Windows
Analysis Report
5VXh2VBmA0
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 5VXh2VBmA0.exe (PID: 6016 cmdline:
C:\Users\u ser\Deskto p\5VXh2VBm A0.exe MD5: 7A483865F3F1999AB24ED75F710649AD) - Zip.exe (PID: 3920 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\Zip.ex e" MD5: AF07E88EC22CC90CEBFDA29517F101B9)
- update_232309.exe (PID: 2108 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\update _232309.ex e" / start MD5: 7A483865F3F1999AB24ED75F710649AD)
- update_232309.exe (PID: 4552 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\update _232309.ex e" / start MD5: 7A483865F3F1999AB24ED75F710649AD)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Predator | Yara detected Predator | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
INDICATOR_SUSPICIOUS_EXE_References_VPN | Detects executables referencing many VPN software clients. Observed in infosteslers | ditekSHen |
| |
Windows_Trojan_Lucifer_ce9d4cc8 | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Lucifer_ce9d4cc8 | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Lucifer_ce9d4cc8 | unknown | unknown |
| |
JoeSecurity_Predator | Yara detected Predator | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Windows_Trojan_Lucifer_ce9d4cc8 | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 8 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Lucifer_ce9d4cc8 | unknown | unknown |
| |
Windows_Trojan_Lucifer_ce9d4cc8 | unknown | unknown |
| |
JoeSecurity_Predator | Yara detected Predator | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 22 entries |
Timestamp: | 192.168.2.392.249.45.11349708802022818 01/23/23-21:25:29.484357 |
SID: | 2022818 |
Source Port: | 49708 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.392.249.45.11349707802022818 01/23/23-21:25:23.289815 |
SID: | 2022818 |
Source Port: | 49707 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.392.249.45.11349712802022818 01/23/23-21:25:39.311255 |
SID: | 2022818 |
Source Port: | 49712 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.392.249.45.11349715802022818 01/23/23-21:25:47.864338 |
SID: | 2022818 |
Source Port: | 49715 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.392.249.45.11349718802022818 01/23/23-21:25:59.271301 |
SID: | 2022818 |
Source Port: | 49718 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Avira: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00007FFBAD3AA1A9 | |
Source: | Code function: | 10_2_00007FFBAD3A9C5F | |
Source: | Code function: | 11_2_00007FFBAD3B6EEE | |
Source: | Code function: | 12_2_00007FFBAD376F2E |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00007FFBAD3A2CF6 | |
Source: | Code function: | 0_2_00007FFBAD393510 | |
Source: | Code function: | 0_2_00007FFBAD3934B0 | |
Source: | Code function: | 0_2_00007FFBAD3941C0 | |
Source: | Code function: | 0_2_00007FFBAD3A3AA2 | |
Source: | Code function: | 0_2_00007FFBAD39A283 | |
Source: | Code function: | 10_2_00007FFBAD3A2D26 | |
Source: | Code function: | 10_2_00007FFBAD3A3AD2 | |
Source: | Code function: | 10_2_00007FFBAD393370 | |
Source: | Code function: | 11_2_00007FFBAD3B2CF6 | |
Source: | Code function: | 11_2_00007FFBAD3A3510 | |
Source: | Code function: | 11_2_00007FFBAD3B3AA2 | |
Source: | Code function: | 11_2_00007FFBAD3A42AE | |
Source: | Code function: | 11_2_00007FFBAD3AA283 | |
Source: | Code function: | 12_2_00007FFBAD372CF6 | |
Source: | Code function: | 12_2_00007FFBAD363510 | |
Source: | Code function: | 12_2_00007FFBAD373AA2 | |
Source: | Code function: | 12_2_00007FFBAD3642AE | |
Source: | Code function: | 12_2_00007FFBAD36A283 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Static file information: | |||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00007FFBAD39764D | |
Source: | Code function: | 0_2_00007FFBAD39765D | |
Source: | Code function: | 0_2_00007FFBAD3981ED | |
Source: | Code function: | 0_2_00007FFBAD3981DD | |
Source: | Code function: | 0_2_00007FFBAD3961CD | |
Source: | Code function: | 10_2_00007FFBAD39724D | |
Source: | Code function: | 10_2_00007FFBAD39725D | |
Source: | Code function: | 10_2_00007FFBAD3A731A | |
Source: | Code function: | 11_2_00007FFBAD3A81ED | |
Source: | Code function: | 11_2_00007FFBAD3A81DD | |
Source: | Code function: | 11_2_00007FFBAD3A764D | |
Source: | Code function: | 11_2_00007FFBAD3A765D | |
Source: | Code function: | 11_2_00007FFBAD3A4CBD | |
Source: | Code function: | 11_2_00007FFBAD3A61CD | |
Source: | Code function: | 12_2_00007FFBAD3681ED | |
Source: | Code function: | 12_2_00007FFBAD3681DD | |
Source: | Code function: | 12_2_00007FFBAD36764D | |
Source: | Code function: | 12_2_00007FFBAD36765D | |
Source: | Code function: | 12_2_00007FFBAD3661CD |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File moved: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 21 Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 11 Process Injection | 11 Masquerading | 1 OS Credential Dumping | 131 Security Software Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 1 Data from Local System | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 31 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 3 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 11 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 3 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Software Packing | Cached Domain Credentials | 1 System Network Configuration Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | 1 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 13 System Information Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
81% | ReversingLabs | ByteCode-MSIL.Trojan.RedLineStealer | ||
61% | Virustotal | Browse | ||
100% | Avira | TR/Redcap.vxffz | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Redcap.vxffz | ||
100% | Joe Sandbox ML | |||
0% | ReversingLabs | |||
77% | ReversingLabs | ByteCode-MSIL.Trojan.Oskistelaer |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Redcap.vxffz | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ip-api.com | 208.95.112.1 | true | false | high | |
panel.cheater-zone.com | 92.249.45.113 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false | high | ||
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
208.95.112.1 | ip-api.com | United States | 53334 | TUT-ASUS | false | |
92.249.45.113 | panel.cheater-zone.com | Germany | 47583 | AS-HOSTINGERLT | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 790106 |
Start date and time: | 2023-01-23 21:23:58 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 31s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 5VXh2VBmA0 (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.winEXE@5/11@16/3 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
21:24:59 | API Interceptor | |
21:25:11 | Autostart | |
21:25:20 | Autostart | |
21:25:25 | API Interceptor | |
21:25:26 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
208.95.112.1 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ip-api.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AS-HOSTINGERLT | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
TUT-ASUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Process: | C:\Users\user\AppData\Local\Temp\Zip.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2343 |
Entropy (8bit): | 5.374204171243879 |
Encrypted: | false |
SSDEEP: | 48:MxHKEYHKGD8Ao6+vxpNl1qHGiD0HKeGitHTG1hAHKKPJAmHKoAPHZHpH+5HK+HKs:iqEYqGgAo9ZPlwmI0qertzG1eqKPJ/qo |
MD5: | 3F114A073575263E59307B55548FD5F4 |
SHA1: | 971459D541646C4C6B382F06AAFA9F4147716568 |
SHA-256: | 2417EC96E49CF7352D91892438478E961D8DC870FEB8E8821C732383CD9351F2 |
SHA-512: | EA7B613DF726F230ADFEF841E4C8A753228B3AFAE7F2D2FDC2704892910F18254F2D9B31AA5E7D4C993137BCAE92B0FF77D9D31503E96D605DBF0589E42AD809 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\update_232309.exe |
File Type: | |
Category: | modified |
Size (bytes): | 2140 |
Entropy (8bit): | 5.371730832466707 |
Encrypted: | false |
SSDEEP: | 48:MxHKEYHKGD8Ao6+vxpNl1qHGiD0HKeGitHTG1hAHKKPJAmHKoAPHZHpH+Y:iqEYqGgAo9ZPlwmI0qertzG1eqKPJ/q3 |
MD5: | 8D5284E805C10D2F4ABEEC24A26DDECA |
SHA1: | 22CC84B3067C6E457FAB34B7792E96AC3FA1E743 |
SHA-256: | 760309005EBFE01DC4FCADAFE45DC919BFCB0C9EF08981671243C403DC8516D1 |
SHA-512: | CD1C073BC90984DB2A883857DF0649DDD41A6ECEAECC4068145FE30819305CD041E916304E08F33C74682E74CD3806F5B294E80601A35964F25B24B6A38047FE |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\Zip.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 791346 |
Entropy (8bit): | 7.998032529446026 |
Encrypted: | true |
SSDEEP: | 12288:CTSR/lyfYR7akBh642W0C9RQJWnOP0+qfr4qAq3sE3Q1d8GAPJEqzdza+uarRFQB:B/lygpzW4x79oWntVUtglPJJhuar/Qr1 |
MD5: | 757838030B3055850B3729F9AE38C3D4 |
SHA1: | 4A2E8B84FEAC658DB711394410F54B604BE399F1 |
SHA-256: | 35281414BF1B446C6716F0404181CF2551F145546CBF42833865DD8ED3BE979D |
SHA-512: | FE4FDCFF4079AD4C6E9E1A343227E3464A18EF322F1B454BB57EA4A6EC4DCBFC4478B3100B9E90072361A0ECDB57A2AC436895D8542F2BA8CB24852DC5A0EAEC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\5VXh2VBmA0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1743 |
Entropy (8bit): | 4.466343434906543 |
Encrypted: | false |
SSDEEP: | 48:Lcm1FZ6m3Zwm3MmqMVab+tcGanxcg0H13:LV9zJB3Fqwab+yGanOf |
MD5: | F7A190879742AF43AAAA289131299430 |
SHA1: | 63FDBE7DC3C8BABE51A8885877CE19DE87942146 |
SHA-256: | 1B81B79F7604DCCC9A4F1B15D1DB33355E5C372EB0EE176E41A79A8A5F27F5E4 |
SHA-512: | A301574B245BD9E86522A34AB433EF884D9AADE347608C41D67C5A4850A4C953F75997926CFAF05AA7C4EFD1F9AD72C365FCF7333FA3B63CDD0772869153B61F |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\5VXh2VBmA0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1364 |
Entropy (8bit): | 5.065215317933012 |
Encrypted: | false |
SSDEEP: | 24:c4cxPUwdVScxPUXUcxSTcHocxMocxtOtocxPUWEcxPUaptcxPUv9p1cxPUPbYcx9:x0PPdVS0PGU0WcHo0Mo0Uto0PHE0PFpJ |
MD5: | 187D97F5AAFF4553BDCE050BEFD951A2 |
SHA1: | 596BE74C875F8C9CA08209F696060F03AFDA2E36 |
SHA-256: | 43F6D6C018A8DC4837153C78124BFDAEF772FF00D67028A46DFCAFEABCEC18EF |
SHA-512: | FC608F5E80755ED97DEB818B9B37BBCC7C70EC46E7D6C62B97F4C408DD345190413026FB1C57B3600602421E4174E5E102D73C930F377109CE2B50D8788288D2 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\5VXh2VBmA0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2405 |
Entropy (8bit): | 4.673606179261081 |
Encrypted: | false |
SSDEEP: | 24:fmHtH+H9RHo+qH5HO5HtHOUH5HT1xHP5HLHymHPHtHFoHmHys:fQ5Y91oXNON5OUHNRVPNDyQf5FWQys |
MD5: | D14A8BBC39F00D86CF0ABB19349E2CA7 |
SHA1: | FF6B7071553BA43B4EF50E65559AAD2619227BA3 |
SHA-256: | 8B1E90DD28C1A179A85276AD1367D7F754DD793CA74B22B780D7BBEA2D19DFFC |
SHA-512: | 70EA5BC1B75824A139543BB6A44588B8B673F76FF3BDC2721E6821A85030B3F55DF48A8E5C40D362E72460372B38E1D421AAEB4E32208A747638D5C2E7659388 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\5VXh2VBmA0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 797919 |
Entropy (8bit): | 7.948268932471244 |
Encrypted: | false |
SSDEEP: | 12288:Z1ui3zh7AJ2OdXprzlsvRjqunBJtx0i29YlyrTlvgXUZjLMlCHI2yw09k8FbU+UM:DDuJnx0BJgvl/Le8I2h09k8dUNM |
MD5: | 51DC59ED9BB3511AD0E6DD2B17768A4B |
SHA1: | FDC663EFE761CC8FFD4E73E12A322DE8531B62F2 |
SHA-256: | 56EB18214FA4184B87A53C008A2982E7FCC3AB903E6EA75B22E55C6F862501DC |
SHA-512: | 88E4DA29A5BDAFAEA44B902D5DF99CA5D6E9595A2F2F04E5BCC1F359BF6B7AF65DE1DB23AC44CE7F1572FEDD679CEC9A649B5830257194327408F83BB9FBF5CA |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\5VXh2VBmA0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 332 |
Entropy (8bit): | 4.579461777700594 |
Encrypted: | false |
SSDEEP: | 6:9lsCF2Rpj1hx0+A7JRXWQuGsLf15Ro1WcEuo8T:fjIpxXKRXWQzsLN5RJcfV |
MD5: | 00346F91FC4AAAE8CFA1ABA31A30615F |
SHA1: | E4D7781282495A7C5EC8DF80087364BE1CEB97EF |
SHA-256: | C42F1696272CEEDF6933E59DC8FCCFEE92E41C35183BA7DBB40032A603C8F99D |
SHA-512: | C4FE386610B5CA975935496CF29414F985766B3B6BAF4E5F70BAC9F7E69DD99B8E4B3E5C2563F8429E13599755D39D0C5A14954839B59EC255C2475164C5D628 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\5VXh2VBmA0.exe |
File Type: | |
Category: | modified |
Size (bytes): | 407776 |
Entropy (8bit): | 6.080910017085125 |
Encrypted: | false |
SSDEEP: | 6144:/+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWk:WPw2PjCLe3a6Q70zbR |
MD5: | F75FE8D06448D07720D5456F2A327F08 |
SHA1: | DBA5D60848A7C24CE837225709D9E23690BB5CB3 |
SHA-256: | 977998AEC486395EABA6CE5661648425A1A181CE18C2C87C6288AF62B87D5ECA |
SHA-512: | EB05696F92881A698B7DEF0F8852286212A5EB235A2FF8A41460DEDBC6AE1964BFBEF613D3BEC736DF66525BF6E5A6C95FF5E0A71C904FA70B5C6675E2275A34 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Users\user\Desktop\5VXh2VBmA0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32256 |
Entropy (8bit): | 5.050531187823917 |
Encrypted: | false |
SSDEEP: | 384:KfkVQ748aUKN6C8/3g2L4QDL0Lk24jXPlfLoem/xYUIoPBsNJc:RW7PTKF8fPdDL42XPUIc |
MD5: | AF07E88EC22CC90CEBFDA29517F101B9 |
SHA1: | A9E6F4AE24ABF76966D7DB03AF9C802E83760143 |
SHA-256: | 1632FBFF8EDC50F2C7EF7BB2FE9B2C17E6472094F0D365A98E0DEC2A12FA8EC2 |
SHA-512: | B4575AF98071FC8D46C022E24BFB2C1567D7E5F3DE0D8FB5FEE6F876985C7780A5B145F645725FF27A15367162AA08490AC2F8DD59D705663094FE4E1EEEC7BC |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\5VXh2VBmA0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 407776 |
Entropy (8bit): | 6.080910017085125 |
Encrypted: | false |
SSDEEP: | 6144:/+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWk:WPw2PjCLe3a6Q70zbR |
MD5: | F75FE8D06448D07720D5456F2A327F08 |
SHA1: | DBA5D60848A7C24CE837225709D9E23690BB5CB3 |
SHA-256: | 977998AEC486395EABA6CE5661648425A1A181CE18C2C87C6288AF62B87D5ECA |
SHA-512: | EB05696F92881A698B7DEF0F8852286212A5EB235A2FF8A41460DEDBC6AE1964BFBEF613D3BEC736DF66525BF6E5A6C95FF5E0A71C904FA70B5C6675E2275A34 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.986542010585417 |
TrID: |
|
File name: | 5VXh2VBmA0.exe |
File size: | 549415 |
MD5: | 7a483865f3f1999ab24ed75f710649ad |
SHA1: | b149c60bbc7f1781e76079210da29a55d0b137a3 |
SHA256: | 536ac35ca8f6e6ddf85737ad4cabd5631542613ffec3c9b03947aaa2cdc0dcaf |
SHA512: | 7bd126e0112c8b4b284c2e2ab6d3f081cdb169769847508b4b92a443e019164c9c75ed8ab2465b2db6203736f45df8a3556b2e14ef3f60cbaa2fda97dda7686b |
SSDEEP: | 6144:X+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWdG/Wow7+JJUK:OPw2PjCLe3a6Q70zbYow60K |
TLSH: | 43C46A0223FC4BA5E5FE2B31A631424543F6FD46657AE70D0D80E6EA4C777829E203A7 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....u.a.....................@.......=... ...@....@.. ....................................@................................ |
Icon Hash: | 41455554545445a2 |
Entrypoint: | 0x483dee |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x618475C5 [Fri Nov 5 00:07:33 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x83d98 | 0x53 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x86000 | 0x3b58 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x8a000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x84000 | 0x1c | .sdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x81df4 | 0x81e00 | False | 0.39599186417228105 | data | 6.007710958121938 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.sdata | 0x84000 | 0x138 | 0x200 | False | 0.2421875 | data | 2.1996594710852864 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x86000 | 0x3b58 | 0x3c00 | False | 0.14055989583333334 | data | 4.237480455118393 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x8a000 | 0xc | 0x200 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x86540 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | ||
RT_ICON | 0x86828 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | ||
RT_ICON | 0x86950 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | ||
RT_ICON | 0x871f8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | ||
RT_ICON | 0x87760 | 0x353 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x87ab8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | ||
RT_ICON | 0x88b60 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | ||
RT_GROUP_ICON | 0x88fc8 | 0x68 | data | ||
RT_VERSION | 0x86250 | 0x2f0 | SysEx File - IDP | ||
RT_MANIFEST | 0x89030 | 0xb22 | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.392.249.45.11349708802022818 01/23/23-21:25:29.484357 | TCP | 2022818 | ET TROJAN Generic gate .php GET with minimal headers | 49708 | 80 | 192.168.2.3 | 92.249.45.113 |
192.168.2.392.249.45.11349707802022818 01/23/23-21:25:23.289815 | TCP | 2022818 | ET TROJAN Generic gate .php GET with minimal headers | 49707 | 80 | 192.168.2.3 | 92.249.45.113 |
192.168.2.392.249.45.11349712802022818 01/23/23-21:25:39.311255 | TCP | 2022818 | ET TROJAN Generic gate .php GET with minimal headers | 49712 | 80 | 192.168.2.3 | 92.249.45.113 |
192.168.2.392.249.45.11349715802022818 01/23/23-21:25:47.864338 | TCP | 2022818 | ET TROJAN Generic gate .php GET with minimal headers | 49715 | 80 | 192.168.2.3 | 92.249.45.113 |
192.168.2.392.249.45.11349718802022818 01/23/23-21:25:59.271301 | TCP | 2022818 | ET TROJAN Generic gate .php GET with minimal headers | 49718 | 80 | 192.168.2.3 | 92.249.45.113 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 23, 2023 21:24:58.911417961 CET | 49702 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:24:58.943480015 CET | 80 | 49702 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:24:58.943727970 CET | 49702 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:24:58.945521116 CET | 49702 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:24:58.979034901 CET | 80 | 49702 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:24:59.031476974 CET | 49702 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:08.396599054 CET | 49702 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:08.429296017 CET | 80 | 49702 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:08.429421902 CET | 49702 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:08.465034962 CET | 49703 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:08.497371912 CET | 80 | 49703 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:08.497500896 CET | 49703 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:08.497775078 CET | 49703 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:08.532289028 CET | 80 | 49703 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:08.551992893 CET | 49703 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:08.584162951 CET | 80 | 49703 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:08.584237099 CET | 49703 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:11.571495056 CET | 49704 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:11.603656054 CET | 80 | 49704 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:11.603861094 CET | 49704 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:11.630594015 CET | 49704 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:11.664326906 CET | 80 | 49704 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:11.782521009 CET | 49704 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:22.240396976 CET | 49705 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:22.272439957 CET | 80 | 49705 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:22.272852898 CET | 49705 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:22.278419018 CET | 49705 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:22.312055111 CET | 80 | 49705 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:22.361565113 CET | 49705 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:22.873239040 CET | 49706 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:22.905823946 CET | 80 | 49706 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:22.906618118 CET | 49706 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:22.916079998 CET | 49706 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:22.949666977 CET | 80 | 49706 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:23.033792973 CET | 49706 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:23.066507101 CET | 49704 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:23.098547935 CET | 80 | 49704 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:23.098670959 CET | 49704 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:23.156616926 CET | 49707 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:23.289489031 CET | 80 | 49707 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:23.289617062 CET | 49707 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:23.289814949 CET | 49707 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:23.422597885 CET | 80 | 49707 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:23.524386883 CET | 80 | 49707 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:23.642919064 CET | 49707 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:24.159368038 CET | 49707 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:24.292308092 CET | 80 | 49707 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:24.331115007 CET | 80 | 49707 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:24.533682108 CET | 49707 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:28.384064913 CET | 80 | 49707 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:28.384248018 CET | 49707 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:29.347852945 CET | 49707 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:29.348463058 CET | 49708 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:29.482371092 CET | 80 | 49707 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:29.483927965 CET | 80 | 49708 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:29.484061003 CET | 49708 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:29.484357119 CET | 49708 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:29.620053053 CET | 80 | 49708 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:29.625597000 CET | 80 | 49708 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:29.862272978 CET | 49708 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:33.569564104 CET | 80 | 49708 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:33.569741964 CET | 49708 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:33.631716013 CET | 49708 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:33.735064030 CET | 49709 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:33.765562057 CET | 80 | 49708 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:33.866054058 CET | 80 | 49709 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:33.866224051 CET | 49709 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:33.866869926 CET | 49709 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:33.997765064 CET | 80 | 49709 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:34.095911026 CET | 80 | 49709 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:34.143781900 CET | 49709 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:34.347161055 CET | 49710 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:34.379106998 CET | 80 | 49710 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:34.379235029 CET | 49710 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:34.380011082 CET | 49710 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:34.413429976 CET | 80 | 49710 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:34.534441948 CET | 49710 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:36.861052990 CET | 49705 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:36.893050909 CET | 80 | 49705 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:36.893131971 CET | 49705 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:36.922358990 CET | 49711 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:36.954301119 CET | 80 | 49711 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:36.954489946 CET | 49711 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:36.957734108 CET | 49711 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:36.991178036 CET | 80 | 49711 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:37.050304890 CET | 49711 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:37.391151905 CET | 49711 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:37.425131083 CET | 80 | 49711 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:37.550348997 CET | 49711 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:38.967911005 CET | 80 | 49709 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:38.967972994 CET | 49709 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:39.078352928 CET | 49706 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:39.099823952 CET | 49709 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:39.110711098 CET | 80 | 49706 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:39.112668991 CET | 49706 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:39.181319952 CET | 49712 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:39.185693026 CET | 49713 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:39.215038061 CET | 80 | 49713 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:39.218374014 CET | 49713 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:39.225068092 CET | 49713 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:39.230784893 CET | 80 | 49709 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:39.255388975 CET | 80 | 49713 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:39.310651064 CET | 80 | 49712 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:39.311069012 CET | 49712 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:39.311254978 CET | 49712 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:39.347934961 CET | 49713 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:39.440323114 CET | 80 | 49712 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:39.451045036 CET | 80 | 49712 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:39.534856081 CET | 49712 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:41.314549923 CET | 49713 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:42.490222931 CET | 49712 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:42.659713984 CET | 80 | 49712 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:42.659754992 CET | 80 | 49712 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:42.847628117 CET | 49712 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:46.367243052 CET | 80 | 49712 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:46.367320061 CET | 49712 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:47.302592039 CET | 49711 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:47.676419973 CET | 49712 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:47.734384060 CET | 49715 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:47.805752039 CET | 80 | 49712 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:47.863987923 CET | 80 | 49715 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:47.864128113 CET | 49715 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:47.864337921 CET | 49715 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:47.993766069 CET | 80 | 49715 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:47.998567104 CET | 80 | 49715 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:48.149800062 CET | 49715 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:51.969892025 CET | 80 | 49715 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:51.970092058 CET | 49715 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:52.015397072 CET | 49715 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:52.136583090 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:52.145040989 CET | 80 | 49715 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:52.267484903 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:52.267765999 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:52.268623114 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:52.399266005 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:52.495882034 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:52.511815071 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:52.642554045 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:52.642586946 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:52.644560099 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:52.644714117 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:52.644793987 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:52.775521994 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:52.775631905 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:52.775672913 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:52.775759935 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:52.906958103 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:52.906992912 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:52.907011032 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:52.907457113 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:52.907891035 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.038537979 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.038611889 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.038726091 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.038795948 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.038901091 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.038907051 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.038954973 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.039011955 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.039021015 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.039058924 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.039073944 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.039215088 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.101974964 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.169851065 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.169887066 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.169919968 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.170125961 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.170145988 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.170253992 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.170309067 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.170452118 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.170527935 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.170566082 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.170603037 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.170717001 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.170777082 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.170779943 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.170831919 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.170895100 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.170969009 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.170980930 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.171060085 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.171147108 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.171158075 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.171241045 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.171247959 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.171330929 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.171411037 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.171451092 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.171497107 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.171581984 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.171655893 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.232938051 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.233104944 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.233323097 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.301035881 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.301165104 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.301189899 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.301475048 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.301538944 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.301568031 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.301647902 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.301760912 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.301781893 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.301871061 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.301889896 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.301985979 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.302062035 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.302089930 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.302146912 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.302229881 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.302251101 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.302386045 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.302407980 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.302454948 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.302473068 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.302495956 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.302520990 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.302593946 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.302613020 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.302705050 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.302797079 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.302830935 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.302891016 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.302912951 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.302972078 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.303004980 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.303004980 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.303083897 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.303169012 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.303189993 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.303272963 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.303349018 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.303381920 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.303457975 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.303534985 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.303556919 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.303725004 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.303807974 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.303894043 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.303981066 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.304003000 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.304109097 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.304191113 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.304214954 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.304282904 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.304363012 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.304385900 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.304553986 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.304647923 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.304676056 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.304784060 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.304800987 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.304857969 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.304881096 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.304881096 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.304889917 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.305031061 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.305053949 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.364058018 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.364085913 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.364308119 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.404721022 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.404838085 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.407936096 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.432154894 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.432229996 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.432296038 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.432320118 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.432394981 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.432435036 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.432462931 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.432517052 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:53.432600975 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.432856083 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.433095932 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.433242083 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.433531046 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.433557987 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.433850050 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.433876991 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.433998108 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.434247017 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.434315920 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.434370041 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.434571028 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.434781075 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.434818029 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.435045958 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.435074091 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.435154915 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.435199976 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.435434103 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.435611963 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.435628891 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.435864925 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.435929060 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.435962915 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.436230898 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.436336040 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.436364889 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.436655045 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.436758995 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.436794996 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.437021017 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.437164068 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.437527895 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.437552929 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.437572002 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.437700033 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.437768936 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.437982082 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.438079119 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.438123941 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.438344955 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.438405991 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.438440084 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.438671112 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.438863039 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.438982010 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.439198017 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.439222097 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.439284086 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.439368963 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.439404964 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.439671993 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.439733028 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.495387077 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.495423079 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.495472908 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.538635015 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.563227892 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.563256025 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.563400984 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.563596010 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:53.563637018 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:54.040550947 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:54.145442009 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:55.929179907 CET | 49710 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:55.961136103 CET | 80 | 49710 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:55.961246014 CET | 49710 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:56.018418074 CET | 49717 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:56.048764944 CET | 80 | 49717 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:56.048871040 CET | 49717 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:56.050263882 CET | 49717 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:56.080812931 CET | 80 | 49717 | 208.95.112.1 | 192.168.2.3 |
Jan 23, 2023 21:25:56.145765066 CET | 49717 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:57.387721062 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:57.387804985 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:58.564861059 CET | 49717 | 80 | 192.168.2.3 | 208.95.112.1 |
Jan 23, 2023 21:25:59.052732944 CET | 49716 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:59.137691021 CET | 49718 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:59.183409929 CET | 80 | 49716 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:59.270956039 CET | 80 | 49718 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:59.271110058 CET | 49718 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:59.271301031 CET | 49718 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:25:59.404380083 CET | 80 | 49718 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:59.408112049 CET | 80 | 49718 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:25:59.536535978 CET | 49718 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:02.522527933 CET | 49718 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:02.668401003 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:02.697349072 CET | 80 | 49718 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:02.699944019 CET | 80 | 49718 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:02.700057030 CET | 49718 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:02.799278975 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:02.799462080 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:02.805896997 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:02.936820984 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:02.986946106 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:03.101003885 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:03.231977940 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:03.266861916 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:03.364993095 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:03.381027937 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:03.553019047 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:03.612912893 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:03.661928892 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:03.725219011 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:03.856223106 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:03.948374987 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:04.057018042 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:04.188324928 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:04.291939974 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:04.365072966 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:04.396956921 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:04.528601885 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:04.575546980 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:04.661962986 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:04.678045034 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:04.808942080 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:04.855988979 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:04.896370888 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:04.959621906 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:05.090670109 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:05.140971899 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:05.193288088 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:05.256362915 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:05.387257099 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:05.430114985 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:05.474524021 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:05.537333012 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:05.668495893 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:05.709048033 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:05.755804062 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:05.818567991 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:05.949310064 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:05.990093946 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:06.037095070 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:06.100217104 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:06.231101036 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:06.271626949 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:06.318346024 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:06.381253004 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:06.512105942 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:06.606432915 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:06.662164927 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:06.725090027 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:06.855942965 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:06.893277884 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:06.943470955 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:07.007277966 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:07.179003000 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:07.224912882 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:07.288518906 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:07.458165884 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:07.506027937 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:07.623275995 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:07.794948101 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:07.795058966 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:07.849853992 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:07.903924942 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:08.035625935 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:08.130971909 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:08.177998066 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:08.278064966 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:08.409079075 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:08.447007895 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:08.490474939 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:09.027549982 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:09.198916912 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:09.280329943 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:09.334249973 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:09.440654993 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:09.571595907 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:09.610276937 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:09.662420988 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:10.163378954 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:10.334822893 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:10.390861034 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:10.443763971 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:10.546200037 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:10.677018881 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:10.717154980 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:10.821436882 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:10.952554941 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:10.988811016 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:11.053216934 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:11.100404978 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:11.272105932 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:11.339256048 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:11.444247007 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:11.575208902 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:11.613493919 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:11.725845098 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:11.898135900 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:11.905600071 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:11.959491014 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:12.007060051 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:12.138587952 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:12.273540020 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:12.318914890 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:12.386657953 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:12.518362045 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:12.557701111 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:12.600192070 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:12.663096905 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:12.834980965 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:12.837805033 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:12.881553888 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:12.944468975 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:13.096570015 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:13.206904888 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:13.256539106 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:13.319804907 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:13.450817108 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:13.550713062 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:26:13.600188017 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:13.663201094 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:26:13.814194918 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:13.849142075 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:13.902194977 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:17.876439095 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:17.878200054 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:18.160805941 CET | 49719 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:18.161077023 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:18.291805029 CET | 80 | 49719 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:18.299676895 CET | 80 | 49720 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:18.299858093 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:18.300055981 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:18.438504934 CET | 80 | 49720 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:18.484451056 CET | 80 | 49720 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:18.527627945 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:18.590637922 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:18.729768991 CET | 80 | 49720 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:18.768790007 CET | 80 | 49720 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:18.808926105 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:18.873500109 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:19.052223921 CET | 80 | 49720 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:19.103596926 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:19.161968946 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:19.342257977 CET | 80 | 49720 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:19.405400038 CET | 80 | 49720 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:19.464734077 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:19.525784016 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:19.664330006 CET | 80 | 49720 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:19.703243017 CET | 80 | 49720 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:19.745522022 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:19.804735899 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:19.985024929 CET | 80 | 49720 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:20.042505026 CET | 80 | 49720 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:20.085437059 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Jan 23, 2023 21:27:23.387419939 CET | 80 | 49720 | 92.249.45.113 | 192.168.2.3 |
Jan 23, 2023 21:27:23.387533903 CET | 49720 | 80 | 192.168.2.3 | 92.249.45.113 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 23, 2023 21:24:58.871665001 CET | 62704 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:24:58.893373966 CET | 53 | 62704 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:08.443223953 CET | 49977 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:08.463412046 CET | 53 | 49977 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:11.535756111 CET | 57840 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:11.553390980 CET | 53 | 57840 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:22.189124107 CET | 57990 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:22.208219051 CET | 53 | 57990 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:22.825491905 CET | 52387 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:22.844886065 CET | 53 | 52387 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:23.090148926 CET | 56924 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:23.128328085 CET | 53 | 56924 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:33.646619081 CET | 60625 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:33.684163094 CET | 53 | 60625 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:34.280523062 CET | 49302 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:34.299850941 CET | 53 | 49302 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:36.890943050 CET | 53975 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:36.920562029 CET | 53 | 53975 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:39.142227888 CET | 51139 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:39.166711092 CET | 52955 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:39.178850889 CET | 53 | 51139 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:39.184284925 CET | 53 | 52955 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:47.714207888 CET | 57134 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:47.731792927 CET | 53 | 57134 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:52.110774994 CET | 62050 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:52.128407955 CET | 53 | 62050 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:55.984730005 CET | 56042 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:56.016683102 CET | 53 | 56042 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:25:59.081839085 CET | 59636 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:25:59.136511087 CET | 53 | 59636 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2023 21:26:02.552184105 CET | 55638 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2023 21:26:02.666835070 CET | 53 | 55638 | 8.8.8.8 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jan 23, 2023 21:24:58.871665001 CET | 192.168.2.3 | 8.8.8.8 | 0x34f7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:08.443223953 CET | 192.168.2.3 | 8.8.8.8 | 0xee26 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:11.535756111 CET | 192.168.2.3 | 8.8.8.8 | 0xf827 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:22.189124107 CET | 192.168.2.3 | 8.8.8.8 | 0x9edd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:22.825491905 CET | 192.168.2.3 | 8.8.8.8 | 0x6d87 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:23.090148926 CET | 192.168.2.3 | 8.8.8.8 | 0x658 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:33.646619081 CET | 192.168.2.3 | 8.8.8.8 | 0xb7be | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:34.280523062 CET | 192.168.2.3 | 8.8.8.8 | 0xfffb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:36.890943050 CET | 192.168.2.3 | 8.8.8.8 | 0xe259 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:39.142227888 CET | 192.168.2.3 | 8.8.8.8 | 0x76ba | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:39.166711092 CET | 192.168.2.3 | 8.8.8.8 | 0xe3ad | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:47.714207888 CET | 192.168.2.3 | 8.8.8.8 | 0x8220 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:52.110774994 CET | 192.168.2.3 | 8.8.8.8 | 0x1186 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:55.984730005 CET | 192.168.2.3 | 8.8.8.8 | 0x3130 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:25:59.081839085 CET | 192.168.2.3 | 8.8.8.8 | 0xb2c1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 23, 2023 21:26:02.552184105 CET | 192.168.2.3 | 8.8.8.8 | 0xb2ba | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jan 23, 2023 21:24:58.893373966 CET | 8.8.8.8 | 192.168.2.3 | 0x34f7 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:08.463412046 CET | 8.8.8.8 | 192.168.2.3 | 0xee26 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:11.553390980 CET | 8.8.8.8 | 192.168.2.3 | 0xf827 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:22.208219051 CET | 8.8.8.8 | 192.168.2.3 | 0x9edd | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:22.844886065 CET | 8.8.8.8 | 192.168.2.3 | 0x6d87 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:23.128328085 CET | 8.8.8.8 | 192.168.2.3 | 0x658 | No error (0) | 92.249.45.113 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:33.684163094 CET | 8.8.8.8 | 192.168.2.3 | 0xb7be | No error (0) | 92.249.45.113 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:34.299850941 CET | 8.8.8.8 | 192.168.2.3 | 0xfffb | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:36.920562029 CET | 8.8.8.8 | 192.168.2.3 | 0xe259 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:39.178850889 CET | 8.8.8.8 | 192.168.2.3 | 0x76ba | No error (0) | 92.249.45.113 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:39.184284925 CET | 8.8.8.8 | 192.168.2.3 | 0xe3ad | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:47.731792927 CET | 8.8.8.8 | 192.168.2.3 | 0x8220 | No error (0) | 92.249.45.113 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:52.128407955 CET | 8.8.8.8 | 192.168.2.3 | 0x1186 | No error (0) | 92.249.45.113 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:56.016683102 CET | 8.8.8.8 | 192.168.2.3 | 0x3130 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:25:59.136511087 CET | 8.8.8.8 | 192.168.2.3 | 0xb2c1 | No error (0) | 92.249.45.113 | A (IP address) | IN (0x0001) | false | ||
Jan 23, 2023 21:26:02.666835070 CET | 8.8.8.8 | 192.168.2.3 | 0xb2ba | No error (0) | 92.249.45.113 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49702 | 208.95.112.1 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:24:58.945521116 CET | 103 | OUT | |
Jan 23, 2023 21:24:58.979034901 CET | 104 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49703 | 208.95.112.1 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:08.497775078 CET | 104 | OUT | |
Jan 23, 2023 21:25:08.532289028 CET | 105 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.3 | 49713 | 208.95.112.1 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:39.225068092 CET | 116 | OUT | |
Jan 23, 2023 21:25:39.255388975 CET | 117 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.3 | 49712 | 92.249.45.113 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:39.311254978 CET | 117 | OUT | |
Jan 23, 2023 21:25:39.451045036 CET | 118 | IN | |
Jan 23, 2023 21:25:42.490222931 CET | 118 | OUT | |
Jan 23, 2023 21:25:42.659754992 CET | 118 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.3 | 49715 | 92.249.45.113 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:47.864337921 CET | 136 | OUT | |
Jan 23, 2023 21:25:47.998567104 CET | 136 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.3 | 49716 | 92.249.45.113 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:52.268623114 CET | 137 | OUT | |
Jan 23, 2023 21:25:52.495882034 CET | 138 | IN | |
Jan 23, 2023 21:25:52.511815071 CET | 138 | OUT | |
Jan 23, 2023 21:25:52.642586946 CET | 138 | IN | |
Jan 23, 2023 21:25:52.644560099 CET | 138 | OUT | |
Jan 23, 2023 21:25:52.644714117 CET | 146 | OUT | |
Jan 23, 2023 21:25:52.644793987 CET | 150 | OUT | |
Jan 23, 2023 21:25:52.775672913 CET | 167 | OUT | |
Jan 23, 2023 21:25:52.775759935 CET | 174 | OUT | |
Jan 23, 2023 21:25:52.907457113 CET | 219 | OUT | |
Jan 23, 2023 21:25:52.907891035 CET | 223 | OUT | |
Jan 23, 2023 21:25:53.038795948 CET | 244 | OUT | |
Jan 23, 2023 21:25:53.038901091 CET | 259 | OUT | |
Jan 23, 2023 21:25:53.038954973 CET | 277 | OUT | |
Jan 23, 2023 21:25:54.040550947 CET | 922 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.3 | 49717 | 208.95.112.1 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:56.050263882 CET | 923 | OUT | |
Jan 23, 2023 21:25:56.080812931 CET | 923 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.3 | 49718 | 92.249.45.113 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:59.271301031 CET | 924 | OUT | |
Jan 23, 2023 21:25:59.408112049 CET | 924 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
16 | 192.168.2.3 | 49719 | 92.249.45.113 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:26:02.805896997 CET | 925 | OUT | |
Jan 23, 2023 21:26:02.986946106 CET | 926 | IN | |
Jan 23, 2023 21:26:03.101003885 CET | 926 | OUT | |
Jan 23, 2023 21:26:03.266861916 CET | 926 | IN | |
Jan 23, 2023 21:26:03.381027937 CET | 926 | OUT | |
Jan 23, 2023 21:26:03.612912893 CET | 927 | IN | |
Jan 23, 2023 21:26:03.725219011 CET | 927 | OUT | |
Jan 23, 2023 21:26:03.948374987 CET | 928 | IN | |
Jan 23, 2023 21:26:04.057018042 CET | 928 | OUT | |
Jan 23, 2023 21:26:04.291939974 CET | 928 | IN | |
Jan 23, 2023 21:26:04.396956921 CET | 928 | OUT | |
Jan 23, 2023 21:26:04.575546980 CET | 929 | IN | |
Jan 23, 2023 21:26:04.678045034 CET | 929 | OUT | |
Jan 23, 2023 21:26:04.855988979 CET | 929 | IN | |
Jan 23, 2023 21:26:04.959621906 CET | 930 | OUT | |
Jan 23, 2023 21:26:05.140971899 CET | 930 | IN | |
Jan 23, 2023 21:26:05.256362915 CET | 930 | OUT | |
Jan 23, 2023 21:26:05.430114985 CET | 931 | IN | |
Jan 23, 2023 21:26:05.537333012 CET | 931 | OUT | |
Jan 23, 2023 21:26:05.709048033 CET | 931 | IN | |
Jan 23, 2023 21:26:05.818567991 CET | 931 | OUT | |
Jan 23, 2023 21:26:05.990093946 CET | 932 | IN | |
Jan 23, 2023 21:26:06.100217104 CET | 932 | OUT | |
Jan 23, 2023 21:26:06.271626949 CET | 933 | IN | |
Jan 23, 2023 21:26:06.381253004 CET | 933 | OUT | |
Jan 23, 2023 21:26:06.606432915 CET | 933 | IN | |
Jan 23, 2023 21:26:06.725090027 CET | 933 | OUT | |
Jan 23, 2023 21:26:06.893277884 CET | 934 | IN | |
Jan 23, 2023 21:26:07.007277966 CET | 934 | OUT | |
Jan 23, 2023 21:26:07.179003000 CET | 934 | IN | |
Jan 23, 2023 21:26:07.288518906 CET | 935 | OUT | |
Jan 23, 2023 21:26:07.458165884 CET | 935 | IN | |
Jan 23, 2023 21:26:07.623275995 CET | 935 | OUT | |
Jan 23, 2023 21:26:07.795058966 CET | 936 | IN | |
Jan 23, 2023 21:26:07.903924942 CET | 936 | OUT | |
Jan 23, 2023 21:26:08.130971909 CET | 936 | IN | |
Jan 23, 2023 21:26:08.278064966 CET | 937 | OUT | |
Jan 23, 2023 21:26:08.447007895 CET | 937 | IN | |
Jan 23, 2023 21:26:09.027549982 CET | 937 | OUT | |
Jan 23, 2023 21:26:09.280329943 CET | 938 | IN | |
Jan 23, 2023 21:26:09.440654993 CET | 938 | OUT | |
Jan 23, 2023 21:26:09.610276937 CET | 938 | IN | |
Jan 23, 2023 21:26:10.163378954 CET | 938 | OUT | |
Jan 23, 2023 21:26:10.390861034 CET | 939 | IN | |
Jan 23, 2023 21:26:10.546200037 CET | 939 | OUT | |
Jan 23, 2023 21:26:10.717154980 CET | 940 | IN | |
Jan 23, 2023 21:26:10.821436882 CET | 940 | OUT | |
Jan 23, 2023 21:26:10.988811016 CET | 940 | IN | |
Jan 23, 2023 21:26:11.100404978 CET | 940 | OUT | |
Jan 23, 2023 21:26:11.339256048 CET | 941 | IN | |
Jan 23, 2023 21:26:11.444247007 CET | 941 | OUT | |
Jan 23, 2023 21:26:11.613493919 CET | 941 | IN | |
Jan 23, 2023 21:26:11.725845098 CET | 941 | OUT | |
Jan 23, 2023 21:26:11.905600071 CET | 942 | IN | |
Jan 23, 2023 21:26:12.007060051 CET | 942 | OUT | |
Jan 23, 2023 21:26:12.273540020 CET | 943 | IN | |
Jan 23, 2023 21:26:12.386657953 CET | 943 | OUT | |
Jan 23, 2023 21:26:12.557701111 CET | 943 | IN | |
Jan 23, 2023 21:26:12.663096905 CET | 944 | OUT | |
Jan 23, 2023 21:26:12.837805033 CET | 944 | IN | |
Jan 23, 2023 21:26:12.944468975 CET | 944 | OUT | |
Jan 23, 2023 21:26:13.206904888 CET | 945 | IN | |
Jan 23, 2023 21:26:13.319804907 CET | 945 | OUT | |
Jan 23, 2023 21:26:13.550713062 CET | 945 | IN | |
Jan 23, 2023 21:26:13.663201094 CET | 946 | OUT | |
Jan 23, 2023 21:27:13.849142075 CET | 947 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
17 | 192.168.2.3 | 49720 | 92.249.45.113 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:27:18.300055981 CET | 947 | OUT | |
Jan 23, 2023 21:27:18.484451056 CET | 948 | IN | |
Jan 23, 2023 21:27:18.590637922 CET | 948 | OUT | |
Jan 23, 2023 21:27:18.768790007 CET | 949 | IN | |
Jan 23, 2023 21:27:18.873500109 CET | 949 | OUT | |
Jan 23, 2023 21:27:19.052223921 CET | 949 | IN | |
Jan 23, 2023 21:27:19.161968946 CET | 949 | OUT | |
Jan 23, 2023 21:27:19.405400038 CET | 950 | IN | |
Jan 23, 2023 21:27:19.525784016 CET | 950 | OUT | |
Jan 23, 2023 21:27:19.703243017 CET | 950 | IN | |
Jan 23, 2023 21:27:19.804735899 CET | 951 | OUT | |
Jan 23, 2023 21:27:20.042505026 CET | 951 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.3 | 49704 | 208.95.112.1 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:11.630594015 CET | 106 | OUT | |
Jan 23, 2023 21:25:11.664326906 CET | 106 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.3 | 49705 | 208.95.112.1 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:22.278419018 CET | 107 | OUT | |
Jan 23, 2023 21:25:22.312055111 CET | 107 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.3 | 49706 | 208.95.112.1 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:22.916079998 CET | 108 | OUT | |
Jan 23, 2023 21:25:22.949666977 CET | 108 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.3 | 49707 | 92.249.45.113 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:23.289814949 CET | 109 | OUT | |
Jan 23, 2023 21:25:23.524386883 CET | 109 | IN | |
Jan 23, 2023 21:25:24.159368038 CET | 110 | OUT | |
Jan 23, 2023 21:25:24.331115007 CET | 110 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.3 | 49708 | 92.249.45.113 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:29.484357119 CET | 111 | OUT | |
Jan 23, 2023 21:25:29.625597000 CET | 111 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.3 | 49709 | 92.249.45.113 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:33.866869926 CET | 112 | OUT | |
Jan 23, 2023 21:25:34.095911026 CET | 112 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.3 | 49710 | 208.95.112.1 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:34.380011082 CET | 113 | OUT | |
Jan 23, 2023 21:25:34.413429976 CET | 113 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.3 | 49711 | 208.95.112.1 | 80 | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 23, 2023 21:25:36.957734108 CET | 114 | OUT | |
Jan 23, 2023 21:25:36.991178036 CET | 115 | IN | |
Jan 23, 2023 21:25:37.391151905 CET | 115 | OUT | |
Jan 23, 2023 21:25:37.425131083 CET | 115 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 21:24:56 |
Start date: | 23/01/2023 |
Path: | C:\Users\user\Desktop\5VXh2VBmA0.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x760000 |
File size: | 549415 bytes |
MD5 hash: | 7A483865F3F1999AB24ED75F710649AD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 10 |
Start time: | 21:25:19 |
Start date: | 23/01/2023 |
Path: | C:\Users\user\AppData\Local\Temp\Zip.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x176e4530000 |
File size: | 32256 bytes |
MD5 hash: | AF07E88EC22CC90CEBFDA29517F101B9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | moderate |
Target ID: | 11 |
Start time: | 21:25:20 |
Start date: | 23/01/2023 |
Path: | C:\Users\user\AppData\Local\Temp\update_232309.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x980000 |
File size: | 549415 bytes |
MD5 hash: | 7A483865F3F1999AB24ED75F710649AD |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 12 |
Start time: | 21:25:29 |
Start date: | 23/01/2023 |
Path: | C:\Users\user\AppData\Local\Temp\update_232309.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xa50000 |
File size: | 549415 bytes |
MD5 hash: | 7A483865F3F1999AB24ED75F710649AD |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | .Net C# or VB.NET |
Reputation: | low |
Execution Graph
Execution Coverage: | 17.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 3 |
Total number of Limit Nodes: | 0 |
Graph
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFBAD3934B0 Relevance: .7, Instructions: 709COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFBAD3941C0 Relevance: .6, Instructions: 613COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFBAD3AA1A9 Relevance: .6, Instructions: 562COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFBAD3A2CF6 Relevance: .5, Instructions: 471COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFBAD3A3AA2 Relevance: .5, Instructions: 457COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFBAD26F2F0 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFBAD39A283 Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 14.1% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 3 |
Total number of Limit Nodes: | 0 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFBAD26F051 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 15.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 3 |
Total number of Limit Nodes: | 0 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFBAD27F2F0 Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 14.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 3 |
Total number of Limit Nodes: | 0 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFBAD23F2F0 Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |