld1 |
fsubrp st(1), st(0) |
fxch st(0), st(1) |
fld1 |
faddp st(1), st(0) |
fmulp st(1), st(0) |
ftst |
wait |
fstsw word ptr [ebp-000000A0h] |
wait |
test byte ptr [ebp-0000009Fh], 00000001h |
jne 00007F8DA8333BA7h |
xor ch, ch |
fsqrt |
ret |
pop eax |
jmp 00007F8DA83347BFh |
fstp st(0) |
fld tbyte ptr [004114BAh] |
ret |
fstp st(0) |
or cl, cl |
je 00007F8DA8333BADh |
fstp st(0) |
fldpi |
or ch, ch |
je 00007F8DA8333BA4h |
fchs |
ret |
fstp st(0) |
fldz |
or ch, ch |
je 00007F8DA8333B99h |
fchs |
ret |
fstp st(0) |
jmp 00007F8DA8334795h |
fstp st(0) |
mov cl, ch |
jmp 00007F8DA8333BA2h |
call 00007F8DA8333B6Eh |
jmp 00007F8DA83347A0h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
add esp, 00000030h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x10174 | 0x3c | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x30000 | 0x26b30 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x57000 | 0xaa4 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x11b0 | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x25c0 | 0x40 | .text |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x164 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xf992 | 0xfa00 | False | 0.574578125 | data | 6.773217121698693 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x11000 | 0x1e4fc | 0x1b600 | False | 0.755921803652968 | data | 6.812614538183082 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x30000 | 0x26b30 | 0x26c00 | False | 0.5955393145161291 | data | 5.90584051060312 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x57000 | 0x14e0 | 0x1600 | False | 0.41370738636363635 | data | 4.078155334415673 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_CURSOR | 0x54fc0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Slovak | Slovakia |
RT_CURSOR | 0x55e68 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Slovak | Slovakia |
RT_CURSOR | 0x56738 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | Slovak | Slovakia |
RT_CURSOR | 0x56868 | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 0 | Slovak | Slovakia |
RT_ICON | 0x30b20 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x319c8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x32270 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x327d8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x34d80 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x35e28 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x367b0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x36c80 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x37b28 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x383d0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x3a978 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x3ba20 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x3bed8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x3cd80 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x3d628 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x3db90 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x40138 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x411e0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x41b68 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x42038 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x42ee0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x43788 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x43e50 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x443b8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x46960 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x47a08 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x47ed8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Slovak | Slovakia |
RT_ICON | 0x48d80 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Slovak | Slovakia |
RT_ICON | 0x49628 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Slovak | Slovakia |
RT_ICON | 0x49cf0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Slovak | Slovakia |
RT_ICON | 0x4a258 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | Slovak | Slovakia |
RT_ICON | 0x4c800 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Slovak | Slovakia |
RT_ICON | 0x4d8a8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | Slovak | Slovakia |
RT_ICON | 0x4e230 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | Slovak | Slovakia |
RT_ICON | 0x4e710 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x4f5b8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x4fe60 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x50528 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Slovak | Slovakia |
RT_ICON | 0x50a90 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x53038 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x540e0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Slovak | Slovakia |
RT_ICON | 0x54a68 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Slovak | Slovakia |
RT_ACCELERATOR | 0x54f48 | 0x78 | data | Slovak | Slovakia |
RT_GROUP_CURSOR | 0x56710 | 0x22 | data | Slovak | Slovakia |
RT_GROUP_CURSOR | 0x56918 | 0x22 | data | Slovak | Slovakia |
RT_GROUP_ICON | 0x36c18 | 0x68 | data | Slovak | Slovakia |
RT_GROUP_ICON | 0x3be88 | 0x4c | data | Slovak | Slovakia |
RT_GROUP_ICON | 0x47e70 | 0x68 | data | Slovak | Slovakia |
RT_GROUP_ICON | 0x41fd0 | 0x68 | data | Slovak | Slovakia |
RT_GROUP_ICON | 0x4e698 | 0x76 | data | Slovak | Slovakia |
RT_GROUP_ICON | 0x54ed0 | 0x76 | data | Slovak | Slovakia |
RT_VERSION | 0x56940 | 0x1f0 | MS Windows COFF PowerPC object file | Slovak | Slovakia |
DLL | Import |
---|---|
KERNEL32.dll | DebugActiveProcess, DeleteVolumeMountPointA, EndUpdateResourceW, ReadConsoleA, GetNumberOfConsoleMouseButtons, GetComputerNameW, SetThreadExecutionState, FreeEnvironmentStringsA, GetTickCount, TlsSetValue, LoadLibraryW, GetConsoleAliasW, WriteConsoleW, LCMapStringA, InterlockedExchange, SetLastError, GetProcAddress, VirtualAlloc, ResetEvent, LoadLibraryA, GetProcessWorkingSetSize, SetConsoleDisplayMode, LockResource, SetCommMask, GetModuleHandleA, OpenFileMappingW, GetCurrentThreadId, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleW, Sleep, ExitProcess, GetStartupInfoW, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, TerminateProcess, GetCurrentProcess, IsDebuggerPresent, GetLastError, WriteFile, GetStdHandle, GetModuleFileNameA, TlsGetValue, TlsAlloc, TlsFree, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, MultiByteToWideChar, RtlUnwind, HeapSize, GetLocaleInfoA, WideCharToMultiByte, RaiseException, GetConsoleCP, GetConsoleMode, FlushFileBuffers, LCMapStringW, GetStringTypeA, GetStringTypeW, CloseHandle, WriteConsoleA, GetConsoleOutputCP, SetFilePointer, SetStdHandle, CreateFileA |
USER32.dll | WindowFromDC |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Slovak | Slovakia |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.593.112.238.8549715802851815 01/03/23-09:46:55.877154 | TCP | 2851815 | ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 | 49715 | 80 | 192.168.2.5 | 93.112.238.85 |
192.168.2.5175.120.254.949709802851815 01/03/23-09:46:28.845991 | TCP | 2851815 | ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 | 49709 | 80 | 192.168.2.5 | 175.120.254.9 |
192.168.2.5195.158.3.16249708802851815 01/03/23-09:46:27.109616 | TCP | 2851815 | ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 | 49708 | 80 | 192.168.2.5 | 195.158.3.162 |
192.168.2.5175.120.254.949719802851815 01/03/23-09:46:58.922198 | TCP | 2851815 | ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 | 49719 | 80 | 192.168.2.5 | 175.120.254.9 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 3, 2023 09:46:26.986928940 CET | 49708 | 80 | 192.168.2.5 | 195.158.3.162 |
Jan 3, 2023 09:46:27.109085083 CET | 80 | 49708 | 195.158.3.162 | 192.168.2.5 |
Jan 3, 2023 09:46:27.109195948 CET | 49708 | 80 | 192.168.2.5 | 195.158.3.162 |
Jan 3, 2023 09:46:27.109616041 CET | 49708 | 80 | 192.168.2.5 | 195.158.3.162 |
Jan 3, 2023 09:46:27.109632015 CET | 49708 | 80 | 192.168.2.5 | 195.158.3.162 |
Jan 3, 2023 09:46:27.232065916 CET | 80 | 49708 | 195.158.3.162 | 192.168.2.5 |
Jan 3, 2023 09:46:27.672688007 CET | 80 | 49708 | 195.158.3.162 | 192.168.2.5 |
Jan 3, 2023 09:46:27.673171043 CET | 80 | 49708 | 195.158.3.162 | 192.168.2.5 |
Jan 3, 2023 09:46:27.673271894 CET | 49708 | 80 | 192.168.2.5 | 195.158.3.162 |
Jan 3, 2023 09:46:27.733532906 CET | 49708 | 80 | 192.168.2.5 | 195.158.3.162 |
Jan 3, 2023 09:46:27.857680082 CET | 80 | 49708 | 195.158.3.162 | 192.168.2.5 |
Jan 3, 2023 09:46:28.542877913 CET | 49709 | 80 | 192.168.2.5 | 175.120.254.9 |
Jan 3, 2023 09:46:28.838428974 CET | 80 | 49709 | 175.120.254.9 | 192.168.2.5 |
Jan 3, 2023 09:46:28.838675022 CET | 49709 | 80 | 192.168.2.5 | 175.120.254.9 |
Jan 3, 2023 09:46:28.845990896 CET | 49709 | 80 | 192.168.2.5 | 175.120.254.9 |
Jan 3, 2023 09:46:28.848963976 CET | 49709 | 80 | 192.168.2.5 | 175.120.254.9 |
Jan 3, 2023 09:46:29.144529104 CET | 80 | 49709 | 175.120.254.9 | 192.168.2.5 |
Jan 3, 2023 09:46:30.059654951 CET | 80 | 49709 | 175.120.254.9 | 192.168.2.5 |
Jan 3, 2023 09:46:30.059716940 CET | 80 | 49709 | 175.120.254.9 | 192.168.2.5 |
Jan 3, 2023 09:46:30.059798002 CET | 49709 | 80 | 192.168.2.5 | 175.120.254.9 |
Jan 3, 2023 09:46:30.059798002 CET | 49709 | 80 | 192.168.2.5 | 175.120.254.9 |
Jan 3, 2023 09:46:30.209362030 CET | 49710 | 80 | 192.168.2.5 | 58.235.189.192 |
Jan 3, 2023 09:46:30.355072975 CET | 80 | 49709 | 175.120.254.9 | 192.168.2.5 |
Jan 3, 2023 09:46:30.476968050 CET | 80 | 49710 | 58.235.189.192 | 192.168.2.5 |
Jan 3, 2023 09:46:30.477078915 CET | 49710 | 80 | 192.168.2.5 | 58.235.189.192 |
Jan 3, 2023 09:46:30.477191925 CET | 49710 | 80 | 192.168.2.5 | 58.235.189.192 |
Jan 3, 2023 09:46:30.477214098 CET | 49710 | 80 | 192.168.2.5 | 58.235.189.192 |
Jan 3, 2023 09:46:30.744719028 CET | 80 | 49710 | 58.235.189.192 | 192.168.2.5 |
Jan 3, 2023 09:46:31.671641111 CET | 80 | 49710 | 58.235.189.192 | 192.168.2.5 |
Jan 3, 2023 09:46:31.671706915 CET | 80 | 49710 | 58.235.189.192 | 192.168.2.5 |
Jan 3, 2023 09:46:31.671793938 CET | 49710 | 80 | 192.168.2.5 | 58.235.189.192 |
Jan 3, 2023 09:46:31.671884060 CET | 49710 | 80 | 192.168.2.5 | 58.235.189.192 |
Jan 3, 2023 09:46:31.686537027 CET | 49711 | 80 | 192.168.2.5 | 181.215.246.89 |
Jan 3, 2023 09:46:31.939560890 CET | 80 | 49710 | 58.235.189.192 | 192.168.2.5 |
Jan 3, 2023 09:46:34.878679037 CET | 49711 | 80 | 192.168.2.5 | 181.215.246.89 |
Jan 3, 2023 09:46:40.879264116 CET | 49711 | 80 | 192.168.2.5 | 181.215.246.89 |
Jan 3, 2023 09:46:52.918148994 CET | 49713 | 80 | 192.168.2.5 | 211.171.233.126 |
Jan 3, 2023 09:46:53.177174091 CET | 80 | 49713 | 211.171.233.126 | 192.168.2.5 |
Jan 3, 2023 09:46:53.177369118 CET | 49713 | 80 | 192.168.2.5 | 211.171.233.126 |
Jan 3, 2023 09:46:53.185036898 CET | 49713 | 80 | 192.168.2.5 | 211.171.233.126 |
Jan 3, 2023 09:46:53.185298920 CET | 49713 | 80 | 192.168.2.5 | 211.171.233.126 |
Jan 3, 2023 09:46:53.444119930 CET | 80 | 49713 | 211.171.233.126 | 192.168.2.5 |
Jan 3, 2023 09:46:54.494102955 CET | 80 | 49713 | 211.171.233.126 | 192.168.2.5 |
Jan 3, 2023 09:46:54.494132042 CET | 80 | 49713 | 211.171.233.126 | 192.168.2.5 |
Jan 3, 2023 09:46:54.494235992 CET | 49713 | 80 | 192.168.2.5 | 211.171.233.126 |
Jan 3, 2023 09:46:54.497417927 CET | 49713 | 80 | 192.168.2.5 | 211.171.233.126 |
Jan 3, 2023 09:46:54.543066025 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.543164968 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.543268919 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.544676065 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.544749975 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.622322083 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.622535944 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.625771046 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.625824928 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.626204014 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.645924091 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.645975113 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.684156895 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.684191942 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.684357882 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.684387922 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.712980032 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.713195086 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.713231087 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.715115070 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.715281010 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.715307951 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.715359926 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.715461969 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.715475082 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.741317034 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.741465092 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.741501093 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.742868900 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.743000031 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.743019104 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.743051052 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.743104935 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.744016886 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.744169950 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.744194031 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.744214058 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.744218111 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.744353056 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.744381905 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.744493961 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.744527102 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.744642973 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.744668007 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.744693041 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.744808912 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.744828939 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.756067038 CET | 80 | 49713 | 211.171.233.126 | 192.168.2.5 |
Jan 3, 2023 09:46:54.770081997 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.770199060 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.770344973 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.770428896 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.770461082 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.772053957 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.772231102 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.772267103 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.772325993 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.772433996 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.772454023 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.773294926 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.773436069 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.773458958 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.773587942 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.773715019 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.773736000 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.773916006 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.774034977 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.774055004 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.774374008 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.774501085 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.774524927 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.774750948 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.774890900 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.774914980 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.775176048 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.775302887 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.775330067 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.775438070 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.775553942 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.775573969 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.799036026 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.799230099 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.799267054 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.799395084 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.799474001 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.799488068 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.799652100 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.799732924 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.799743891 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.799846888 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.799912930 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.799923897 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.800081968 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.800159931 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.800169945 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.800375938 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.800503016 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.800513983 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.801069975 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.801179886 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.801196098 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.801325083 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.801403999 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.801414967 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.801561117 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.801640987 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.801652908 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.801789999 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.801886082 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.801898956 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.804305077 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.804431915 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.804452896 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.804522038 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.804847002 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.804908991 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.805073023 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.805213928 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.805250883 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.805521965 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.805686951 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.805689096 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.805716038 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.805821896 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.805850029 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.805917025 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.805946112 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.805972099 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.806047916 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.806113958 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.806142092 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.806165934 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.806245089 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.806288958 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.806333065 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.806355000 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.806436062 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.806485891 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.806529999 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.806552887 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.806644917 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.806658983 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.806850910 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.806870937 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.806900024 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.806976080 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.807065964 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.807090044 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.807121992 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.807239056 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.807264090 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.807353973 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.807459116 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.807487011 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.811197996 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.811248064 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.811362982 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.811777115 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.828732967 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.828896999 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.828915119 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.828938007 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.828991890 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.829046011 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.829062939 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.829168081 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.829277039 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.829296112 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.829485893 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.829569101 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.829591036 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.830144882 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.830246925 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.830271006 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.830455065 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.830540895 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.830562115 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.830837965 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.830934048 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.830954075 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.831110001 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.831183910 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.831203938 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.831458092 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.831538916 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.831562042 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.831605911 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.831674099 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.831688881 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.831899881 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.831974030 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.831993103 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.832216978 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.832293987 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.832313061 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.832509995 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.832591057 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.832613945 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.832791090 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.832882881 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.832901955 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.833074093 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.833142042 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.833168983 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.833215952 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.833290100 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.833307981 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.833463907 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.833534956 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.833555937 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.833677053 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.833754063 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.833772898 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.833925962 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.833993912 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.834008932 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.834068060 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.834137917 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.834156990 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.834367037 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.834449053 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.834462881 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.834599018 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.834665060 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.834681034 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.835515976 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.835621119 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.835649014 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.835666895 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.835726976 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.835751057 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.835794926 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.835803986 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.835817099 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.835856915 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.835901022 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.835912943 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.835927010 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.835985899 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.835999012 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836042881 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836111069 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.836126089 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836174011 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836236000 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.836251974 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836355925 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836424112 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.836438894 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836498976 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836566925 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.836580992 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836646080 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836710930 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.836726904 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836772919 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836838007 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.836850882 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836894989 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.836987972 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.837002993 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.837017059 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.837061882 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.837155104 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.837230921 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.837245941 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.837280035 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.837332010 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.837347984 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.837390900 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.837392092 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.837433100 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.837606907 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.837745905 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.842129946 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.842168093 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:54.842190981 CET | 49714 | 443 | 192.168.2.5 | 5.135.247.111 |
Jan 3, 2023 09:46:54.842204094 CET | 443 | 49714 | 5.135.247.111 | 192.168.2.5 |
Jan 3, 2023 09:46:55.777519941 CET | 49715 | 80 | 192.168.2.5 | 93.112.238.85 |
Jan 3, 2023 09:46:55.876894951 CET | 80 | 49715 | 93.112.238.85 | 192.168.2.5 |
Jan 3, 2023 09:46:55.877068996 CET | 49715 | 80 | 192.168.2.5 | 93.112.238.85 |
Jan 3, 2023 09:46:55.877154112 CET | 49715 | 80 | 192.168.2.5 | 93.112.238.85 |
Jan 3, 2023 09:46:55.879159927 CET | 49715 | 80 | 192.168.2.5 | 93.112.238.85 |
Jan 3, 2023 09:46:55.977600098 CET | 80 | 49715 | 93.112.238.85 | 192.168.2.5 |
Jan 3, 2023 09:46:56.320611954 CET | 80 | 49715 | 93.112.238.85 | 192.168.2.5 |
Jan 3, 2023 09:46:56.320753098 CET | 49715 | 80 | 192.168.2.5 | 93.112.238.85 |
Jan 3, 2023 09:46:56.325067043 CET | 80 | 49715 | 93.112.238.85 | 192.168.2.5 |
Jan 3, 2023 09:46:56.325304985 CET | 49715 | 80 | 192.168.2.5 | 93.112.238.85 |
Jan 3, 2023 09:46:56.347650051 CET | 49716 | 80 | 192.168.2.5 | 195.158.3.162 |
Jan 3, 2023 09:46:56.419013977 CET | 80 | 49715 | 93.112.238.85 | 192.168.2.5 |
Jan 3, 2023 09:46:56.466700077 CET | 80 | 49716 | 195.158.3.162 | 192.168.2.5 |
Jan 3, 2023 09:46:56.466835022 CET | 49716 | 80 | 192.168.2.5 | 195.158.3.162 |
Jan 3, 2023 09:46:56.466929913 CET | 49716 | 80 | 192.168.2.5 | 195.158.3.162 |
Jan 3, 2023 09:46:56.467057943 CET | 49716 | 80 | 192.168.2.5 | 195.158.3.162 |
Jan 3, 2023 09:46:56.586312056 CET | 80 | 49716 | 195.158.3.162 | 192.168.2.5 |
Jan 3, 2023 09:46:57.028589010 CET | 80 | 49716 | 195.158.3.162 | 192.168.2.5 |
Jan 3, 2023 09:46:57.028631926 CET | 80 | 49716 | 195.158.3.162 | 192.168.2.5 |
Jan 3, 2023 09:46:57.028779030 CET | 49716 | 80 | 192.168.2.5 | 195.158.3.162 |
Jan 3, 2023 09:46:57.028848886 CET | 49716 | 80 | 192.168.2.5 | 195.158.3.162 |
Jan 3, 2023 09:46:57.067939997 CET | 49717 | 80 | 192.168.2.5 | 58.235.189.192 |
Jan 3, 2023 09:46:57.150620937 CET | 80 | 49716 | 195.158.3.162 | 192.168.2.5 |
Jan 3, 2023 09:46:57.365164995 CET | 80 | 49717 | 58.235.189.192 | 192.168.2.5 |
Jan 3, 2023 09:46:57.365362883 CET | 49717 | 80 | 192.168.2.5 | 58.235.189.192 |
Jan 3, 2023 09:46:57.365504026 CET | 49717 | 80 | 192.168.2.5 | 58.235.189.192 |
Jan 3, 2023 09:46:57.365545034 CET | 49717 | 80 | 192.168.2.5 | 58.235.189.192 |
Jan 3, 2023 09:46:57.662678003 CET | 80 | 49717 | 58.235.189.192 | 192.168.2.5 |
Jan 3, 2023 09:46:58.582076073 CET | 80 | 49717 | 58.235.189.192 | 192.168.2.5 |
Jan 3, 2023 09:46:58.582120895 CET | 80 | 49717 | 58.235.189.192 | 192.168.2.5 |
Jan 3, 2023 09:46:58.582231045 CET | 49717 | 80 | 192.168.2.5 | 58.235.189.192 |
Jan 3, 2023 09:46:58.582308054 CET | 49717 | 80 | 192.168.2.5 | 58.235.189.192 |
Jan 3, 2023 09:46:58.624758959 CET | 49719 | 80 | 192.168.2.5 | 175.120.254.9 |
Jan 3, 2023 09:46:58.879075050 CET | 80 | 49717 | 58.235.189.192 | 192.168.2.5 |
Jan 3, 2023 09:46:58.921979904 CET | 80 | 49719 | 175.120.254.9 | 192.168.2.5 |
Jan 3, 2023 09:46:58.922091961 CET | 49719 | 80 | 192.168.2.5 | 175.120.254.9 |
Jan 3, 2023 09:46:58.922198057 CET | 49719 | 80 | 192.168.2.5 | 175.120.254.9 |
Jan 3, 2023 09:46:58.922215939 CET | 49719 | 80 | 192.168.2.5 | 175.120.254.9 |
Jan 3, 2023 09:46:59.219084978 CET | 80 | 49719 | 175.120.254.9 | 192.168.2.5 |
Jan 3, 2023 09:46:59.847616911 CET | 80 | 49719 | 175.120.254.9 | 192.168.2.5 |
Jan 3, 2023 09:46:59.847649097 CET | 80 | 49719 | 175.120.254.9 | 192.168.2.5 |
Jan 3, 2023 09:46:59.847768068 CET | 49719 | 80 | 192.168.2.5 | 175.120.254.9 |
Jan 3, 2023 09:46:59.847851992 CET | 49719 | 80 | 192.168.2.5 | 175.120.254.9 |
Jan 3, 2023 09:47:00.089468956 CET | 49720 | 80 | 192.168.2.5 | 211.171.233.126 |
Jan 3, 2023 09:47:00.144685030 CET | 80 | 49719 | 175.120.254.9 | 192.168.2.5 |
Jan 3, 2023 09:47:00.357709885 CET | 80 | 49720 | 211.171.233.126 | 192.168.2.5 |
Jan 3, 2023 09:47:00.357834101 CET | 49720 | 80 | 192.168.2.5 | 211.171.233.126 |
Jan 3, 2023 09:47:00.357947111 CET | 49720 | 80 | 192.168.2.5 | 211.171.233.126 |
Jan 3, 2023 09:47:00.357969046 CET | 49720 | 80 | 192.168.2.5 | 211.171.233.126 |
Jan 3, 2023 09:47:00.626065969 CET | 80 | 49720 | 211.171.233.126 | 192.168.2.5 |
Jan 3, 2023 09:47:01.673994064 CET | 80 | 49720 | 211.171.233.126 | 192.168.2.5 |
Jan 3, 2023 09:47:01.674078941 CET | 80 | 49720 | 211.171.233.126 | 192.168.2.5 |
Jan 3, 2023 09:47:01.674145937 CET | 49720 | 80 | 192.168.2.5 | 211.171.233.126 |
Jan 3, 2023 09:47:01.674145937 CET | 49720 | 80 | 192.168.2.5 | 211.171.233.126 |
Jan 3, 2023 09:47:02.201354027 CET | 49721 | 80 | 192.168.2.5 | 190.140.74.43 |
Jan 3, 2023 09:47:02.380955935 CET | 49720 | 80 | 192.168.2.5 | 211.171.233.126 |
Jan 3, 2023 09:47:02.399271011 CET | 80 | 49721 | 190.140.74.43 | 192.168.2.5 |
Jan 3, 2023 09:47:02.399425030 CET | 49721 | 80 | 192.168.2.5 | 190.140.74.43 |
Jan 3, 2023 09:47:02.399616003 CET | 49721 | 80 | 192.168.2.5 | 190.140.74.43 |
Jan 3, 2023 09:47:02.402019024 CET | 49721 | 80 | 192.168.2.5 | 190.140.74.43 |
Jan 3, 2023 09:47:02.603060961 CET | 80 | 49721 | 190.140.74.43 | 192.168.2.5 |
Jan 3, 2023 09:47:02.648997068 CET | 80 | 49720 | 211.171.233.126 | 192.168.2.5 |
Jan 3, 2023 09:47:03.289249897 CET | 80 | 49721 | 190.140.74.43 | 192.168.2.5 |
Jan 3, 2023 09:47:03.289397001 CET | 49721 | 80 | 192.168.2.5 | 190.140.74.43 |
Jan 3, 2023 09:47:03.294987917 CET | 80 | 49721 | 190.140.74.43 | 192.168.2.5 |
Jan 3, 2023 09:47:03.296278954 CET | 49721 | 80 | 192.168.2.5 | 190.140.74.43 |
Jan 3, 2023 09:47:03.333415031 CET | 49722 | 80 | 192.168.2.5 | 190.140.74.43 |
Jan 3, 2023 09:47:03.485085011 CET | 80 | 49721 | 190.140.74.43 | 192.168.2.5 |
Jan 3, 2023 09:47:03.538317919 CET | 80 | 49722 | 190.140.74.43 | 192.168.2.5 |
Jan 3, 2023 09:47:03.538463116 CET | 49722 | 80 | 192.168.2.5 | 190.140.74.43 |
Jan 3, 2023 09:47:03.538563967 CET | 49722 | 80 | 192.168.2.5 | 190.140.74.43 |
Jan 3, 2023 09:47:03.538582087 CET | 49722 | 80 | 192.168.2.5 | 190.140.74.43 |
Jan 3, 2023 09:47:03.748282909 CET | 80 | 49722 | 190.140.74.43 | 192.168.2.5 |
Jan 3, 2023 09:47:04.442612886 CET | 80 | 49722 | 190.140.74.43 | 192.168.2.5 |
Jan 3, 2023 09:47:04.442647934 CET | 80 | 49722 | 190.140.74.43 | 192.168.2.5 |
Jan 3, 2023 09:47:04.442714930 CET | 49722 | 80 | 192.168.2.5 | 190.140.74.43 |
Jan 3, 2023 09:47:04.443233013 CET | 49722 | 80 | 192.168.2.5 | 190.140.74.43 |
Jan 3, 2023 09:47:04.644234896 CET | 80 | 49722 | 190.140.74.43 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 3, 2023 09:46:26.467391014 CET | 51484 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 3, 2023 09:46:26.947051048 CET | 53 | 51484 | 8.8.8.8 | 192.168.2.5 |
Jan 3, 2023 09:46:27.830970049 CET | 63446 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 3, 2023 09:46:28.340996981 CET | 53 | 63446 | 8.8.8.8 | 192.168.2.5 |
Jan 3, 2023 09:46:30.075356007 CET | 56751 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 3, 2023 09:46:30.093204021 CET | 53 | 56751 | 8.8.8.8 | 192.168.2.5 |
Jan 3, 2023 09:46:52.890737057 CET | 60975 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 3, 2023 09:46:52.910130978 CET | 53 | 60975 | 8.8.8.8 | 192.168.2.5 |
Jan 3, 2023 09:46:54.501797915 CET | 59220 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 3, 2023 09:46:54.537024021 CET | 53 | 59220 | 8.8.8.8 | 192.168.2.5 |
Jan 3, 2023 09:46:55.513380051 CET | 55068 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 3, 2023 09:46:55.776840925 CET | 53 | 55068 | 8.8.8.8 | 192.168.2.5 |
Jan 3, 2023 09:46:56.328963995 CET | 56682 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 3, 2023 09:46:56.346973896 CET | 53 | 56682 | 8.8.8.8 | 192.168.2.5 |
Jan 3, 2023 09:46:57.049041986 CET | 58532 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 3, 2023 09:46:57.067291975 CET | 53 | 58532 | 8.8.8.8 | 192.168.2.5 |
Jan 3, 2023 09:46:58.603823900 CET | 58581 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 3, 2023 09:46:58.623935938 CET | 53 | 58581 | 8.8.8.8 | 192.168.2.5 |
Jan 3, 2023 09:46:59.858340025 CET | 56263 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 3, 2023 09:47:00.088844061 CET | 53 | 56263 | 8.8.8.8 | 192.168.2.5 |
Jan 3, 2023 09:47:01.681643009 CET | 65513 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 3, 2023 09:47:02.193207979 CET | 53 | 65513 | 8.8.8.8 | 192.168.2.5 |
Jan 3, 2023 09:47:03.313154936 CET | 56687 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 3, 2023 09:47:03.332684994 CET | 53 | 56687 | 8.8.8.8 | 192.168.2.5 |
Jan 3, 2023 09:47:04.455770969 CET | 64419 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 3, 2023 09:47:04.931497097 CET | 53 | 64419 | 8.8.8.8 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jan 3, 2023 09:46:26.467391014 CET | 192.168.2.5 | 8.8.8.8 | 0xddd8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 3, 2023 09:46:27.830970049 CET | 192.168.2.5 | 8.8.8.8 | 0x6fe6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 3, 2023 09:46:30.075356007 CET | 192.168.2.5 | 8.8.8.8 | 0xb88d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 3, 2023 09:46:52.890737057 CET | 192.168.2.5 | 8.8.8.8 | 0x6810 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 3, 2023 09:46:54.501797915 CET | 192.168.2.5 | 8.8.8.8 | 0x281e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 3, 2023 09:46:55.513380051 CET | 192.168.2.5 | 8.8.8.8 | 0xe866 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 3, 2023 09:46:56.328963995 CET | 192.168.2.5 | 8.8.8.8 | 0xe62c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 3, 2023 09:46:57.049041986 CET | 192.168.2.5 | 8.8.8.8 | 0x82bd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 3, 2023 09:46:58.603823900 CET | 192.168.2.5 | 8.8.8.8 | 0xc830 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 3, 2023 09:46:59.858340025 CET | 192.168.2.5 | 8.8.8.8 | 0x2229 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 3, 2023 09:47:01.681643009 CET | 192.168.2.5 | 8.8.8.8 | 0xf2d3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 3, 2023 09:47:03.313154936 CET | 192.168.2.5 | 8.8.8.8 | 0x11d3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 3, 2023 09:47:04.455770969 CET | 192.168.2.5 | 8.8.8.8 | 0x5924 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jan 3, 2023 09:46:26.947051048 CET | 8.8.8.8 | 192.168.2.5 | 0xddd8 | No error (0) | 195.158.3.162 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:26.947051048 CET | 8.8.8.8 | 192.168.2.5 | 0xddd8 | No error (0) | 190.140.74.43 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:26.947051048 CET | 8.8.8.8 | 192.168.2.5 | 0xddd8 | No error (0) | 175.126.109.15 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:26.947051048 CET | 8.8.8.8 | 192.168.2.5 | 0xddd8 | No error (0) | 190.147.188.50 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:26.947051048 CET | 8.8.8.8 | 192.168.2.5 | 0xddd8 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:26.947051048 CET | 8.8.8.8 | 192.168.2.5 | 0xddd8 | No error (0) | 187.212.192.17 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:26.947051048 CET | 8.8.8.8 | 192.168.2.5 | 0xddd8 | No error (0) | 178.31.8.68 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:26.947051048 CET | 8.8.8.8 | 192.168.2.5 | 0xddd8 | No error (0) | 175.120.254.9 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:26.947051048 CET | 8.8.8.8 | 192.168.2.5 | 0xddd8 | No error (0) | 58.235.189.192 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:26.947051048 CET | 8.8.8.8 | 192.168.2.5 | 0xddd8 | No error (0) | 93.112.238.85 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:28.340996981 CET | 8.8.8.8 | 192.168.2.5 | 0x6fe6 | No error (0) | 175.120.254.9 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:28.340996981 CET | 8.8.8.8 | 192.168.2.5 | 0x6fe6 | No error (0) | 58.235.189.192 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:28.340996981 CET | 8.8.8.8 | 192.168.2.5 | 0x6fe6 | No error (0) | 93.112.238.85 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:28.340996981 CET | 8.8.8.8 | 192.168.2.5 | 0x6fe6 | No error (0) | 195.158.3.162 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:28.340996981 CET | 8.8.8.8 | 192.168.2.5 | 0x6fe6 | No error (0) | 190.140.74.43 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:28.340996981 CET | 8.8.8.8 | 192.168.2.5 | 0x6fe6 | No error (0) | 175.126.109.15 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:28.340996981 CET | 8.8.8.8 | 192.168.2.5 | 0x6fe6 | No error (0) | 190.147.188.50 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:28.340996981 CET | 8.8.8.8 | 192.168.2.5 | 0x6fe6 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:28.340996981 CET | 8.8.8.8 | 192.168.2.5 | 0x6fe6 | No error (0) | 187.212.192.17 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:28.340996981 CET | 8.8.8.8 | 192.168.2.5 | 0x6fe6 | No error (0) | 178.31.8.68 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:30.093204021 CET | 8.8.8.8 | 192.168.2.5 | 0xb88d | No error (0) | 58.235.189.192 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:30.093204021 CET | 8.8.8.8 | 192.168.2.5 | 0xb88d | No error (0) | 93.112.238.85 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:30.093204021 CET | 8.8.8.8 | 192.168.2.5 | 0xb88d | No error (0) | 195.158.3.162 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:30.093204021 CET | 8.8.8.8 | 192.168.2.5 | 0xb88d | No error (0) | 190.140.74.43 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:30.093204021 CET | 8.8.8.8 | 192.168.2.5 | 0xb88d | No error (0) | 175.126.109.15 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:30.093204021 CET | 8.8.8.8 | 192.168.2.5 | 0xb88d | No error (0) | 190.147.188.50 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:30.093204021 CET | 8.8.8.8 | 192.168.2.5 | 0xb88d | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:30.093204021 CET | 8.8.8.8 | 192.168.2.5 | 0xb88d | No error (0) | 187.212.192.17 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:30.093204021 CET | 8.8.8.8 | 192.168.2.5 | 0xb88d | No error (0) | 178.31.8.68 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:30.093204021 CET | 8.8.8.8 | 192.168.2.5 | 0xb88d | No error (0) | 175.120.254.9 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:52.910130978 CET | 8.8.8.8 | 192.168.2.5 | 0x6810 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:52.910130978 CET | 8.8.8.8 | 192.168.2.5 | 0x6810 | No error (0) | 187.212.192.17 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:52.910130978 CET | 8.8.8.8 | 192.168.2.5 | 0x6810 | No error (0) | 178.31.8.68 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:52.910130978 CET | 8.8.8.8 | 192.168.2.5 | 0x6810 | No error (0) | 175.120.254.9 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:52.910130978 CET | 8.8.8.8 | 192.168.2.5 | 0x6810 | No error (0) | 58.235.189.192 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:52.910130978 CET | 8.8.8.8 | 192.168.2.5 | 0x6810 | No error (0) | 93.112.238.85 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:52.910130978 CET | 8.8.8.8 | 192.168.2.5 | 0x6810 | No error (0) | 195.158.3.162 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:52.910130978 CET | 8.8.8.8 | 192.168.2.5 | 0x6810 | No error (0) | 190.140.74.43 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:52.910130978 CET | 8.8.8.8 | 192.168.2.5 | 0x6810 | No error (0) | 175.126.109.15 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:52.910130978 CET | 8.8.8.8 | 192.168.2.5 | 0x6810 | No error (0) | 190.147.188.50 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:54.537024021 CET | 8.8.8.8 | 192.168.2.5 | 0x281e | No error (0) | 5.135.247.111 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:55.776840925 CET | 8.8.8.8 | 192.168.2.5 | 0xe866 | No error (0) | 93.112.238.85 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:55.776840925 CET | 8.8.8.8 | 192.168.2.5 | 0xe866 | No error (0) | 195.158.3.162 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:55.776840925 CET | 8.8.8.8 | 192.168.2.5 | 0xe866 | No error (0) | 190.140.74.43 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:55.776840925 CET | 8.8.8.8 | 192.168.2.5 | 0xe866 | No error (0) | 175.126.109.15 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:55.776840925 CET | 8.8.8.8 | 192.168.2.5 | 0xe866 | No error (0) | 190.147.188.50 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:55.776840925 CET | 8.8.8.8 | 192.168.2.5 | 0xe866 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:55.776840925 CET | 8.8.8.8 | 192.168.2.5 | 0xe866 | No error (0) | 187.212.192.17 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:55.776840925 CET | 8.8.8.8 | 192.168.2.5 | 0xe866 | No error (0) | 178.31.8.68 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:55.776840925 CET | 8.8.8.8 | 192.168.2.5 | 0xe866 | No error (0) | 175.120.254.9 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:55.776840925 CET | 8.8.8.8 | 192.168.2.5 | 0xe866 | No error (0) | 58.235.189.192 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:56.346973896 CET | 8.8.8.8 | 192.168.2.5 | 0xe62c | No error (0) | 195.158.3.162 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:56.346973896 CET | 8.8.8.8 | 192.168.2.5 | 0xe62c | No error (0) | 190.140.74.43 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:56.346973896 CET | 8.8.8.8 | 192.168.2.5 | 0xe62c | No error (0) | 175.126.109.15 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:56.346973896 CET | 8.8.8.8 | 192.168.2.5 | 0xe62c | No error (0) | 190.147.188.50 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:56.346973896 CET | 8.8.8.8 | 192.168.2.5 | 0xe62c | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:56.346973896 CET | 8.8.8.8 | 192.168.2.5 | 0xe62c | No error (0) | 187.212.192.17 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:56.346973896 CET | 8.8.8.8 | 192.168.2.5 | 0xe62c | No error (0) | 178.31.8.68 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:56.346973896 CET | 8.8.8.8 | 192.168.2.5 | 0xe62c | No error (0) | 175.120.254.9 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:56.346973896 CET | 8.8.8.8 | 192.168.2.5 | 0xe62c | No error (0) | 58.235.189.192 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:56.346973896 CET | 8.8.8.8 | 192.168.2.5 | 0xe62c | No error (0) | 93.112.238.85 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:57.067291975 CET | 8.8.8.8 | 192.168.2.5 | 0x82bd | No error (0) | 58.235.189.192 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:57.067291975 CET | 8.8.8.8 | 192.168.2.5 | 0x82bd | No error (0) | 93.112.238.85 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:57.067291975 CET | 8.8.8.8 | 192.168.2.5 | 0x82bd | No error (0) | 195.158.3.162 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:57.067291975 CET | 8.8.8.8 | 192.168.2.5 | 0x82bd | No error (0) | 190.140.74.43 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:57.067291975 CET | 8.8.8.8 | 192.168.2.5 | 0x82bd | No error (0) | 175.126.109.15 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:57.067291975 CET | 8.8.8.8 | 192.168.2.5 | 0x82bd | No error (0) | 190.147.188.50 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:57.067291975 CET | 8.8.8.8 | 192.168.2.5 | 0x82bd | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:57.067291975 CET | 8.8.8.8 | 192.168.2.5 | 0x82bd | No error (0) | 187.212.192.17 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:57.067291975 CET | 8.8.8.8 | 192.168.2.5 | 0x82bd | No error (0) | 178.31.8.68 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:57.067291975 CET | 8.8.8.8 | 192.168.2.5 | 0x82bd | No error (0) | 175.120.254.9 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:58.623935938 CET | 8.8.8.8 | 192.168.2.5 | 0xc830 | No error (0) | 175.120.254.9 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:58.623935938 CET | 8.8.8.8 | 192.168.2.5 | 0xc830 | No error (0) | 58.235.189.192 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:58.623935938 CET | 8.8.8.8 | 192.168.2.5 | 0xc830 | No error (0) | 93.112.238.85 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:58.623935938 CET | 8.8.8.8 | 192.168.2.5 | 0xc830 | No error (0) | 195.158.3.162 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:58.623935938 CET | 8.8.8.8 | 192.168.2.5 | 0xc830 | No error (0) | 190.140.74.43 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:58.623935938 CET | 8.8.8.8 | 192.168.2.5 | 0xc830 | No error (0) | 175.126.109.15 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:58.623935938 CET | 8.8.8.8 | 192.168.2.5 | 0xc830 | No error (0) | 190.147.188.50 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:58.623935938 CET | 8.8.8.8 | 192.168.2.5 | 0xc830 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:58.623935938 CET | 8.8.8.8 | 192.168.2.5 | 0xc830 | No error (0) | 187.212.192.17 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:46:58.623935938 CET | 8.8.8.8 | 192.168.2.5 | 0xc830 | No error (0) | 178.31.8.68 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:00.088844061 CET | 8.8.8.8 | 192.168.2.5 | 0x2229 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:00.088844061 CET | 8.8.8.8 | 192.168.2.5 | 0x2229 | No error (0) | 187.212.192.17 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:00.088844061 CET | 8.8.8.8 | 192.168.2.5 | 0x2229 | No error (0) | 178.31.8.68 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:00.088844061 CET | 8.8.8.8 | 192.168.2.5 | 0x2229 | No error (0) | 175.120.254.9 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:00.088844061 CET | 8.8.8.8 | 192.168.2.5 | 0x2229 | No error (0) | 58.235.189.192 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:00.088844061 CET | 8.8.8.8 | 192.168.2.5 | 0x2229 | No error (0) | 93.112.238.85 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:00.088844061 CET | 8.8.8.8 | 192.168.2.5 | 0x2229 | No error (0) | 195.158.3.162 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:00.088844061 CET | 8.8.8.8 | 192.168.2.5 | 0x2229 | No error (0) | 190.140.74.43 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:00.088844061 CET | 8.8.8.8 | 192.168.2.5 | 0x2229 | No error (0) | 175.126.109.15 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:00.088844061 CET | 8.8.8.8 | 192.168.2.5 | 0x2229 | No error (0) | 190.147.188.50 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:02.193207979 CET | 8.8.8.8 | 192.168.2.5 | 0xf2d3 | No error (0) | 190.140.74.43 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:02.193207979 CET | 8.8.8.8 | 192.168.2.5 | 0xf2d3 | No error (0) | 175.126.109.15 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:02.193207979 CET | 8.8.8.8 | 192.168.2.5 | 0xf2d3 | No error (0) | 190.147.188.50 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:02.193207979 CET | 8.8.8.8 | 192.168.2.5 | 0xf2d3 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:02.193207979 CET | 8.8.8.8 | 192.168.2.5 | 0xf2d3 | No error (0) | 187.212.192.17 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:02.193207979 CET | 8.8.8.8 | 192.168.2.5 | 0xf2d3 | No error (0) | 178.31.8.68 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:02.193207979 CET | 8.8.8.8 | 192.168.2.5 | 0xf2d3 | No error (0) | 175.120.254.9 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:02.193207979 CET | 8.8.8.8 | 192.168.2.5 | 0xf2d3 | No error (0) | 58.235.189.192 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:02.193207979 CET | 8.8.8.8 | 192.168.2.5 | 0xf2d3 | No error (0) | 93.112.238.85 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:02.193207979 CET | 8.8.8.8 | 192.168.2.5 | 0xf2d3 | No error (0) | 195.158.3.162 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:03.332684994 CET | 8.8.8.8 | 192.168.2.5 | 0x11d3 | No error (0) | 190.140.74.43 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:03.332684994 CET | 8.8.8.8 | 192.168.2.5 | 0x11d3 | No error (0) | 175.126.109.15 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:03.332684994 CET | 8.8.8.8 | 192.168.2.5 | 0x11d3 | No error (0) | 190.147.188.50 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:03.332684994 CET | 8.8.8.8 | 192.168.2.5 | 0x11d3 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:03.332684994 CET | 8.8.8.8 | 192.168.2.5 | 0x11d3 | No error (0) | 187.212.192.17 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:03.332684994 CET | 8.8.8.8 | 192.168.2.5 | 0x11d3 | No error (0) | 178.31.8.68 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:03.332684994 CET | 8.8.8.8 | 192.168.2.5 | 0x11d3 | No error (0) | 175.120.254.9 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:03.332684994 CET | 8.8.8.8 | 192.168.2.5 | 0x11d3 | No error (0) | 58.235.189.192 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:03.332684994 CET | 8.8.8.8 | 192.168.2.5 | 0x11d3 | No error (0) | 93.112.238.85 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:03.332684994 CET | 8.8.8.8 | 192.168.2.5 | 0x11d3 | No error (0) | 195.158.3.162 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:04.931497097 CET | 8.8.8.8 | 192.168.2.5 | 0x5924 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:04.931497097 CET | 8.8.8.8 | 192.168.2.5 | 0x5924 | No error (0) | 187.212.192.17 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:04.931497097 CET | 8.8.8.8 | 192.168.2.5 | 0x5924 | No error (0) | 178.31.8.68 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:04.931497097 CET | 8.8.8.8 | 192.168.2.5 | 0x5924 | No error (0) | 175.120.254.9 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:04.931497097 CET | 8.8.8.8 | 192.168.2.5 | 0x5924 | No error (0) | 58.235.189.192 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:04.931497097 CET | 8.8.8.8 | 192.168.2.5 | 0x5924 | No error (0) | 93.112.238.85 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:04.931497097 CET | 8.8.8.8 | 192.168.2.5 | 0x5924 | No error (0) | 195.158.3.162 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:04.931497097 CET | 8.8.8.8 | 192.168.2.5 | 0x5924 | No error (0) | 190.140.74.43 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:04.931497097 CET | 8.8.8.8 | 192.168.2.5 | 0x5924 | No error (0) | 175.126.109.15 | A (IP address) | IN (0x0001) | false | ||
Jan 3, 2023 09:47:04.931497097 CET | 8.8.8.8 | 192.168.2.5 | 0x5924 | No error (0) | 190.147.188.50 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49714 | 5.135.247.111 | 443 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49708 | 195.158.3.162 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 3, 2023 09:46:27.109616041 CET | 138 | OUT | |
Jan 3, 2023 09:46:27.109632015 CET | 138 | OUT | |
Jan 3, 2023 09:46:27.672688007 CET | 139 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.5 | 49721 | 190.140.74.43 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 3, 2023 09:47:02.399616003 CET | 835 | OUT | |
Jan 3, 2023 09:47:02.402019024 CET | 835 | OUT | |
Jan 3, 2023 09:47:03.289249897 CET | 836 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.5 | 49722 | 190.140.74.43 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 3, 2023 09:47:03.538563967 CET | 837 | OUT | |
Jan 3, 2023 09:47:03.538582087 CET | 837 | OUT | |
Jan 3, 2023 09:47:04.442612886 CET | 838 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.5 | 49709 | 175.120.254.9 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 3, 2023 09:46:28.845990896 CET | 140 | OUT | |
Jan 3, 2023 09:46:28.848963976 CET | 140 | OUT | |
Jan 3, 2023 09:46:30.059654951 CET | 141 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.5 | 49710 | 58.235.189.192 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 3, 2023 09:46:30.477191925 CET | 142 | OUT | |
Jan 3, 2023 09:46:30.477214098 CET | 142 | OUT | |
Jan 3, 2023 09:46:31.671641111 CET | 142 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.5 | 49713 | 211.171.233.126 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 3, 2023 09:46:53.185036898 CET | 152 | OUT | |
Jan 3, 2023 09:46:53.185298920 CET | 152 | OUT | |
Jan 3, 2023 09:46:54.494102955 CET | 152 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.5 | 49715 | 93.112.238.85 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 3, 2023 09:46:55.877154112 CET | 818 | OUT | |
Jan 3, 2023 09:46:55.879159927 CET | 818 | OUT | |
Jan 3, 2023 09:46:56.320611954 CET | 819 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.5 | 49716 | 195.158.3.162 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 3, 2023 09:46:56.466929913 CET | 820 | OUT | |
Jan 3, 2023 09:46:56.467057943 CET | 820 | OUT | |
Jan 3, 2023 09:46:57.028589010 CET | 821 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.5 | 49717 | 58.235.189.192 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 3, 2023 09:46:57.365504026 CET | 822 | OUT | |
Jan 3, 2023 09:46:57.365545034 CET | 822 | OUT | |
Jan 3, 2023 09:46:58.582076073 CET | 830 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.5 | 49719 | 175.120.254.9 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 3, 2023 09:46:58.922198057 CET | 831 | OUT | |
Jan 3, 2023 09:46:58.922215939 CET | 831 | OUT | |
Jan 3, 2023 09:46:59.847616911 CET | 832 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.5 | 49720 | 211.171.233.126 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 3, 2023 09:47:00.357947111 CET | 833 | OUT | |
Jan 3, 2023 09:47:00.357969046 CET | 833 | OUT | |
Jan 3, 2023 09:47:01.673994064 CET | 834 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49714 | 5.135.247.111 | 443 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-01-03 08:46:54 UTC | 0 | OUT | |
2023-01-03 08:46:54 UTC | 0 | IN | |
2023-01-03 08:46:54 UTC | 0 | IN | |
2023-01-03 08:46:54 UTC | 8 | IN | |
2023-01-03 08:46:54 UTC | 8 | IN | |
2023-01-03 08:46:54 UTC | 8 | IN | |
2023-01-03 08:46:54 UTC | 16 | IN | |
2023-01-03 08:46:54 UTC | 16 | IN | |
2023-01-03 08:46:54 UTC | 16 | IN | |
2023-01-03 08:46:54 UTC | 24 | IN | |
2023-01-03 08:46:54 UTC | 24 | IN | |
2023-01-03 08:46:54 UTC | 24 | IN | |
2023-01-03 08:46:54 UTC | 32 | IN | |
2023-01-03 08:46:54 UTC | 32 | IN | |
2023-01-03 08:46:54 UTC | 32 | IN | |
2023-01-03 08:46:54 UTC | 40 | IN | |
2023-01-03 08:46:54 UTC | 40 | IN | |
2023-01-03 08:46:54 UTC | 40 | IN | |
2023-01-03 08:46:54 UTC | 48 | IN | |
2023-01-03 08:46:54 UTC | 48 | IN | |
2023-01-03 08:46:54 UTC | 48 | IN | |
2023-01-03 08:46:54 UTC | 56 | IN | |
2023-01-03 08:46:54 UTC | 56 | IN | |
2023-01-03 08:46:54 UTC | 56 | IN | |
2023-01-03 08:46:54 UTC | 64 | IN | |
2023-01-03 08:46:54 UTC | 64 | IN | |
2023-01-03 08:46:54 UTC | 72 | IN | |
2023-01-03 08:46:54 UTC | 72 | IN | |
2023-01-03 08:46:54 UTC | 80 | IN | |
2023-01-03 08:46:54 UTC | 80 | IN | |
2023-01-03 08:46:54 UTC | 80 | IN | |
2023-01-03 08:46:54 UTC | 88 | IN | |
2023-01-03 08:46:54 UTC | 88 | IN | |
2023-01-03 08:46:54 UTC | 88 | IN | |
2023-01-03 08:46:54 UTC | 96 | IN | |
2023-01-03 08:46:54 UTC | 96 | IN | |
2023-01-03 08:46:54 UTC | 96 | IN | |
2023-01-03 08:46:54 UTC | 104 | IN | |
2023-01-03 08:46:54 UTC | 104 | IN | |
2023-01-03 08:46:54 UTC | 104 | IN | |
2023-01-03 08:46:54 UTC | 112 | IN | |
2023-01-03 08:46:54 UTC | 112 | IN | |
2023-01-03 08:46:54 UTC | 112 | IN | |
2023-01-03 08:46:54 UTC | 120 | IN | |
2023-01-03 08:46:54 UTC | 120 | IN | |
2023-01-03 08:46:54 UTC | 120 | IN | |
2023-01-03 08:46:54 UTC | 128 | IN | |
2023-01-03 08:46:54 UTC | 128 | IN | |
2023-01-03 08:46:54 UTC | 136 | IN | |
2023-01-03 08:46:54 UTC | 136 | IN | |
2023-01-03 08:46:54 UTC | 144 | IN | |
2023-01-03 08:46:54 UTC | 144 | IN | |
2023-01-03 08:46:54 UTC | 144 | IN | |
2023-01-03 08:46:54 UTC | 152 | IN | |
2023-01-03 08:46:54 UTC | 152 | IN | |
2023-01-03 08:46:54 UTC | 152 | IN | |
2023-01-03 08:46:54 UTC | 160 | IN | |
2023-01-03 08:46:54 UTC | 160 | IN | |
2023-01-03 08:46:54 UTC | 160 | IN | |
2023-01-03 08:46:54 UTC | 168 | IN | |
2023-01-03 08:46:54 UTC | 168 | IN | |
2023-01-03 08:46:54 UTC | 168 | IN | |
2023-01-03 08:46:54 UTC | 176 | IN | |
2023-01-03 08:46:54 UTC | 176 | IN | |
2023-01-03 08:46:54 UTC | 176 | IN | |
2023-01-03 08:46:54 UTC | 184 | IN | |
2023-01-03 08:46:54 UTC | 184 | IN | |
2023-01-03 08:46:54 UTC | 184 | IN | |
2023-01-03 08:46:54 UTC | 192 | IN | |
2023-01-03 08:46:54 UTC | 192 | IN | |
2023-01-03 08:46:54 UTC | 200 | IN | |
2023-01-03 08:46:54 UTC | 200 | IN | |
2023-01-03 08:46:54 UTC | 208 | IN | |
2023-01-03 08:46:54 UTC | 208 | IN | |
2023-01-03 08:46:54 UTC | 208 | IN | |
2023-01-03 08:46:54 UTC | 216 | IN | |
2023-01-03 08:46:54 UTC | 216 | IN | |
2023-01-03 08:46:54 UTC | 216 | IN | |
2023-01-03 08:46:54 UTC | 224 | IN | |
2023-01-03 08:46:54 UTC | 224 | IN | |
2023-01-03 08:46:54 UTC | 224 | IN | |
2023-01-03 08:46:54 UTC | 232 | IN | |
2023-01-03 08:46:54 UTC | 232 | IN | |
2023-01-03 08:46:54 UTC | 232 | IN | |
2023-01-03 08:46:54 UTC | 240 | IN | |
2023-01-03 08:46:54 UTC | 240 | IN | |
2023-01-03 08:46:54 UTC | 240 | IN | |
2023-01-03 08:46:54 UTC | 248 | IN | |
2023-01-03 08:46:54 UTC | 248 | IN | |
2023-01-03 08:46:54 UTC | 248 | IN | |
2023-01-03 08:46:54 UTC | 256 | IN | |
2023-01-03 08:46:54 UTC | 256 | IN | |
2023-01-03 08:46:54 UTC | 264 | IN | |
2023-01-03 08:46:54 UTC | 264 | IN | |
2023-01-03 08:46:54 UTC | 272 | IN | |
2023-01-03 08:46:54 UTC | 272 | IN | |
2023-01-03 08:46:54 UTC | 272 | IN | |
2023-01-03 08:46:54 UTC | 280 | IN | |
2023-01-03 08:46:54 UTC | 280 | IN | |
2023-01-03 08:46:54 UTC | 280 | IN | |
2023-01-03 08:46:54 UTC | 288 | IN | |
2023-01-03 08:46:54 UTC | 288 | IN | |
2023-01-03 08:46:54 UTC | 288 | IN | |
2023-01-03 08:46:54 UTC | 296 | IN | |
2023-01-03 08:46:54 UTC | 296 | IN | |
2023-01-03 08:46:54 UTC | 296 | IN | |
2023-01-03 08:46:54 UTC | 304 | IN | |
2023-01-03 08:46:54 UTC | 304 | IN | |
2023-01-03 08:46:54 UTC | 304 | IN | |
2023-01-03 08:46:54 UTC | 312 | IN | |
2023-01-03 08:46:54 UTC | 312 | IN | |
2023-01-03 08:46:54 UTC | 312 | IN | |
2023-01-03 08:46:54 UTC | 320 | IN | |
2023-01-03 08:46:54 UTC | 320 | IN | |
2023-01-03 08:46:54 UTC | 328 | IN | |
2023-01-03 08:46:54 UTC | 328 | IN | |
2023-01-03 08:46:54 UTC | 336 | IN | |
2023-01-03 08:46:54 UTC | 336 | IN | |
2023-01-03 08:46:54 UTC | 336 | IN | |
2023-01-03 08:46:54 UTC | 344 | IN | |
2023-01-03 08:46:54 UTC | 344 | IN | |
2023-01-03 08:46:54 UTC | 344 | IN | |
2023-01-03 08:46:54 UTC | 352 | IN | |
2023-01-03 08:46:54 UTC | 352 | IN | |
2023-01-03 08:46:54 UTC | 352 | IN | |
2023-01-03 08:46:54 UTC | 360 | IN | |
2023-01-03 08:46:54 UTC | 360 | IN | |
2023-01-03 08:46:54 UTC | 360 | IN | |
2023-01-03 08:46:54 UTC | 368 | IN | |
2023-01-03 08:46:54 UTC | 368 | IN | |
2023-01-03 08:46:54 UTC | 368 | IN | |
2023-01-03 08:46:54 UTC | 376 | IN | |
2023-01-03 08:46:54 UTC | 376 | IN | |
2023-01-03 08:46:54 UTC | 376 | IN | |
2023-01-03 08:46:54 UTC | 384 | IN | |
2023-01-03 08:46:54 UTC | 384 | IN | |
2023-01-03 08:46:54 UTC | 392 | IN | |
2023-01-03 08:46:54 UTC | 392 | IN | |
2023-01-03 08:46:54 UTC | 400 | IN | |
2023-01-03 08:46:54 UTC | 400 | IN | |
2023-01-03 08:46:54 UTC | 400 | IN | |
2023-01-03 08:46:54 UTC | 408 | IN | |
2023-01-03 08:46:54 UTC | 408 | IN | |
2023-01-03 08:46:54 UTC | 408 | IN | |
2023-01-03 08:46:54 UTC | 416 | IN | |
2023-01-03 08:46:54 UTC | 416 | IN | |
2023-01-03 08:46:54 UTC | 416 | IN | |
2023-01-03 08:46:54 UTC | 424 | IN | |
2023-01-03 08:46:54 UTC | 424 | IN | |
2023-01-03 08:46:54 UTC | 424 | IN | |
2023-01-03 08:46:54 UTC | 432 | IN | |
2023-01-03 08:46:54 UTC | 432 | IN | |
2023-01-03 08:46:54 UTC | 432 | IN | |
2023-01-03 08:46:54 UTC | 440 | IN | |
2023-01-03 08:46:54 UTC | 440 | IN | |
2023-01-03 08:46:54 UTC | 440 | IN | |
2023-01-03 08:46:54 UTC | 448 | IN | |
2023-01-03 08:46:54 UTC | 448 | IN | |
2023-01-03 08:46:54 UTC | 456 | IN | |
2023-01-03 08:46:54 UTC | 456 | IN | |
2023-01-03 08:46:54 UTC | 464 | IN | |
2023-01-03 08:46:54 UTC | 464 | IN | |
2023-01-03 08:46:54 UTC | 464 | IN | |
2023-01-03 08:46:54 UTC | 472 | IN | |
2023-01-03 08:46:54 UTC | 472 | IN | |
2023-01-03 08:46:54 UTC | 472 | IN | |
2023-01-03 08:46:54 UTC | 480 | IN | |
2023-01-03 08:46:54 UTC | 480 | IN | |
2023-01-03 08:46:54 UTC | 480 | IN | |
2023-01-03 08:46:54 UTC | 488 | IN | |
2023-01-03 08:46:54 UTC | 488 | IN | |
2023-01-03 08:46:54 UTC | 488 | IN | |
2023-01-03 08:46:54 UTC | 496 | IN | |
2023-01-03 08:46:54 UTC | 496 | IN | |
2023-01-03 08:46:54 UTC | 496 | IN | |
2023-01-03 08:46:54 UTC | 504 | IN | |
2023-01-03 08:46:54 UTC | 504 | IN | |
2023-01-03 08:46:54 UTC | 504 | IN | |
2023-01-03 08:46:54 UTC | 512 | IN | |
2023-01-03 08:46:54 UTC | 512 | IN | |
2023-01-03 08:46:54 UTC | 520 | IN | |
2023-01-03 08:46:54 UTC | 520 | IN | |
2023-01-03 08:46:54 UTC | 528 | IN | |
2023-01-03 08:46:54 UTC | 528 | IN | |
2023-01-03 08:46:54 UTC | 528 | IN | |
2023-01-03 08:46:54 UTC | 536 | IN | |
2023-01-03 08:46:54 UTC | 536 | IN | |
2023-01-03 08:46:54 UTC | 536 | IN | |
2023-01-03 08:46:54 UTC | 544 | IN | |
2023-01-03 08:46:54 UTC | 544 | IN | |
2023-01-03 08:46:54 UTC | 544 | IN | |
2023-01-03 08:46:54 UTC | 552 | IN | |
2023-01-03 08:46:54 UTC | 552 | IN | |
2023-01-03 08:46:54 UTC | 552 | IN | |
2023-01-03 08:46:54 UTC | 560 | IN | |
2023-01-03 08:46:54 UTC | 560 | IN | |
2023-01-03 08:46:54 UTC | 560 | IN | |
2023-01-03 08:46:54 UTC | 568 | IN | |
2023-01-03 08:46:54 UTC | 568 | IN | |
2023-01-03 08:46:54 UTC | 569 | IN | |
2023-01-03 08:46:54 UTC | 577 | IN | |
2023-01-03 08:46:54 UTC | 577 | IN | |
2023-01-03 08:46:54 UTC | 585 | IN | |
2023-01-03 08:46:54 UTC | 585 | IN | |
2023-01-03 08:46:54 UTC | 593 | IN | |
2023-01-03 08:46:54 UTC | 593 | IN | |
2023-01-03 08:46:54 UTC | 593 | IN | |
2023-01-03 08:46:54 UTC | 601 | IN | |
2023-01-03 08:46:54 UTC | 601 | IN | |
2023-01-03 08:46:54 UTC | 601 | IN | |
2023-01-03 08:46:54 UTC | 609 | IN | |
2023-01-03 08:46:54 UTC | 609 | IN | |
2023-01-03 08:46:54 UTC | 609 | IN | |
2023-01-03 08:46:54 UTC | 617 | IN | |
2023-01-03 08:46:54 UTC | 617 | IN | |
2023-01-03 08:46:54 UTC | 617 | IN | |
2023-01-03 08:46:54 UTC | 625 | IN | |
2023-01-03 08:46:54 UTC | 625 | IN | |
2023-01-03 08:46:54 UTC | 625 | IN | |
2023-01-03 08:46:54 UTC | 633 | IN | |
2023-01-03 08:46:54 UTC | 633 | IN | |
2023-01-03 08:46:54 UTC | 633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 09:44:59 |
Start date: | 03/01/2023 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 341504 bytes |
MD5 hash: | D0BF82E7840B3179B85D665A3AE895A5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 6 |
Start time: | 09:45:40 |
Start date: | 03/01/2023 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69bc80000 |
File size: | 3933184 bytes |
MD5 hash: | AD5296B280E8F522A8A897C96BAB0E1D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 9 |
Start time: | 09:46:26 |
Start date: | 03/01/2023 |
Path: | C:\Users\user\AppData\Roaming\vgfsabt |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 341504 bytes |
MD5 hash: | D0BF82E7840B3179B85D665A3AE895A5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Target ID: | 10 |
Start time: | 09:46:54 |
Start date: | 03/01/2023 |
Path: | C:\Users\user\AppData\Local\Temp\1E3.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 650752 bytes |
MD5 hash: | B2FDE4A8B7D6AA7E0FA7F853899F1C4F |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Execution Graph
Execution Coverage: | 3.6% |
Dynamic/Decrypted Code Coverage: | 57.5% |
Signature Coverage: | 26.1% |
Total number of Nodes: | 153 |
Total number of Limit Nodes: | 12 |
Graph
Control-flow Graph
C-Code - Quality: 48% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 53% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004017E4 Relevance: 4.7, APIs: 3, Instructions: 195nativeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0053003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00530E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004019F2 Relevance: 1.3, APIs: 1, Instructions: 61sleepCOMMON
Control-flow Graph
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A0A Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON
Control-flow Graph
C-Code - Quality: 33% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A01 Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
Control-flow Graph
C-Code - Quality: 38% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A0E Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
Control-flow Graph
C-Code - Quality: 31% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0053092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403428 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00530D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040159D Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 3.1% |
Dynamic/Decrypted Code Coverage: | 15.1% |
Signature Coverage: | 3.5% |
Total number of Nodes: | 1609 |
Total number of Limit Nodes: | 23 |
Graph
Control-flow Graph
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040714F Relevance: 4.5, APIs: 3, Instructions: 45COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407400 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040297F Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 110librarythreadmemoryCOMMON
Control-flow Graph
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004028BE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36libraryloaderCOMMON
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406E1E Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406290 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004081A8 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409E57 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402834 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 3.1% |
Dynamic/Decrypted Code Coverage: | 15.1% |
Signature Coverage: | 0% |
Total number of Nodes: | 1609 |
Total number of Limit Nodes: | 23 |
Graph
Control-flow Graph
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040714F Relevance: 4.5, APIs: 3, Instructions: 45COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407400 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040297F Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 110librarythreadmemoryCOMMON
Control-flow Graph
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406290 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004081A8 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409E57 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004028BE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36libraryloaderCOMMON
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402834 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |