Windows
Analysis Report
BzLGqYKy7o.exe
Overview
General Information
Sample name: | BzLGqYKy7o.exerenamed because original name is a hash value |
Original sample name: | d0d4805488e7e745515fff2165d3cc05.exe |
Analysis ID: | 1528058 |
MD5: | d0d4805488e7e745515fff2165d3cc05 |
SHA1: | 0cebec529de0430c9e897f740700b27c043a8552 |
SHA256: | e684bed5b84f09dd85a88a7847fb4aaed9845f9b8098f0dda486a095a3115d4c |
Tags: | exeStealcuser-abuse_ch |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- BzLGqYKy7o.exe (PID: 6480 cmdline:
"C:\Users\ user\Deskt op\BzLGqYK y7o.exe" MD5: D0D4805488E7E745515FFF2165D3CC05) - explorer.exe (PID: 1028 cmdline:
C:\Windows \Explorer. EXE MD5: 662F4F92FDE3557E86D110526BB578D5) - B9A0.exe (PID: 6768 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\B9A0.ex e MD5: 0719C6940AABCC832DB40F7EE68A25DC)
- teihrdr (PID: 6460 cmdline:
C:\Users\u ser\AppDat a\Roaming\ teihrdr MD5: D0D4805488E7E745515FFF2165D3CC05)
- teihrdr (PID: 1992 cmdline:
C:\Users\u ser\AppDat a\Roaming\ teihrdr MD5: D0D4805488E7E745515FFF2165D3CC05)
- jtihrdr (PID: 7108 cmdline:
C:\Users\u ser\AppDat a\Roaming\ jtihrdr MD5: 0719C6940AABCC832DB40F7EE68A25DC)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
SmokeLoader | The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body. |
{"Version": 2022, "C2 list": ["http://nwgrus.ru/tmp/index.php", "http://tech-servers.in.net/tmp/index.php", "http://unicea.ws/tmp/index.php"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Windows_Trojan_Smokeloader_4e31426e | unknown | unknown |
| |
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
Click to see the 27 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Click to see the 1 entries |
System Summary |
---|
Source: | Author: Max Altgelt (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-07T14:59:24.450425+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49770 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:25.374466+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49776 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:26.314240+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49782 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:27.265046+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49788 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:28.193590+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49794 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:29.130090+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49804 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:30.253391+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49810 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:31.176635+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49814 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:32.219133+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49822 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:33.173977+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49831 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:34.105790+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49837 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:35.044145+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49844 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:35.980167+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49850 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:37.313136+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49856 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:38.356354+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49867 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:39.269702+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49868 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:40.231913+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49874 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:41.192149+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49885 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:42.137608+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49891 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:43.085742+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49897 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:44.028780+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49903 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:44.972761+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49910 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:45.907705+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49916 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:47.047276+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49922 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:49.566919+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49939 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:50.521037+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49945 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:51.497852+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49952 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:52.661203+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49961 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:53.588010+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49969 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:54.529610+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49975 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:56.016097+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49979 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:57.166667+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49982 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:58.325335+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49993 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:59.253273+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 49998 | 105.197.97.247 | 80 | TCP |
2024-10-07T15:00:14.419801+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50012 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:00:16.825302+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50013 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:05.953100+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50014 | 105.197.97.247 | 80 | TCP |
2024-10-07T15:01:15.348447+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50015 | 105.197.97.247 | 80 | TCP |
2024-10-07T15:01:27.089587+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50016 | 105.197.97.247 | 80 | TCP |
2024-10-07T15:01:32.047885+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50017 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:33.047947+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50018 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:46.179545+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50019 | 105.197.97.247 | 80 | TCP |
2024-10-07T15:01:54.998397+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50020 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:56.212271+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50021 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:07.860198+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50022 | 189.195.132.134 | 80 | TCP |
2024-10-07T15:02:16.720307+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50023 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:17.696520+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50024 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:29.863734+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50025 | 189.195.132.134 | 80 | TCP |
2024-10-07T15:02:39.765694+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50026 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:40.760206+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50027 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:50.926729+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50028 | 189.195.132.134 | 80 | TCP |
2024-10-07T15:03:02.556191+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50029 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:03:03.522877+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.5 | 50030 | 188.40.141.211 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-07T15:00:14.715498+0200 | 2809882 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50012 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:00:18.334781+0200 | 2809882 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50013 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:32.309002+0200 | 2809882 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50017 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:33.325361+0200 | 2809882 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50018 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:55.268074+0200 | 2809882 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50020 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:56.460168+0200 | 2809882 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50021 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:17.024280+0200 | 2809882 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50023 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:18.001733+0200 | 2809882 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50024 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:40.046670+0200 | 2809882 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50026 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:41.069076+0200 | 2809882 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50027 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:03:02.864372+0200 | 2809882 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50029 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:03:03.824257+0200 | 2809882 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50030 | 188.40.141.211 | 443 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00401514 | |
Source: | Code function: | 0_2_00402F97 | |
Source: | Code function: | 0_2_00401542 | |
Source: | Code function: | 0_2_00403247 | |
Source: | Code function: | 0_2_00401549 | |
Source: | Code function: | 0_2_0040324F | |
Source: | Code function: | 0_2_00403256 | |
Source: | Code function: | 0_2_00401557 | |
Source: | Code function: | 0_2_0040326C | |
Source: | Code function: | 0_2_00403277 | |
Source: | Code function: | 0_2_004014FE | |
Source: | Code function: | 0_2_00403290 | |
Source: | Code function: | 4_2_00401514 | |
Source: | Code function: | 4_2_00402F97 | |
Source: | Code function: | 4_2_00401542 | |
Source: | Code function: | 4_2_00403247 | |
Source: | Code function: | 4_2_00401549 | |
Source: | Code function: | 4_2_0040324F | |
Source: | Code function: | 4_2_00403256 | |
Source: | Code function: | 4_2_00401557 | |
Source: | Code function: | 4_2_0040326C | |
Source: | Code function: | 4_2_00403277 | |
Source: | Code function: | 4_2_004014FE | |
Source: | Code function: | 4_2_00403290 | |
Source: | Code function: | 7_2_00403043 | |
Source: | Code function: | 7_2_004014C4 | |
Source: | Code function: | 7_2_00401508 | |
Source: | Code function: | 7_2_004014CF | |
Source: | Code function: | 7_2_004015D5 | |
Source: | Code function: | 7_2_004014DE | |
Source: | Code function: | 7_2_004015DF | |
Source: | Code function: | 7_2_004015E6 | |
Source: | Code function: | 7_2_004015F2 | |
Source: | Code function: | 7_2_004014F5 | |
Source: | Code function: | 7_2_004014F8 | |
Source: | Code function: | 7_2_004014FB | |
Source: | Code function: | 8_2_00401514 | |
Source: | Code function: | 8_2_00402F97 | |
Source: | Code function: | 8_2_00401542 | |
Source: | Code function: | 8_2_00403247 | |
Source: | Code function: | 8_2_00401549 | |
Source: | Code function: | 8_2_0040324F | |
Source: | Code function: | 8_2_00403256 | |
Source: | Code function: | 8_2_00401557 | |
Source: | Code function: | 8_2_0040326C | |
Source: | Code function: | 8_2_00403277 | |
Source: | Code function: | 8_2_004014FE | |
Source: | Code function: | 8_2_00403290 | |
Source: | Code function: | 9_2_00403043 | |
Source: | Code function: | 9_2_004014C4 | |
Source: | Code function: | 9_2_00401508 | |
Source: | Code function: | 9_2_004014CF | |
Source: | Code function: | 9_2_004015D5 | |
Source: | Code function: | 9_2_004014DE | |
Source: | Code function: | 9_2_004015DF | |
Source: | Code function: | 9_2_004015E6 | |
Source: | Code function: | 9_2_004015F2 | |
Source: | Code function: | 9_2_004014F5 | |
Source: | Code function: | 9_2_004014F8 | |
Source: | Code function: | 9_2_004014FB |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_005B01D0 |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_004014E9 | |
Source: | Code function: | 0_2_004032AB | |
Source: | Code function: | 0_2_004E1550 | |
Source: | Code function: | 0_2_005B3C2B | |
Source: | Code function: | 0_2_005B2ACA | |
Source: | Code function: | 0_2_005B2003 | |
Source: | Code function: | 4_2_004014E9 | |
Source: | Code function: | 4_2_004032AB | |
Source: | Code function: | 4_2_00601550 | |
Source: | Code function: | 4_2_006A33F3 | |
Source: | Code function: | 4_2_006A2292 | |
Source: | Code function: | 4_2_006A17CB | |
Source: | Code function: | 7_2_0040100C | |
Source: | Code function: | 7_2_004029C6 | |
Source: | Code function: | 7_2_004029C6 | |
Source: | Code function: | 7_2_004029C6 | |
Source: | Code function: | 7_2_0040132A | |
Source: | Code function: | 7_2_004029C6 | |
Source: | Code function: | 7_2_004029C6 | |
Source: | Code function: | 7_2_005A1A5E | |
Source: | Code function: | 7_2_0059FFD4 | |
Source: | Code function: | 7_2_005A02EB | |
Source: | Code function: | 7_2_01FA2A2D | |
Source: | Code function: | 7_2_01FA1391 | |
Source: | Code function: | 7_2_01FA2A2D | |
Source: | Code function: | 7_2_01FA1073 | |
Source: | Code function: | 7_2_01FA2A2D | |
Source: | Code function: | 7_2_01FA2A2D | |
Source: | Code function: | 7_2_01FA2A2D | |
Source: | Code function: | 7_2_01FA19BF | |
Source: | Code function: | 8_2_004014E9 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File deleted: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior |
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | System information queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_004E092B | |
Source: | Code function: | 0_2_004E0D90 | |
Source: | Code function: | 0_2_005AFAAD | |
Source: | Code function: | 4_2_0060092B | |
Source: | Code function: | 4_2_00600D90 | |
Source: | Code function: | 4_2_0069F275 | |
Source: | Code function: | 7_2_0059EE02 | |
Source: | Code function: | 7_2_01FA0D90 | |
Source: | Code function: | 7_2_01FA092B | |
Source: | Code function: | 8_2_0070092B | |
Source: | Code function: | 8_2_00700D90 | |
Source: | Code function: | 8_2_00740DF5 | |
Source: | Code function: | 9_2_0052092B | |
Source: | Code function: | 9_2_00520D90 | |
Source: | Code function: | 9_2_0058EC2A |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File created: | Jump to dropped file |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | 1 DLL Side-Loading | 32 Process Injection | 11 Masquerading | OS Credential Dumping | 511 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 12 Virtualization/Sandbox Evasion | LSASS Memory | 12 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 32 Process Injection | Security Account Manager | 3 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Hidden Files and Directories | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 115 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Software Packing | Cached Domain Credentials | 12 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 File Deletion | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
32% | ReversingLabs | |||
100% | Avira | HEUR/AGEN.1310247 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1310247 | ||
100% | Avira | HEUR/AGEN.1310247 | ||
100% | Avira | HEUR/AGEN.1310247 | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
32% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
calvinandhalls.com | 188.40.141.211 | true | true | unknown | |
nwgrus.ru | 105.197.97.247 | true | true | unknown | |
bestworldhools.com | 188.40.141.211 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.40.141.211 | calvinandhalls.com | Germany | 24940 | HETZNER-ASDE | true | |
105.197.97.247 | nwgrus.ru | Egypt | 24835 | RAYA-ASEG | true | |
189.195.132.134 | unknown | Mexico | 13999 | MegaCableSAdeCVMX | true | |
23.145.40.164 | unknown | Reserved | 22631 | SURFAIRWIRELESS-IN-01US | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528058 |
Start date and time: | 2024-10-07 14:58:03 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 9m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | BzLGqYKy7o.exerenamed because original name is a hash value |
Original Sample Name: | d0d4805488e7e745515fff2165d3cc05.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@6/4@7/4 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: BzLGqYKy7o.exe
Time | Type | Description |
---|---|---|
08:59:11 | API Interceptor | |
14:59:20 | Task Scheduler | |
15:00:11 | Task Scheduler |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
188.40.141.211 | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | CryptOne, Nymaim, PrivateLoader, RedLine, SmokeLoader, onlyLogger | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | Babuk, Djvu | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
105.197.97.247 | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
189.195.132.134 | Get hash | malicious | Babuk, Djvu, SmokeLoader | Browse |
| |
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bestworldhools.com | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
calvinandhalls.com | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
nwgrus.ru | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
HETZNER-ASDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
SURFAIRWIRELESS-IN-01US | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
MegaCableSAdeCVMX | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
RAYA-ASEG | Get hash | malicious | Mirai, Okiru | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
72a589da586844d7f0818ce684948eea | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC, Amadey, Credential Flusher, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 445952 |
Entropy (8bit): | 6.33809988244996 |
Encrypted: | false |
SSDEEP: | 6144:LwUZ9L7YogfjUt9cFAKm8shskq17c4IARUEe+8ULQTdVjzwa4opTT:LfZh7YokjUbc9m8shsXA0UP+gNLT |
MD5: | 0719C6940AABCC832DB40F7EE68A25DC |
SHA1: | 0D23A06DAA49E69D41ED406C32C6EE2C4F8445E1 |
SHA-256: | 77931F6678ADECE99070E617DCC98A2E9BE636803BFE8DED58CF8A5362DD4430 |
SHA-512: | 0264DE6170008268F46EC96CC2FF2EB34A1D71EA841BE909810A1A891339BADCB2E9E3020FDEE04288ED5070A19668ADDE2E6C153FBAA10D9F577D7C1B009EAE |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | modified |
Size (bytes): | 445952 |
Entropy (8bit): | 6.33809988244996 |
Encrypted: | false |
SSDEEP: | 6144:LwUZ9L7YogfjUt9cFAKm8shskq17c4IARUEe+8ULQTdVjzwa4opTT:LfZh7YokjUbc9m8shsXA0UP+gNLT |
MD5: | 0719C6940AABCC832DB40F7EE68A25DC |
SHA1: | 0D23A06DAA49E69D41ED406C32C6EE2C4F8445E1 |
SHA-256: | 77931F6678ADECE99070E617DCC98A2E9BE636803BFE8DED58CF8A5362DD4430 |
SHA-512: | 0264DE6170008268F46EC96CC2FF2EB34A1D71EA841BE909810A1A891339BADCB2E9E3020FDEE04288ED5070A19668ADDE2E6C153FBAA10D9F577D7C1B009EAE |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 447488 |
Entropy (8bit): | 6.349979284586235 |
Encrypted: | false |
SSDEEP: | 6144:zwtN955b+GARrBUNLMmAjgRkRXsmZabQTdVjtga4opTT:zuNL5aGyUBMmAjnFZpptLT |
MD5: | D0D4805488E7E745515FFF2165D3CC05 |
SHA1: | 0CEBEC529DE0430C9E897F740700B27C043A8552 |
SHA-256: | E684BED5B84F09DD85A88A7847FB4AAED9845F9B8098F0DDA486A095A3115D4C |
SHA-512: | 5A7DEBE1760FBEF5FCA9D0A1326F4BCF4336540FFA7956232F0AD380605CD99637AF769BCA7D0F91BB1C26FFC094968D6471A4427412041ECBA7F9FB5B93719C |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.349979284586235 |
TrID: |
|
File name: | BzLGqYKy7o.exe |
File size: | 447'488 bytes |
MD5: | d0d4805488e7e745515fff2165d3cc05 |
SHA1: | 0cebec529de0430c9e897f740700b27c043a8552 |
SHA256: | e684bed5b84f09dd85a88a7847fb4aaed9845f9b8098f0dda486a095a3115d4c |
SHA512: | 5a7debe1760fbef5fca9d0a1326f4bcf4336540ffa7956232f0ad380605cd99637af769bca7d0f91bb1c26ffc094968d6471a4427412041ecba7f9fb5b93719c |
SSDEEP: | 6144:zwtN955b+GARrBUNLMmAjgRkRXsmZabQTdVjtga4opTT:zuNL5aGyUBMmAjnFZpptLT |
TLSH: | 8294BF02A6F1BC60F52266B18E2AD7EC355EFC419E18675F23197F1F18722E1D6327A0 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............._..._..._..L_..._..y_..._..x_..._..A_..._..._S.._..}_..._..H_..._..O_..._Rich..._........................PE..L....V.f... |
Icon Hash: | 49294955554d610d |
Entrypoint: | 0x4039a0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6616568B [Wed Apr 10 09:06:19 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 6e15f2578101cc821c000ba42c1b85a8 |
Instruction |
---|
call 00007F470C6DAF1Ah |
jmp 00007F470C6D81BEh |
push dword ptr [0044EFB8h] |
call dword ptr [0040D110h] |
test eax, eax |
je 00007F470C6D8334h |
call eax |
push 00000019h |
call 00007F470C6DA5B7h |
push 00000001h |
push 00000000h |
call 00007F470C6D7CE9h |
add esp, 0Ch |
jmp 00007F470C6D7CAEh |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 20h |
mov eax, dword ptr [ebp+08h] |
push esi |
push edi |
push 00000008h |
pop ecx |
mov esi, 0040D390h |
lea edi, dword ptr [ebp-20h] |
rep movsd |
mov dword ptr [ebp-08h], eax |
mov eax, dword ptr [ebp+0Ch] |
pop edi |
mov dword ptr [ebp-04h], eax |
pop esi |
test eax, eax |
je 00007F470C6D833Eh |
test byte ptr [eax], 00000008h |
je 00007F470C6D8339h |
mov dword ptr [ebp-0Ch], 01994000h |
lea eax, dword ptr [ebp-0Ch] |
push eax |
push dword ptr [ebp-10h] |
push dword ptr [ebp-1Ch] |
push dword ptr [ebp-20h] |
call dword ptr [0040D144h] |
leave |
retn 0008h |
mov edi, edi |
push ebp |
mov ebp, esp |
push ecx |
push ebx |
mov eax, dword ptr [ebp+0Ch] |
add eax, 0Ch |
mov dword ptr [ebp-04h], eax |
mov ebx, dword ptr fs:[00000000h] |
mov eax, dword ptr [ebx] |
mov dword ptr fs:[00000000h], eax |
mov eax, dword ptr [ebp+08h] |
mov ebx, dword ptr [ebp+0Ch] |
mov ebp, dword ptr [ebp-04h] |
mov esp, dword ptr [ebx-04h] |
jmp eax |
pop ebx |
leave |
retn 0008h |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x47c08 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5d000 | 0x1f1a8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x47c58 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x472b0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xd000 | 0x1d0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xbdad | 0xbe00 | 5e2dcfacb98721a0c8099d8c142d6e52 | False | 0.6075863486842106 | data | 6.709568594890225 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0xd000 | 0x3b6b2 | 0x3b800 | 8c683d4899b1eea99d0c0c894d3ae42f | False | 0.7530938156512605 | data | 6.875369810081216 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x49000 | 0x10a00 | 0x5e00 | dd6946c771454473442f5f63e7083b90 | False | 0.08431682180851063 | data | 1.099697366277395 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.gol | 0x5a000 | 0x400 | 0x400 | 0f343b0931126a20f133d67c2b018a3b | False | 0.0166015625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.xowujad | 0x5b000 | 0xd6 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.xonag | 0x5c000 | 0x400 | 0x400 | 0f343b0931126a20f133d67c2b018a3b | False | 0.0166015625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x5d000 | 0x1f1a8 | 0x1f200 | 210ea3fb05c74ca583491c35953e8b69 | False | 0.42537336847389556 | data | 5.043242607048044 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x76b38 | 0x330 | Device independent bitmap graphic, 48 x 96 x 1, image size 0 | 0.1948529411764706 | ||
RT_CURSOR | 0x76e68 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.33223684210526316 | ||
RT_CURSOR | 0x76fc0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.2953091684434968 | ||
RT_CURSOR | 0x77e68 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.46705776173285196 | ||
RT_CURSOR | 0x78710 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5361271676300579 | ||
RT_CURSOR | 0x78ca8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.30943496801705755 | ||
RT_CURSOR | 0x79b50 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.427797833935018 | ||
RT_CURSOR | 0x7a3f8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5469653179190751 | ||
RT_ICON | 0x5da80 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Tamil | India | 0.3718017057569296 |
RT_ICON | 0x5da80 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Tamil | Sri Lanka | 0.3718017057569296 |
RT_ICON | 0x5e928 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | India | 0.45893501805054154 |
RT_ICON | 0x5e928 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | Sri Lanka | 0.45893501805054154 |
RT_ICON | 0x5f1d0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Tamil | India | 0.45794930875576034 |
RT_ICON | 0x5f1d0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Tamil | Sri Lanka | 0.45794930875576034 |
RT_ICON | 0x5f898 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | India | 0.45809248554913296 |
RT_ICON | 0x5f898 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | Sri Lanka | 0.45809248554913296 |
RT_ICON | 0x5fe00 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Tamil | India | 0.2704356846473029 |
RT_ICON | 0x5fe00 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Tamil | Sri Lanka | 0.2704356846473029 |
RT_ICON | 0x623a8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | India | 0.30558161350844276 |
RT_ICON | 0x623a8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | Sri Lanka | 0.30558161350844276 |
RT_ICON | 0x63450 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | India | 0.3608156028368794 |
RT_ICON | 0x63450 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | Sri Lanka | 0.3608156028368794 |
RT_ICON | 0x63920 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Tamil | India | 0.5621002132196162 |
RT_ICON | 0x63920 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Tamil | Sri Lanka | 0.5621002132196162 |
RT_ICON | 0x647c8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | India | 0.5464801444043321 |
RT_ICON | 0x647c8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | Sri Lanka | 0.5464801444043321 |
RT_ICON | 0x65070 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | India | 0.6221098265895953 |
RT_ICON | 0x65070 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | Sri Lanka | 0.6221098265895953 |
RT_ICON | 0x655d8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Tamil | India | 0.46255186721991703 |
RT_ICON | 0x655d8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Tamil | Sri Lanka | 0.46255186721991703 |
RT_ICON | 0x67b80 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | India | 0.4901500938086304 |
RT_ICON | 0x67b80 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | Sri Lanka | 0.4901500938086304 |
RT_ICON | 0x68c28 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Tamil | India | 0.494672131147541 |
RT_ICON | 0x68c28 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Tamil | Sri Lanka | 0.494672131147541 |
RT_ICON | 0x695b0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | India | 0.449468085106383 |
RT_ICON | 0x695b0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | Sri Lanka | 0.449468085106383 |
RT_ICON | 0x69a80 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Tamil | India | 0.376865671641791 |
RT_ICON | 0x69a80 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Tamil | Sri Lanka | 0.376865671641791 |
RT_ICON | 0x6a928 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | India | 0.506768953068592 |
RT_ICON | 0x6a928 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | Sri Lanka | 0.506768953068592 |
RT_ICON | 0x6b1d0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Tamil | India | 0.5702764976958525 |
RT_ICON | 0x6b1d0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Tamil | Sri Lanka | 0.5702764976958525 |
RT_ICON | 0x6b898 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | India | 0.5816473988439307 |
RT_ICON | 0x6b898 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | Sri Lanka | 0.5816473988439307 |
RT_ICON | 0x6be00 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Tamil | India | 0.37053941908713695 |
RT_ICON | 0x6be00 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Tamil | Sri Lanka | 0.37053941908713695 |
RT_ICON | 0x6e3a8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | India | 0.4129924953095685 |
RT_ICON | 0x6e3a8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | Sri Lanka | 0.4129924953095685 |
RT_ICON | 0x6f450 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Tamil | India | 0.4012295081967213 |
RT_ICON | 0x6f450 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Tamil | Sri Lanka | 0.4012295081967213 |
RT_ICON | 0x6fdd8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | India | 0.4716312056737589 |
RT_ICON | 0x6fdd8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | Sri Lanka | 0.4716312056737589 |
RT_ICON | 0x702b8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Tamil | India | 0.3773987206823028 |
RT_ICON | 0x702b8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Tamil | Sri Lanka | 0.3773987206823028 |
RT_ICON | 0x71160 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Tamil | India | 0.5248194945848376 |
RT_ICON | 0x71160 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Tamil | Sri Lanka | 0.5248194945848376 |
RT_ICON | 0x71a08 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Tamil | India | 0.6042626728110599 |
RT_ICON | 0x71a08 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Tamil | Sri Lanka | 0.6042626728110599 |
RT_ICON | 0x720d0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Tamil | India | 0.6596820809248555 |
RT_ICON | 0x720d0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Tamil | Sri Lanka | 0.6596820809248555 |
RT_ICON | 0x72638 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Tamil | India | 0.4900414937759336 |
RT_ICON | 0x72638 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Tamil | Sri Lanka | 0.4900414937759336 |
RT_ICON | 0x74be0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Tamil | India | 0.5082082551594747 |
RT_ICON | 0x74be0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Tamil | Sri Lanka | 0.5082082551594747 |
RT_ICON | 0x75c88 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Tamil | India | 0.48811475409836064 |
RT_ICON | 0x75c88 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Tamil | Sri Lanka | 0.48811475409836064 |
RT_ICON | 0x76610 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Tamil | India | 0.5407801418439716 |
RT_ICON | 0x76610 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Tamil | Sri Lanka | 0.5407801418439716 |
RT_STRING | 0x7abe8 | 0x370 | data | Tamil | India | 0.4681818181818182 |
RT_STRING | 0x7abe8 | 0x370 | data | Tamil | Sri Lanka | 0.4681818181818182 |
RT_STRING | 0x7af58 | 0x6c0 | data | Tamil | India | 0.43344907407407407 |
RT_STRING | 0x7af58 | 0x6c0 | data | Tamil | Sri Lanka | 0.43344907407407407 |
RT_STRING | 0x7b618 | 0x37c | data | Tamil | India | 0.45067264573991034 |
RT_STRING | 0x7b618 | 0x37c | data | Tamil | Sri Lanka | 0.45067264573991034 |
RT_STRING | 0x7b998 | 0x590 | data | Tamil | India | 0.43820224719101125 |
RT_STRING | 0x7b998 | 0x590 | data | Tamil | Sri Lanka | 0.43820224719101125 |
RT_STRING | 0x7bf28 | 0x27e | data | Tamil | India | 0.49059561128526646 |
RT_STRING | 0x7bf28 | 0x27e | data | Tamil | Sri Lanka | 0.49059561128526646 |
RT_ACCELERATOR | 0x76af0 | 0x48 | data | Tamil | India | 0.8472222222222222 |
RT_ACCELERATOR | 0x76af0 | 0x48 | data | Tamil | Sri Lanka | 0.8472222222222222 |
RT_GROUP_CURSOR | 0x76f98 | 0x22 | data | 1.0294117647058822 | ||
RT_GROUP_CURSOR | 0x78c78 | 0x30 | data | 0.9375 | ||
RT_GROUP_CURSOR | 0x7a960 | 0x30 | data | 0.9375 | ||
RT_GROUP_ICON | 0x69a18 | 0x68 | data | Tamil | India | 0.7019230769230769 |
RT_GROUP_ICON | 0x69a18 | 0x68 | data | Tamil | Sri Lanka | 0.7019230769230769 |
RT_GROUP_ICON | 0x638b8 | 0x68 | data | Tamil | India | 0.6826923076923077 |
RT_GROUP_ICON | 0x638b8 | 0x68 | data | Tamil | Sri Lanka | 0.6826923076923077 |
RT_GROUP_ICON | 0x70240 | 0x76 | data | Tamil | India | 0.6779661016949152 |
RT_GROUP_ICON | 0x70240 | 0x76 | data | Tamil | Sri Lanka | 0.6779661016949152 |
RT_GROUP_ICON | 0x76a78 | 0x76 | data | Tamil | India | 0.6779661016949152 |
RT_GROUP_ICON | 0x76a78 | 0x76 | data | Tamil | Sri Lanka | 0.6779661016949152 |
RT_VERSION | 0x7a990 | 0x258 | data | 0.5416666666666666 |
DLL | Import |
---|---|
KERNEL32.dll | GlobalCompact, InterlockedIncrement, InterlockedDecrement, SetEnvironmentVariableW, CreateJobObjectW, QueryDosDeviceA, InterlockedCompareExchange, SetVolumeMountPointW, GetComputerNameW, GetTimeFormatA, GetTickCount, CreateNamedPipeW, LocalFlags, GetNumberFormatA, SetFileTime, ClearCommBreak, TlsSetValue, GetEnvironmentStrings, SetFileShortNameW, LoadLibraryW, CopyFileW, _hread, GetCalendarInfoA, SetVolumeMountPointA, GetVersionExW, GetFileAttributesA, GetModuleFileNameW, CreateActCtxA, GetEnvironmentVariableA, GetShortPathNameA, LCMapStringA, GetConsoleAliasExesA, GetStdHandle, GetLogicalDriveStringsA, GetLastError, GetCurrentDirectoryW, GetProcAddress, EnumSystemCodePagesW, SetComputerNameA, SetFileAttributesA, LoadLibraryA, InterlockedExchangeAdd, LocalAlloc, CreateHardLinkW, GetNumberFormatW, CreateEventW, OpenEventA, FoldStringW, GlobalWire, EnumDateFormatsW, GetShortPathNameW, SetCalendarInfoA, SetProcessShutdownParameters, GetDiskFreeSpaceExA, ReadConsoleInputW, GetCurrentProcessId, DebugBreak, GetTempPathA, CommConfigDialogW, GetLocaleInfoA, SetFilePointer, VerifyVersionInfoW, EnumCalendarInfoA, EncodePointer, DecodePointer, Sleep, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapFree, HeapReAlloc, GetModuleHandleW, ExitProcess, GetCommandLineW, HeapSetInformation, GetStartupInfoW, RaiseException, RtlUnwind, HeapAlloc, WideCharToMultiByte, LCMapStringW, MultiByteToWideChar, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess, GetCurrentProcess, HeapCreate, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsFree, SetLastError, GetCurrentThreadId, WriteFile, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetSystemTimeAsFileTime, HeapSize, GetACP, GetOEMCP, IsValidCodePage, GetStringTypeW |
GDI32.dll | CreateDCW, GetCharWidth32A, GetCharWidthI |
WINHTTP.dll | WinHttpOpen |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Tamil | India | |
Tamil | Sri Lanka |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-07T14:59:24.450425+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49770 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:25.374466+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49776 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:26.314240+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49782 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:27.265046+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49788 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:28.193590+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49794 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:29.130090+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49804 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:30.253391+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49810 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:31.176635+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49814 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:32.219133+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49822 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:33.173977+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49831 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:34.105790+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49837 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:35.044145+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49844 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:35.980167+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49850 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:37.313136+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49856 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:38.356354+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49867 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:39.269702+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49868 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:40.231913+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49874 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:41.192149+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49885 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:42.137608+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49891 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:43.085742+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49897 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:44.028780+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49903 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:44.972761+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49910 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:45.907705+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49916 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:47.047276+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49922 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:49.566919+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49939 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:50.521037+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49945 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:51.497852+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49952 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:52.661203+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49961 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:53.588010+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49969 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:54.529610+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49975 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:56.016097+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49979 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:57.166667+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49982 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:58.325335+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49993 | 105.197.97.247 | 80 | TCP |
2024-10-07T14:59:59.253273+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 49998 | 105.197.97.247 | 80 | TCP |
2024-10-07T15:00:14.419801+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50012 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:00:14.715498+0200 | 2809882 | ETPRO MALWARE Dridex Post Checkin Activity 3 | 1 | 192.168.2.5 | 50012 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:00:16.825302+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50013 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:00:18.334781+0200 | 2809882 | ETPRO MALWARE Dridex Post Checkin Activity 3 | 1 | 192.168.2.5 | 50013 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:05.953100+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50014 | 105.197.97.247 | 80 | TCP |
2024-10-07T15:01:15.348447+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50015 | 105.197.97.247 | 80 | TCP |
2024-10-07T15:01:27.089587+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50016 | 105.197.97.247 | 80 | TCP |
2024-10-07T15:01:32.047885+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50017 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:32.309002+0200 | 2809882 | ETPRO MALWARE Dridex Post Checkin Activity 3 | 1 | 192.168.2.5 | 50017 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:33.047947+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50018 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:33.325361+0200 | 2809882 | ETPRO MALWARE Dridex Post Checkin Activity 3 | 1 | 192.168.2.5 | 50018 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:46.179545+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50019 | 105.197.97.247 | 80 | TCP |
2024-10-07T15:01:54.998397+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50020 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:55.268074+0200 | 2809882 | ETPRO MALWARE Dridex Post Checkin Activity 3 | 1 | 192.168.2.5 | 50020 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:56.212271+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50021 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:01:56.460168+0200 | 2809882 | ETPRO MALWARE Dridex Post Checkin Activity 3 | 1 | 192.168.2.5 | 50021 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:07.860198+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50022 | 189.195.132.134 | 80 | TCP |
2024-10-07T15:02:16.720307+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50023 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:17.024280+0200 | 2809882 | ETPRO MALWARE Dridex Post Checkin Activity 3 | 1 | 192.168.2.5 | 50023 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:17.696520+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50024 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:18.001733+0200 | 2809882 | ETPRO MALWARE Dridex Post Checkin Activity 3 | 1 | 192.168.2.5 | 50024 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:29.863734+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50025 | 189.195.132.134 | 80 | TCP |
2024-10-07T15:02:39.765694+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50026 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:40.046670+0200 | 2809882 | ETPRO MALWARE Dridex Post Checkin Activity 3 | 1 | 192.168.2.5 | 50026 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:40.760206+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50027 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:41.069076+0200 | 2809882 | ETPRO MALWARE Dridex Post Checkin Activity 3 | 1 | 192.168.2.5 | 50027 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:02:50.926729+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50028 | 189.195.132.134 | 80 | TCP |
2024-10-07T15:03:02.556191+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50029 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:03:02.864372+0200 | 2809882 | ETPRO MALWARE Dridex Post Checkin Activity 3 | 1 | 192.168.2.5 | 50029 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:03:03.522877+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.5 | 50030 | 188.40.141.211 | 443 | TCP |
2024-10-07T15:03:03.824257+0200 | 2809882 | ETPRO MALWARE Dridex Post Checkin Activity 3 | 1 | 192.168.2.5 | 50030 | 188.40.141.211 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 14:59:23.352284908 CEST | 49770 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:23.357119083 CEST | 80 | 49770 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:23.357194901 CEST | 49770 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:23.357438087 CEST | 49770 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:23.357517004 CEST | 49770 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:23.362198114 CEST | 80 | 49770 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:23.362221956 CEST | 80 | 49770 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:24.450309992 CEST | 80 | 49770 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:24.450328112 CEST | 80 | 49770 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:24.450344086 CEST | 80 | 49770 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:24.450424910 CEST | 49770 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:24.451848984 CEST | 49770 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:24.456645012 CEST | 80 | 49770 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:24.456887960 CEST | 49776 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:24.461776972 CEST | 80 | 49776 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:24.461854935 CEST | 49776 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:24.462007999 CEST | 49776 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:24.462030888 CEST | 49776 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:24.466722965 CEST | 80 | 49776 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:24.466734886 CEST | 80 | 49776 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:25.373585939 CEST | 80 | 49776 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:25.374358892 CEST | 80 | 49776 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:25.374465942 CEST | 49776 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:25.374640942 CEST | 49776 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:25.378520966 CEST | 49782 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:25.379443884 CEST | 80 | 49776 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:25.383449078 CEST | 80 | 49782 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:25.383539915 CEST | 49782 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:25.383702993 CEST | 49782 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:25.383718967 CEST | 49782 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:25.388475895 CEST | 80 | 49782 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:25.388717890 CEST | 80 | 49782 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:26.313987970 CEST | 80 | 49782 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:26.314189911 CEST | 80 | 49782 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:26.314239979 CEST | 49782 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:26.315104961 CEST | 49782 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:26.317727089 CEST | 49788 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:26.319900990 CEST | 80 | 49782 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:26.322756052 CEST | 80 | 49788 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:26.322832108 CEST | 49788 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:26.323055029 CEST | 49788 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:26.323072910 CEST | 49788 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:26.327909946 CEST | 80 | 49788 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:26.328115940 CEST | 80 | 49788 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:27.264467001 CEST | 80 | 49788 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:27.264606953 CEST | 80 | 49788 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:27.265045881 CEST | 49788 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:27.265173912 CEST | 49788 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:27.268871069 CEST | 49794 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:27.270044088 CEST | 80 | 49788 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:27.273729086 CEST | 80 | 49794 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:27.273813963 CEST | 49794 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:27.273969889 CEST | 49794 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:27.273998022 CEST | 49794 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:27.278748989 CEST | 80 | 49794 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:27.278861046 CEST | 80 | 49794 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:28.191555023 CEST | 80 | 49794 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:28.193468094 CEST | 80 | 49794 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:28.193589926 CEST | 49794 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:28.193612099 CEST | 49794 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:28.197365046 CEST | 49804 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:28.198719025 CEST | 80 | 49794 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:28.202373981 CEST | 80 | 49804 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:28.202486038 CEST | 49804 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:28.202608109 CEST | 49804 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:28.202627897 CEST | 49804 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:28.207739115 CEST | 80 | 49804 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:28.207756042 CEST | 80 | 49804 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:29.129834890 CEST | 80 | 49804 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:29.129967928 CEST | 80 | 49804 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:29.130089998 CEST | 49804 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:29.130151033 CEST | 49804 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:29.133368969 CEST | 49810 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:29.136049032 CEST | 80 | 49804 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:29.138767004 CEST | 80 | 49810 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:29.138838053 CEST | 49810 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:29.138952017 CEST | 49810 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:29.138984919 CEST | 49810 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:29.143904924 CEST | 80 | 49810 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:29.144401073 CEST | 80 | 49810 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:30.253298998 CEST | 80 | 49810 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:30.253309011 CEST | 80 | 49810 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:30.253314018 CEST | 80 | 49810 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:30.253391027 CEST | 49810 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:30.253580093 CEST | 49810 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:30.258548975 CEST | 49814 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:30.258841991 CEST | 80 | 49810 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:30.263360023 CEST | 80 | 49814 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:30.263422966 CEST | 49814 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:30.263648987 CEST | 49814 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:30.263648987 CEST | 49814 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:30.268642902 CEST | 80 | 49814 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:30.268867016 CEST | 80 | 49814 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:31.175985098 CEST | 80 | 49814 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:31.176558018 CEST | 80 | 49814 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:31.176635027 CEST | 49814 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:31.177113056 CEST | 49814 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:31.180226088 CEST | 49822 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:31.182082891 CEST | 80 | 49814 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:31.185290098 CEST | 80 | 49822 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:31.185393095 CEST | 49822 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:31.185761929 CEST | 49822 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:31.185786009 CEST | 49822 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:31.190629005 CEST | 80 | 49822 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:31.190845966 CEST | 80 | 49822 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:32.218347073 CEST | 80 | 49822 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:32.219069958 CEST | 80 | 49822 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:32.219132900 CEST | 49822 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:32.219192028 CEST | 49822 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:32.222599983 CEST | 49831 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:32.224394083 CEST | 80 | 49822 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:32.228171110 CEST | 80 | 49831 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:32.228456974 CEST | 49831 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:32.228586912 CEST | 49831 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:32.228606939 CEST | 49831 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:32.233433008 CEST | 80 | 49831 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:32.233550072 CEST | 80 | 49831 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:33.173722982 CEST | 80 | 49831 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:33.173912048 CEST | 80 | 49831 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:33.173976898 CEST | 49831 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:33.174029112 CEST | 49831 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:33.176975012 CEST | 49837 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:33.178930044 CEST | 80 | 49831 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:33.181982040 CEST | 80 | 49837 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:33.182079077 CEST | 49837 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:33.182248116 CEST | 49837 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:33.182384968 CEST | 49837 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:33.187038898 CEST | 80 | 49837 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:33.187213898 CEST | 80 | 49837 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:34.105287075 CEST | 80 | 49837 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:34.105741024 CEST | 80 | 49837 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:34.105789900 CEST | 49837 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:34.106506109 CEST | 49837 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:34.110728979 CEST | 49844 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:34.111345053 CEST | 80 | 49837 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:34.116442919 CEST | 80 | 49844 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:34.116563082 CEST | 49844 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:34.116712093 CEST | 49844 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:34.116729021 CEST | 49844 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:34.121618032 CEST | 80 | 49844 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:34.122020006 CEST | 80 | 49844 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:35.044061899 CEST | 80 | 49844 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:35.044076920 CEST | 80 | 49844 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:35.044145107 CEST | 49844 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:35.044379950 CEST | 49844 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:35.047786951 CEST | 49850 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:35.052967072 CEST | 80 | 49844 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:35.054743052 CEST | 80 | 49850 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:35.054815054 CEST | 49850 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:35.054987907 CEST | 49850 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:35.055008888 CEST | 49850 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:35.059777021 CEST | 80 | 49850 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:35.060149908 CEST | 80 | 49850 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:35.979567051 CEST | 80 | 49850 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:35.980109930 CEST | 80 | 49850 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:35.980166912 CEST | 49850 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:35.982372999 CEST | 49850 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:35.987262964 CEST | 80 | 49850 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:36.401704073 CEST | 49856 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:36.406632900 CEST | 80 | 49856 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:36.406860113 CEST | 49856 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:36.406860113 CEST | 49856 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:36.406965017 CEST | 49856 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:36.411844969 CEST | 80 | 49856 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:36.412195921 CEST | 80 | 49856 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:37.312268972 CEST | 80 | 49856 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:37.313024998 CEST | 80 | 49856 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:37.313136101 CEST | 49856 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:37.313183069 CEST | 49856 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:37.316435099 CEST | 49867 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:37.317996025 CEST | 80 | 49856 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:37.321436882 CEST | 80 | 49867 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:37.321505070 CEST | 49867 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:37.321669102 CEST | 49867 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:37.321669102 CEST | 49867 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:37.327128887 CEST | 80 | 49867 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:37.328677893 CEST | 80 | 49867 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:38.356266975 CEST | 80 | 49867 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:38.356276989 CEST | 80 | 49867 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:38.356288910 CEST | 80 | 49867 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:38.356353998 CEST | 49867 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:38.356380939 CEST | 49867 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:38.356515884 CEST | 49867 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:38.360152960 CEST | 49868 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:38.361428976 CEST | 80 | 49867 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:38.364954948 CEST | 80 | 49868 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:38.365072966 CEST | 49868 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:38.365433931 CEST | 49868 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:38.365433931 CEST | 49868 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:38.370198965 CEST | 80 | 49868 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:38.370218039 CEST | 80 | 49868 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:39.268884897 CEST | 80 | 49868 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:39.269633055 CEST | 80 | 49868 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:39.269701958 CEST | 49868 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:39.275887012 CEST | 49868 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:39.280821085 CEST | 80 | 49868 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:39.302546978 CEST | 49874 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:39.307663918 CEST | 80 | 49874 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:39.307744026 CEST | 49874 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:39.307909012 CEST | 49874 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:39.307909012 CEST | 49874 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:39.312817097 CEST | 80 | 49874 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:39.312836885 CEST | 80 | 49874 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:40.231791973 CEST | 80 | 49874 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:40.231837034 CEST | 80 | 49874 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:40.231913090 CEST | 49874 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:40.232117891 CEST | 49874 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:40.235404015 CEST | 49885 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:40.236985922 CEST | 80 | 49874 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:40.240279913 CEST | 80 | 49885 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:40.240370035 CEST | 49885 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:40.240510941 CEST | 49885 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:40.240534067 CEST | 49885 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:40.245302916 CEST | 80 | 49885 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:40.245789051 CEST | 80 | 49885 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:41.191051006 CEST | 80 | 49885 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:41.192085028 CEST | 80 | 49885 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:41.192148924 CEST | 49885 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:41.192276001 CEST | 49885 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:41.197151899 CEST | 80 | 49885 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:41.205389023 CEST | 49891 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:41.210236073 CEST | 80 | 49891 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:41.210310936 CEST | 49891 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:41.210547924 CEST | 49891 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:41.210547924 CEST | 49891 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:41.215491056 CEST | 80 | 49891 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:41.215502024 CEST | 80 | 49891 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:42.137079000 CEST | 80 | 49891 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:42.137543917 CEST | 80 | 49891 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:42.137608051 CEST | 49891 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:42.137662888 CEST | 49891 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:42.141005993 CEST | 49897 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:42.142462015 CEST | 80 | 49891 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:42.145883083 CEST | 80 | 49897 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:42.146378040 CEST | 49897 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:42.146612883 CEST | 49897 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:42.146632910 CEST | 49897 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:42.151587963 CEST | 80 | 49897 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:42.152621031 CEST | 80 | 49897 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:43.084280968 CEST | 80 | 49897 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:43.085601091 CEST | 80 | 49897 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:43.085741997 CEST | 49897 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:43.085741997 CEST | 49897 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:43.088990927 CEST | 49903 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:43.090658903 CEST | 80 | 49897 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:43.093935966 CEST | 80 | 49903 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:43.094247103 CEST | 49903 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:43.094247103 CEST | 49903 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:43.094276905 CEST | 49903 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:43.099175930 CEST | 80 | 49903 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:43.099256992 CEST | 80 | 49903 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:44.027868032 CEST | 80 | 49903 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:44.028537035 CEST | 80 | 49903 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:44.028779984 CEST | 49903 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:44.028779984 CEST | 49903 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:44.032675028 CEST | 49910 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:44.033884048 CEST | 80 | 49903 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:44.037662029 CEST | 80 | 49910 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:44.037738085 CEST | 49910 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:44.037916899 CEST | 49910 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:44.037940025 CEST | 49910 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:44.042890072 CEST | 80 | 49910 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:44.042901039 CEST | 80 | 49910 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:44.971501112 CEST | 80 | 49910 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:44.972651958 CEST | 80 | 49910 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:44.972760916 CEST | 49910 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:44.973345995 CEST | 49910 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:44.976273060 CEST | 49916 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:44.978383064 CEST | 80 | 49910 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:44.981369972 CEST | 80 | 49916 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:44.981478930 CEST | 49916 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:44.981661081 CEST | 49916 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:44.981683016 CEST | 49916 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:44.986996889 CEST | 80 | 49916 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:44.989341974 CEST | 80 | 49916 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:45.906971931 CEST | 80 | 49916 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:45.907615900 CEST | 80 | 49916 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:45.907705069 CEST | 49916 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:45.915400982 CEST | 49916 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:45.920272112 CEST | 80 | 49916 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:45.995304108 CEST | 49922 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:46.000938892 CEST | 80 | 49922 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:46.001060009 CEST | 49922 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:46.020895004 CEST | 49922 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:46.021135092 CEST | 49922 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:46.025818110 CEST | 80 | 49922 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:46.025979996 CEST | 80 | 49922 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:47.047126055 CEST | 80 | 49922 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:47.047144890 CEST | 80 | 49922 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:47.047276020 CEST | 49922 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:47.049721956 CEST | 49922 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:47.053872108 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:47.053911924 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:47.053973913 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:47.054445982 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:47.054455042 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:47.054640055 CEST | 80 | 49922 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:47.709902048 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:47.710026026 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:47.714416981 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:47.714441061 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:47.714812040 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:47.725377083 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:47.767416954 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:47.933795929 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:47.933828115 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:47.933975935 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:47.934005976 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:47.986707926 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.018661976 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.018672943 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.018739939 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.018790007 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.018798113 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.018841028 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.019932032 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.019941092 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.020003080 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.021042109 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.021126986 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.102281094 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.102339983 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.102360010 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.102380037 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.102422953 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.102441072 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.103187084 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.103254080 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.104007006 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.104078054 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.104857922 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.104913950 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.105701923 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.105767965 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.106625080 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.106692076 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.172045946 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.172247887 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.186723948 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.186889887 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.186901093 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.186929941 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.186964989 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.186981916 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.187449932 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.187547922 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.187596083 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.187653065 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.188433886 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.188518047 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.188949108 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.189017057 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.189220905 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.189280033 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.189945936 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.190011024 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.190105915 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.190185070 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.190905094 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.190979958 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.191128969 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.191195011 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.194632053 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.194806099 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.258354902 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.258407116 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.258656979 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.258656979 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.258691072 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.258742094 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.271572113 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.271712065 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.271822929 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.271883011 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.272119045 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.272180080 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.272531986 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.272589922 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.272914886 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.272979975 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.273463011 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.273521900 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.273786068 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.273845911 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.278590918 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.278698921 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.278876066 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.278939962 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.279304028 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.279361010 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.279521942 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.279578924 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.280143976 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.280205011 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.280276060 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.280323982 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.280486107 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.280535936 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.281296968 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.281359911 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.341084003 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.341238022 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.341312885 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.341372013 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.356251955 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.356385946 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.356389046 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.356415987 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.356441975 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.356465101 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.356492043 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.356548071 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.356827974 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.356889963 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.357220888 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.357281923 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.357741117 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.357790947 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.357805014 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.357812881 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.357846975 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.357867002 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.358326912 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.358390093 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.358859062 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.358906031 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.358922958 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.358932018 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.358942032 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.358963966 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.359258890 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.359318972 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.360099077 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.360171080 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.360179901 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.360191107 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.360217094 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.360295057 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.360315084 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.360404015 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.360404015 CEST | 49932 | 443 | 192.168.2.5 | 23.145.40.164 |
Oct 7, 2024 14:59:48.360413074 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.360419035 CEST | 443 | 49932 | 23.145.40.164 | 192.168.2.5 |
Oct 7, 2024 14:59:48.518884897 CEST | 49939 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:48.523782015 CEST | 80 | 49939 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:48.524025917 CEST | 49939 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:48.526978016 CEST | 49939 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:48.526978016 CEST | 49939 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:48.531954050 CEST | 80 | 49939 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:48.531991005 CEST | 80 | 49939 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:49.566504955 CEST | 80 | 49939 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:49.566754103 CEST | 80 | 49939 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:49.566919088 CEST | 49939 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:49.570991993 CEST | 49939 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:49.575896978 CEST | 80 | 49939 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:49.612998009 CEST | 49945 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:49.618232965 CEST | 80 | 49945 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:49.618329048 CEST | 49945 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:49.618535995 CEST | 49945 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:49.618563890 CEST | 49945 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:49.623442888 CEST | 80 | 49945 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:49.623462915 CEST | 80 | 49945 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:50.520540953 CEST | 80 | 49945 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:50.520911932 CEST | 80 | 49945 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:50.521037102 CEST | 49945 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:50.523257017 CEST | 49945 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:50.528084993 CEST | 80 | 49945 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:50.581671000 CEST | 49952 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:50.586545944 CEST | 80 | 49952 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:50.586639881 CEST | 49952 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:50.586827993 CEST | 49952 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:50.586843967 CEST | 49952 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:50.591581106 CEST | 80 | 49952 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:50.591725111 CEST | 80 | 49952 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:51.497476101 CEST | 80 | 49952 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:51.497715950 CEST | 80 | 49952 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:51.497852087 CEST | 49952 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:51.501153946 CEST | 49952 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:51.506160021 CEST | 80 | 49952 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:51.731144905 CEST | 49961 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:51.736006975 CEST | 80 | 49961 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:51.736076117 CEST | 49961 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:51.742364883 CEST | 49961 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:51.742364883 CEST | 49961 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:51.747198105 CEST | 80 | 49961 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:51.747272015 CEST | 80 | 49961 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:52.660981894 CEST | 80 | 49961 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:52.661012888 CEST | 80 | 49961 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:52.661202908 CEST | 49961 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:52.661628962 CEST | 49961 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:52.665477991 CEST | 49969 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:52.666726112 CEST | 80 | 49961 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:52.670473099 CEST | 80 | 49969 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:52.670562029 CEST | 49969 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:52.670686960 CEST | 49969 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:52.670716047 CEST | 49969 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:52.675795078 CEST | 80 | 49969 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:52.675806999 CEST | 80 | 49969 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:53.587590933 CEST | 80 | 49969 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:53.587910891 CEST | 80 | 49969 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:53.588010073 CEST | 49969 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:53.588083982 CEST | 49969 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:53.592294931 CEST | 49975 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:53.593743086 CEST | 80 | 49969 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:53.597141981 CEST | 80 | 49975 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:53.597224951 CEST | 49975 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:53.597395897 CEST | 49975 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:53.597424984 CEST | 49975 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:53.602199078 CEST | 80 | 49975 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:53.602535963 CEST | 80 | 49975 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:54.529414892 CEST | 80 | 49975 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:54.529547930 CEST | 80 | 49975 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:54.529609919 CEST | 49975 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:54.529687881 CEST | 49975 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:54.534491062 CEST | 80 | 49975 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:54.549278021 CEST | 49979 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:54.554236889 CEST | 80 | 49979 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:54.554312944 CEST | 49979 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:54.555557013 CEST | 49979 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:54.555573940 CEST | 49979 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:54.560501099 CEST | 80 | 49979 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:54.560559988 CEST | 80 | 49979 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:56.015954018 CEST | 80 | 49979 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:56.015968084 CEST | 80 | 49979 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:56.015975952 CEST | 80 | 49979 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:56.016052008 CEST | 80 | 49979 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:56.016097069 CEST | 49979 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:56.016097069 CEST | 49979 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:56.016319990 CEST | 49979 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:56.021714926 CEST | 49982 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:56.023566961 CEST | 80 | 49979 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:56.027512074 CEST | 80 | 49982 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:56.027602911 CEST | 49982 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:56.027776003 CEST | 49982 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:56.027798891 CEST | 49982 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:56.033699989 CEST | 80 | 49982 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:56.033711910 CEST | 80 | 49982 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:57.166579962 CEST | 80 | 49982 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:57.166593075 CEST | 80 | 49982 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:57.166656971 CEST | 80 | 49982 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:57.166666985 CEST | 49982 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:57.166701078 CEST | 49982 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:57.171534061 CEST | 49982 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:57.176419973 CEST | 80 | 49982 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:57.412803888 CEST | 49993 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:57.417597055 CEST | 80 | 49993 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:57.417695045 CEST | 49993 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:57.417840958 CEST | 49993 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:57.417864084 CEST | 49993 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:57.422610998 CEST | 80 | 49993 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:57.422787905 CEST | 80 | 49993 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:58.324579954 CEST | 80 | 49993 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:58.325282097 CEST | 80 | 49993 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:58.325335026 CEST | 49993 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:58.325596094 CEST | 49993 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:58.328505039 CEST | 49998 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:58.330368996 CEST | 80 | 49993 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:58.333615065 CEST | 80 | 49998 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:58.333700895 CEST | 49998 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:58.333836079 CEST | 49998 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:58.333861113 CEST | 49998 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:58.338604927 CEST | 80 | 49998 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:58.338720083 CEST | 80 | 49998 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:59.252855062 CEST | 80 | 49998 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:59.253218889 CEST | 80 | 49998 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 14:59:59.253273010 CEST | 49998 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:59.253319979 CEST | 49998 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 14:59:59.258091927 CEST | 80 | 49998 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:00:13.698848963 CEST | 50012 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:13.698899031 CEST | 443 | 50012 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:13.699114084 CEST | 50012 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:13.699405909 CEST | 50012 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:13.699417114 CEST | 443 | 50012 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:14.413928032 CEST | 443 | 50012 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:14.414031029 CEST | 50012 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:14.416014910 CEST | 50012 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:14.416021109 CEST | 443 | 50012 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:14.416286945 CEST | 443 | 50012 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:14.419682026 CEST | 50012 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:14.419708014 CEST | 50012 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:14.419749022 CEST | 443 | 50012 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:14.715512991 CEST | 443 | 50012 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:14.715607882 CEST | 443 | 50012 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:14.715747118 CEST | 50012 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:14.715857029 CEST | 50012 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:14.715866089 CEST | 443 | 50012 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:14.715909004 CEST | 50012 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:14.715914965 CEST | 443 | 50012 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:15.194875002 CEST | 50013 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:15.194906950 CEST | 443 | 50013 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:15.194987059 CEST | 50013 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:15.195791960 CEST | 50013 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:15.195805073 CEST | 443 | 50013 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:16.822340012 CEST | 443 | 50013 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:16.822432041 CEST | 50013 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:16.824158907 CEST | 50013 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:16.824172974 CEST | 443 | 50013 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:16.824430943 CEST | 443 | 50013 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:16.825196028 CEST | 50013 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:16.825223923 CEST | 50013 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:16.825277090 CEST | 443 | 50013 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:18.334794044 CEST | 443 | 50013 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:18.335084915 CEST | 50013 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:18.335131884 CEST | 50013 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:00:18.335252047 CEST | 443 | 50013 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:18.335374117 CEST | 443 | 50013 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:00:18.335458040 CEST | 50013 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:05.015407085 CEST | 50014 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:05.021200895 CEST | 80 | 50014 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:05.021356106 CEST | 50014 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:05.021487951 CEST | 50014 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:05.021508932 CEST | 50014 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:05.026261091 CEST | 80 | 50014 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:05.026338100 CEST | 80 | 50014 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:05.953011990 CEST | 80 | 50014 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:05.953033924 CEST | 80 | 50014 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:05.953099966 CEST | 50014 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:05.953299046 CEST | 50014 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:05.958043098 CEST | 80 | 50014 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:14.433609009 CEST | 50015 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:14.438883066 CEST | 80 | 50015 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:14.438973904 CEST | 50015 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:14.439160109 CEST | 50015 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:14.439188004 CEST | 50015 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:14.444154978 CEST | 80 | 50015 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:14.444180965 CEST | 80 | 50015 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:15.347242117 CEST | 80 | 50015 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:15.348380089 CEST | 80 | 50015 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:15.348447084 CEST | 50015 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:15.348495960 CEST | 50015 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:15.353316069 CEST | 80 | 50015 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:26.156435013 CEST | 50016 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:26.161427975 CEST | 80 | 50016 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:26.161508083 CEST | 50016 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:26.161711931 CEST | 50016 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:26.161739111 CEST | 50016 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:26.166595936 CEST | 80 | 50016 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:26.166609049 CEST | 80 | 50016 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:27.088217020 CEST | 80 | 50016 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:27.089489937 CEST | 80 | 50016 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:27.089586973 CEST | 50016 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:27.090198994 CEST | 50016 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:27.094984055 CEST | 80 | 50016 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:31.340430021 CEST | 50017 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:31.340480089 CEST | 443 | 50017 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:31.340554953 CEST | 50017 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:31.340982914 CEST | 50017 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:31.340997934 CEST | 443 | 50017 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:31.989257097 CEST | 443 | 50017 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:31.989346027 CEST | 50017 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:32.046084881 CEST | 50017 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:32.046119928 CEST | 443 | 50017 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:32.046511889 CEST | 443 | 50017 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:32.047738075 CEST | 50017 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:32.047759056 CEST | 50017 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:32.047765970 CEST | 443 | 50017 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:32.309032917 CEST | 443 | 50017 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:32.309122086 CEST | 443 | 50017 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:32.309243917 CEST | 50017 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:32.311312914 CEST | 50017 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:32.311333895 CEST | 443 | 50017 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:32.311348915 CEST | 50017 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:32.311355114 CEST | 443 | 50017 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:32.339948893 CEST | 50018 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:32.340001106 CEST | 443 | 50018 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:32.340073109 CEST | 50018 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:32.340393066 CEST | 50018 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:32.340409994 CEST | 443 | 50018 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:33.045044899 CEST | 443 | 50018 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:33.045144081 CEST | 50018 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:33.046456099 CEST | 50018 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:33.046463966 CEST | 443 | 50018 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:33.046710014 CEST | 443 | 50018 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:33.047821045 CEST | 50018 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:33.047875881 CEST | 50018 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:33.047879934 CEST | 443 | 50018 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:33.325364113 CEST | 443 | 50018 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:33.325716019 CEST | 50018 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:33.325716972 CEST | 50018 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:33.325875998 CEST | 443 | 50018 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:33.325911045 CEST | 443 | 50018 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:33.325939894 CEST | 50018 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:33.325965881 CEST | 50018 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:44.403997898 CEST | 50019 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:44.408998013 CEST | 80 | 50019 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:44.409090996 CEST | 50019 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:44.417134047 CEST | 50019 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:44.417171001 CEST | 50019 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:44.421916962 CEST | 80 | 50019 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:44.422120094 CEST | 80 | 50019 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:46.179423094 CEST | 80 | 50019 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:46.179444075 CEST | 80 | 50019 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:46.179544926 CEST | 50019 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:46.179680109 CEST | 80 | 50019 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:46.179713964 CEST | 50019 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:46.179781914 CEST | 50019 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:46.180727959 CEST | 80 | 50019 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:46.180798054 CEST | 50019 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:46.181176901 CEST | 80 | 50019 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:46.181220055 CEST | 50019 | 80 | 192.168.2.5 | 105.197.97.247 |
Oct 7, 2024 15:01:46.188357115 CEST | 80 | 50019 | 105.197.97.247 | 192.168.2.5 |
Oct 7, 2024 15:01:54.292563915 CEST | 50020 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:54.292601109 CEST | 443 | 50020 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:54.292701006 CEST | 50020 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:54.293205023 CEST | 50020 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:54.293215036 CEST | 443 | 50020 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:54.994376898 CEST | 443 | 50020 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:54.994525909 CEST | 50020 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:54.996342897 CEST | 50020 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:54.996362925 CEST | 443 | 50020 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:54.996635914 CEST | 443 | 50020 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:54.998280048 CEST | 50020 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:54.998280048 CEST | 50020 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:54.998356104 CEST | 443 | 50020 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:55.268094063 CEST | 443 | 50020 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:55.268189907 CEST | 443 | 50020 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:55.268484116 CEST | 50020 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:55.268484116 CEST | 50020 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:55.268484116 CEST | 50020 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:55.282983065 CEST | 50021 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:55.283027887 CEST | 443 | 50021 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:55.283128023 CEST | 50021 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:55.283466101 CEST | 50021 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:55.283478022 CEST | 443 | 50021 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:55.758223057 CEST | 50020 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:55.758233070 CEST | 443 | 50020 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:55.922323942 CEST | 443 | 50021 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:55.922533989 CEST | 50021 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:56.204224110 CEST | 50021 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:56.204247952 CEST | 443 | 50021 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:56.204587936 CEST | 443 | 50021 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:56.212061882 CEST | 50021 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:56.212061882 CEST | 50021 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:56.212075949 CEST | 443 | 50021 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:56.460171938 CEST | 443 | 50021 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:56.460396051 CEST | 50021 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:56.460542917 CEST | 443 | 50021 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:56.460553885 CEST | 50021 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:01:56.460602999 CEST | 443 | 50021 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:01:56.460648060 CEST | 50021 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:06.903160095 CEST | 50022 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:06.908070087 CEST | 80 | 50022 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:06.908157110 CEST | 50022 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:06.908350945 CEST | 50022 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:06.908404112 CEST | 50022 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:06.914069891 CEST | 80 | 50022 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:06.914134979 CEST | 80 | 50022 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:07.858335972 CEST | 80 | 50022 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:07.859997988 CEST | 80 | 50022 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:07.860198021 CEST | 50022 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:07.860198021 CEST | 50022 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:07.865235090 CEST | 80 | 50022 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:16.093089104 CEST | 50023 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:16.093158007 CEST | 443 | 50023 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:16.093223095 CEST | 50023 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:16.093559027 CEST | 50023 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:16.093584061 CEST | 443 | 50023 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:16.717792988 CEST | 443 | 50023 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:16.717869997 CEST | 50023 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:16.719166994 CEST | 50023 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:16.719197989 CEST | 443 | 50023 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:16.719466925 CEST | 443 | 50023 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:16.720180988 CEST | 50023 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:16.720215082 CEST | 50023 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:16.720228910 CEST | 443 | 50023 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:17.024153948 CEST | 443 | 50023 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:17.024265051 CEST | 443 | 50023 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:17.024349928 CEST | 50023 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:17.024466991 CEST | 50023 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:17.024492025 CEST | 443 | 50023 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:17.024516106 CEST | 50023 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:17.024523973 CEST | 443 | 50023 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:17.061141968 CEST | 50024 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:17.061194897 CEST | 443 | 50024 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:17.061279058 CEST | 50024 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:17.061609030 CEST | 50024 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:17.061621904 CEST | 443 | 50024 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:17.690265894 CEST | 443 | 50024 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:17.690362930 CEST | 50024 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:17.692949057 CEST | 50024 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:17.692964077 CEST | 443 | 50024 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:17.693279982 CEST | 443 | 50024 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:17.696377039 CEST | 50024 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:17.696403027 CEST | 50024 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:17.696471930 CEST | 443 | 50024 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:18.001768112 CEST | 443 | 50024 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:18.001867056 CEST | 443 | 50024 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:18.001970053 CEST | 50024 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:18.002043962 CEST | 50024 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:18.002060890 CEST | 443 | 50024 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:18.002074003 CEST | 50024 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:18.002079010 CEST | 443 | 50024 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:28.921040058 CEST | 50025 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:28.925982952 CEST | 80 | 50025 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:28.926074982 CEST | 50025 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:28.926256895 CEST | 50025 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:28.926287889 CEST | 50025 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:28.931164980 CEST | 80 | 50025 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:28.931340933 CEST | 80 | 50025 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:29.863377094 CEST | 80 | 50025 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:29.863687992 CEST | 80 | 50025 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:29.863734007 CEST | 50025 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:29.864065886 CEST | 50025 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:29.868839025 CEST | 80 | 50025 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:38.573918104 CEST | 50026 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:38.573961973 CEST | 443 | 50026 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:38.574057102 CEST | 50026 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:38.574450016 CEST | 50026 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:38.574469090 CEST | 443 | 50026 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:39.762859106 CEST | 443 | 50026 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:39.762986898 CEST | 50026 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:39.764388084 CEST | 50026 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:39.764408112 CEST | 443 | 50026 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:39.764704943 CEST | 443 | 50026 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:39.765578985 CEST | 50026 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:39.765629053 CEST | 50026 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:39.765636921 CEST | 443 | 50026 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:40.046683073 CEST | 443 | 50026 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:40.046945095 CEST | 50026 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:40.046992064 CEST | 50026 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:40.047135115 CEST | 443 | 50026 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:40.047185898 CEST | 443 | 50026 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:40.047199965 CEST | 50026 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:40.047245026 CEST | 50026 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:40.132939100 CEST | 50027 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:40.133037090 CEST | 443 | 50027 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:40.133132935 CEST | 50027 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:40.133444071 CEST | 50027 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:40.133475065 CEST | 443 | 50027 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:40.757666111 CEST | 443 | 50027 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:40.757751942 CEST | 50027 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:40.759046078 CEST | 50027 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:40.759076118 CEST | 443 | 50027 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:40.759371996 CEST | 443 | 50027 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:40.760067940 CEST | 50027 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:40.760117054 CEST | 50027 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:40.760126114 CEST | 443 | 50027 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:41.069097996 CEST | 443 | 50027 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:41.069179058 CEST | 443 | 50027 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:41.069281101 CEST | 50027 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:41.069408894 CEST | 50027 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:41.069457054 CEST | 443 | 50027 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:41.069489002 CEST | 50027 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:02:41.069505930 CEST | 443 | 50027 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:02:49.995513916 CEST | 50028 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:50.000469923 CEST | 80 | 50028 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:50.000559092 CEST | 50028 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:50.000724077 CEST | 50028 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:50.000741959 CEST | 50028 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:50.005556107 CEST | 80 | 50028 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:50.005572081 CEST | 80 | 50028 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:50.926397085 CEST | 80 | 50028 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:50.926558971 CEST | 80 | 50028 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:02:50.926728964 CEST | 50028 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:50.929590940 CEST | 50028 | 80 | 192.168.2.5 | 189.195.132.134 |
Oct 7, 2024 15:02:50.934519053 CEST | 80 | 50028 | 189.195.132.134 | 192.168.2.5 |
Oct 7, 2024 15:03:01.935972929 CEST | 50029 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:01.936017990 CEST | 443 | 50029 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:01.936088085 CEST | 50029 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:01.936686039 CEST | 50029 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:01.936702013 CEST | 443 | 50029 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:02.553555965 CEST | 443 | 50029 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:02.553684950 CEST | 50029 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:02.554976940 CEST | 50029 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:02.554987907 CEST | 443 | 50029 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:02.555284023 CEST | 443 | 50029 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:02.556086063 CEST | 50029 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:02.556116104 CEST | 50029 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:02.556121111 CEST | 443 | 50029 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:02.864384890 CEST | 443 | 50029 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:02.864458084 CEST | 443 | 50029 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:02.864510059 CEST | 50029 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:02.864561081 CEST | 50029 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:02.864576101 CEST | 443 | 50029 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:02.864590883 CEST | 50029 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:02.864597082 CEST | 443 | 50029 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:02.905472040 CEST | 50030 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:02.905515909 CEST | 443 | 50030 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:02.905594110 CEST | 50030 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:02.905965090 CEST | 50030 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:02.905980110 CEST | 443 | 50030 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:03.519984007 CEST | 443 | 50030 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:03.520106077 CEST | 50030 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:03.521672964 CEST | 50030 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:03.521682978 CEST | 443 | 50030 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:03.521944046 CEST | 443 | 50030 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:03.522764921 CEST | 50030 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:03.522803068 CEST | 50030 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:03.522806883 CEST | 443 | 50030 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:03.824243069 CEST | 443 | 50030 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:03.824323893 CEST | 443 | 50030 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:03.824378967 CEST | 50030 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:03.824424982 CEST | 50030 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:03.824445963 CEST | 443 | 50030 | 188.40.141.211 | 192.168.2.5 |
Oct 7, 2024 15:03:03.824461937 CEST | 50030 | 443 | 192.168.2.5 | 188.40.141.211 |
Oct 7, 2024 15:03:03.824471951 CEST | 443 | 50030 | 188.40.141.211 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 14:59:20.448164940 CEST | 56304 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 7, 2024 14:59:21.439896107 CEST | 56304 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 7, 2024 14:59:22.466022968 CEST | 56304 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 7, 2024 14:59:22.772443056 CEST | 53 | 56304 | 1.1.1.1 | 192.168.2.5 |
Oct 7, 2024 14:59:22.772464991 CEST | 53 | 56304 | 1.1.1.1 | 192.168.2.5 |
Oct 7, 2024 14:59:22.772475004 CEST | 53 | 56304 | 1.1.1.1 | 192.168.2.5 |
Oct 7, 2024 15:00:12.271975994 CEST | 56264 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 7, 2024 15:00:13.284019947 CEST | 56264 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 7, 2024 15:00:13.689789057 CEST | 53 | 56264 | 1.1.1.1 | 192.168.2.5 |
Oct 7, 2024 15:00:13.689802885 CEST | 53 | 56264 | 1.1.1.1 | 192.168.2.5 |
Oct 7, 2024 15:00:14.723191023 CEST | 64176 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 7, 2024 15:00:15.154860020 CEST | 53 | 64176 | 1.1.1.1 | 192.168.2.5 |
Oct 7, 2024 15:02:06.517864943 CEST | 64150 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 7, 2024 15:02:06.879978895 CEST | 53 | 64150 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 7, 2024 14:59:20.448164940 CEST | 192.168.2.5 | 1.1.1.1 | 0x53f4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 7, 2024 14:59:21.439896107 CEST | 192.168.2.5 | 1.1.1.1 | 0x53f4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 7, 2024 14:59:22.466022968 CEST | 192.168.2.5 | 1.1.1.1 | 0x53f4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 7, 2024 15:00:12.271975994 CEST | 192.168.2.5 | 1.1.1.1 | 0xb5b1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 7, 2024 15:00:13.284019947 CEST | 192.168.2.5 | 1.1.1.1 | 0xb5b1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 7, 2024 15:00:14.723191023 CEST | 192.168.2.5 | 1.1.1.1 | 0x7d20 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 7, 2024 15:02:06.517864943 CEST | 192.168.2.5 | 1.1.1.1 | 0x5189 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 7, 2024 14:59:22.772443056 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 105.197.97.247 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772443056 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 190.147.2.86 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772443056 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 119.204.11.2 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772443056 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 190.220.21.28 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772443056 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 186.123.165.48 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772443056 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 116.58.10.60 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772443056 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 185.12.79.25 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772443056 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 148.230.249.9 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772443056 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 93.118.137.82 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772443056 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 212.112.110.243 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772464991 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 105.197.97.247 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772464991 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 190.147.2.86 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772464991 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 119.204.11.2 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772464991 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 190.220.21.28 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772464991 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 186.123.165.48 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772464991 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 116.58.10.60 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772464991 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 185.12.79.25 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772464991 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 148.230.249.9 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772464991 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 93.118.137.82 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772464991 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 212.112.110.243 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772475004 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 105.197.97.247 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772475004 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 190.147.2.86 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772475004 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 119.204.11.2 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772475004 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 190.220.21.28 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772475004 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 186.123.165.48 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772475004 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 116.58.10.60 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772475004 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 185.12.79.25 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772475004 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 148.230.249.9 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772475004 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 93.118.137.82 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 14:59:22.772475004 CEST | 1.1.1.1 | 192.168.2.5 | 0x53f4 | No error (0) | 212.112.110.243 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 15:00:13.689789057 CEST | 1.1.1.1 | 192.168.2.5 | 0xb5b1 | No error (0) | 188.40.141.211 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 15:00:13.689802885 CEST | 1.1.1.1 | 192.168.2.5 | 0xb5b1 | No error (0) | 188.40.141.211 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 15:00:15.154860020 CEST | 1.1.1.1 | 192.168.2.5 | 0x7d20 | No error (0) | 188.40.141.211 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 15:02:06.879978895 CEST | 1.1.1.1 | 192.168.2.5 | 0x5189 | No error (0) | 189.195.132.134 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 15:02:06.879978895 CEST | 1.1.1.1 | 192.168.2.5 | 0x5189 | No error (0) | 201.229.130.162 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 15:02:06.879978895 CEST | 1.1.1.1 | 192.168.2.5 | 0x5189 | No error (0) | 190.147.128.172 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 15:02:06.879978895 CEST | 1.1.1.1 | 192.168.2.5 | 0x5189 | No error (0) | 190.249.249.14 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 15:02:06.879978895 CEST | 1.1.1.1 | 192.168.2.5 | 0x5189 | No error (0) | 201.212.52.197 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 15:02:06.879978895 CEST | 1.1.1.1 | 192.168.2.5 | 0x5189 | No error (0) | 211.168.53.110 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 15:02:06.879978895 CEST | 1.1.1.1 | 192.168.2.5 | 0x5189 | No error (0) | 177.129.90.106 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49770 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:23.357438087 CEST | 279 | OUT | |
Oct 7, 2024 14:59:23.357517004 CEST | 338 | OUT | |
Oct 7, 2024 14:59:24.450309992 CEST | 152 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49776 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:24.462007999 CEST | 283 | OUT | |
Oct 7, 2024 14:59:24.462030888 CEST | 350 | OUT | |
Oct 7, 2024 14:59:25.373585939 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49782 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:25.383702993 CEST | 278 | OUT | |
Oct 7, 2024 14:59:25.383718967 CEST | 174 | OUT | |
Oct 7, 2024 14:59:26.313987970 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49788 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:26.323055029 CEST | 278 | OUT | |
Oct 7, 2024 14:59:26.323072910 CEST | 142 | OUT | |
Oct 7, 2024 14:59:27.264467001 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49794 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:27.273969889 CEST | 283 | OUT | |
Oct 7, 2024 14:59:27.273998022 CEST | 259 | OUT | |
Oct 7, 2024 14:59:28.191555023 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49804 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:28.202608109 CEST | 283 | OUT | |
Oct 7, 2024 14:59:28.202627897 CEST | 169 | OUT | |
Oct 7, 2024 14:59:29.129834890 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49810 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:29.138952017 CEST | 278 | OUT | |
Oct 7, 2024 14:59:29.138984919 CEST | 178 | OUT | |
Oct 7, 2024 14:59:30.253298998 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49814 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:30.263648987 CEST | 278 | OUT | |
Oct 7, 2024 14:59:30.263648987 CEST | 149 | OUT | |
Oct 7, 2024 14:59:31.175985098 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49822 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:31.185761929 CEST | 279 | OUT | |
Oct 7, 2024 14:59:31.185786009 CEST | 196 | OUT | |
Oct 7, 2024 14:59:32.218347073 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 49831 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:32.228586912 CEST | 280 | OUT | |
Oct 7, 2024 14:59:32.228606939 CEST | 251 | OUT | |
Oct 7, 2024 14:59:33.173722982 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.5 | 49837 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:33.182248116 CEST | 282 | OUT | |
Oct 7, 2024 14:59:33.182384968 CEST | 186 | OUT | |
Oct 7, 2024 14:59:34.105287075 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.5 | 49844 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:34.116712093 CEST | 278 | OUT | |
Oct 7, 2024 14:59:34.116729021 CEST | 326 | OUT | |
Oct 7, 2024 14:59:35.044061899 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.5 | 49850 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:35.054987907 CEST | 281 | OUT | |
Oct 7, 2024 14:59:35.055008888 CEST | 305 | OUT | |
Oct 7, 2024 14:59:35.979567051 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.5 | 49856 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:36.406860113 CEST | 281 | OUT | |
Oct 7, 2024 14:59:36.406965017 CEST | 123 | OUT | |
Oct 7, 2024 14:59:37.312268972 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.5 | 49867 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:37.321669102 CEST | 283 | OUT | |
Oct 7, 2024 14:59:37.321669102 CEST | 247 | OUT | |
Oct 7, 2024 14:59:38.356266975 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.5 | 49868 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:38.365433931 CEST | 279 | OUT | |
Oct 7, 2024 14:59:38.365433931 CEST | 356 | OUT | |
Oct 7, 2024 14:59:39.268884897 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.5 | 49874 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:39.307909012 CEST | 280 | OUT | |
Oct 7, 2024 14:59:39.307909012 CEST | 219 | OUT | |
Oct 7, 2024 14:59:40.231791973 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.5 | 49885 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:40.240510941 CEST | 281 | OUT | |
Oct 7, 2024 14:59:40.240534067 CEST | 256 | OUT | |
Oct 7, 2024 14:59:41.191051006 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.5 | 49891 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:41.210547924 CEST | 280 | OUT | |
Oct 7, 2024 14:59:41.210547924 CEST | 120 | OUT | |
Oct 7, 2024 14:59:42.137079000 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.5 | 49897 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:42.146612883 CEST | 278 | OUT | |
Oct 7, 2024 14:59:42.146632910 CEST | 175 | OUT | |
Oct 7, 2024 14:59:43.084280968 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.5 | 49903 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:43.094247103 CEST | 278 | OUT | |
Oct 7, 2024 14:59:43.094276905 CEST | 200 | OUT | |
Oct 7, 2024 14:59:44.027868032 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.5 | 49910 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:44.037916899 CEST | 282 | OUT | |
Oct 7, 2024 14:59:44.037940025 CEST | 342 | OUT | |
Oct 7, 2024 14:59:44.971501112 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
22 | 192.168.2.5 | 49916 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:44.981661081 CEST | 283 | OUT | |
Oct 7, 2024 14:59:44.981683016 CEST | 223 | OUT | |
Oct 7, 2024 14:59:45.906971931 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
23 | 192.168.2.5 | 49922 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:46.020895004 CEST | 282 | OUT | |
Oct 7, 2024 14:59:46.021135092 CEST | 171 | OUT | |
Oct 7, 2024 14:59:47.047126055 CEST | 189 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
24 | 192.168.2.5 | 49939 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:48.526978016 CEST | 283 | OUT | |
Oct 7, 2024 14:59:48.526978016 CEST | 186 | OUT | |
Oct 7, 2024 14:59:49.566504955 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
25 | 192.168.2.5 | 49945 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:49.618535995 CEST | 278 | OUT | |
Oct 7, 2024 14:59:49.618563890 CEST | 347 | OUT | |
Oct 7, 2024 14:59:50.520540953 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
26 | 192.168.2.5 | 49952 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:50.586827993 CEST | 282 | OUT | |
Oct 7, 2024 14:59:50.586843967 CEST | 244 | OUT | |
Oct 7, 2024 14:59:51.497476101 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
27 | 192.168.2.5 | 49961 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:51.742364883 CEST | 280 | OUT | |
Oct 7, 2024 14:59:51.742364883 CEST | 169 | OUT | |
Oct 7, 2024 14:59:52.660981894 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
28 | 192.168.2.5 | 49969 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:52.670686960 CEST | 280 | OUT | |
Oct 7, 2024 14:59:52.670716047 CEST | 361 | OUT | |
Oct 7, 2024 14:59:53.587590933 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
29 | 192.168.2.5 | 49975 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:53.597395897 CEST | 283 | OUT | |
Oct 7, 2024 14:59:53.597424984 CEST | 114 | OUT | |
Oct 7, 2024 14:59:54.529414892 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
30 | 192.168.2.5 | 49979 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:54.555557013 CEST | 278 | OUT | |
Oct 7, 2024 14:59:54.555573940 CEST | 189 | OUT | |
Oct 7, 2024 14:59:56.015954018 CEST | 484 | IN | |
Oct 7, 2024 14:59:56.016052008 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
31 | 192.168.2.5 | 49982 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:56.027776003 CEST | 280 | OUT | |
Oct 7, 2024 14:59:56.027798891 CEST | 149 | OUT | |
Oct 7, 2024 14:59:57.166579962 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
32 | 192.168.2.5 | 49993 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:57.417840958 CEST | 280 | OUT | |
Oct 7, 2024 14:59:57.417864084 CEST | 230 | OUT | |
Oct 7, 2024 14:59:58.324579954 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
33 | 192.168.2.5 | 49998 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 14:59:58.333836079 CEST | 279 | OUT | |
Oct 7, 2024 14:59:58.333861113 CEST | 360 | OUT | |
Oct 7, 2024 14:59:59.252855062 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
34 | 192.168.2.5 | 50014 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 15:01:05.021487951 CEST | 282 | OUT | |
Oct 7, 2024 15:01:05.021508932 CEST | 249 | OUT | |
Oct 7, 2024 15:01:05.953011990 CEST | 151 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
35 | 192.168.2.5 | 50015 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 15:01:14.439160109 CEST | 280 | OUT | |
Oct 7, 2024 15:01:14.439188004 CEST | 205 | OUT | |
Oct 7, 2024 15:01:15.347242117 CEST | 151 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
36 | 192.168.2.5 | 50016 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 15:01:26.161711931 CEST | 282 | OUT | |
Oct 7, 2024 15:01:26.161739111 CEST | 346 | OUT | |
Oct 7, 2024 15:01:27.088217020 CEST | 151 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
37 | 192.168.2.5 | 50019 | 105.197.97.247 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 15:01:44.417134047 CEST | 281 | OUT | |
Oct 7, 2024 15:01:44.417171001 CEST | 238 | OUT | |
Oct 7, 2024 15:01:46.179423094 CEST | 151 | IN | |
Oct 7, 2024 15:01:46.180727959 CEST | 151 | IN | |
Oct 7, 2024 15:01:46.181176901 CEST | 151 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
38 | 192.168.2.5 | 50022 | 189.195.132.134 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 15:02:06.908350945 CEST | 283 | OUT | |
Oct 7, 2024 15:02:06.908404112 CEST | 339 | OUT | |
Oct 7, 2024 15:02:07.858335972 CEST | 151 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
39 | 192.168.2.5 | 50025 | 189.195.132.134 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 15:02:28.926256895 CEST | 278 | OUT | |
Oct 7, 2024 15:02:28.926287889 CEST | 132 | OUT | |
Oct 7, 2024 15:02:29.863377094 CEST | 151 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
40 | 192.168.2.5 | 50028 | 189.195.132.134 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 15:02:50.000724077 CEST | 282 | OUT | |
Oct 7, 2024 15:02:50.000741959 CEST | 348 | OUT | |
Oct 7, 2024 15:02:50.926397085 CEST | 151 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49932 | 23.145.40.164 | 443 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 12:59:47 UTC | 162 | OUT | |
2024-10-07 12:59:47 UTC | 327 | IN | |
2024-10-07 12:59:47 UTC | 7865 | IN | |
2024-10-07 12:59:48 UTC | 8000 | IN | |
2024-10-07 12:59:48 UTC | 8000 | IN | |
2024-10-07 12:59:48 UTC | 8000 | IN | |
2024-10-07 12:59:48 UTC | 8000 | IN | |
2024-10-07 12:59:48 UTC | 8000 | IN | |
2024-10-07 12:59:48 UTC | 8000 | IN | |
2024-10-07 12:59:48 UTC | 8000 | IN | |
2024-10-07 12:59:48 UTC | 8000 | IN | |
2024-10-07 12:59:48 UTC | 8000 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 50012 | 188.40.141.211 | 443 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 13:00:14 UTC | 289 | OUT | |
2024-10-07 13:00:14 UTC | 112 | OUT | |
2024-10-07 13:00:14 UTC | 163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 50013 | 188.40.141.211 | 443 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 13:00:16 UTC | 287 | OUT | |
2024-10-07 13:00:16 UTC | 176 | OUT | |
2024-10-07 13:00:18 UTC | 163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 50017 | 188.40.141.211 | 443 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 13:01:32 UTC | 290 | OUT | |
2024-10-07 13:01:32 UTC | 262 | OUT | |
2024-10-07 13:01:32 UTC | 163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 50018 | 188.40.141.211 | 443 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 13:01:33 UTC | 288 | OUT | |
2024-10-07 13:01:33 UTC | 251 | OUT | |
2024-10-07 13:01:33 UTC | 163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 50020 | 188.40.141.211 | 443 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 13:01:54 UTC | 290 | OUT | |
2024-10-07 13:01:54 UTC | 111 | OUT | |
2024-10-07 13:01:55 UTC | 163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 50021 | 188.40.141.211 | 443 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 13:01:56 UTC | 286 | OUT | |
2024-10-07 13:01:56 UTC | 267 | OUT | |
2024-10-07 13:01:56 UTC | 163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 50023 | 188.40.141.211 | 443 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 13:02:16 UTC | 285 | OUT | |
2024-10-07 13:02:16 UTC | 269 | OUT | |
2024-10-07 13:02:17 UTC | 163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 50024 | 188.40.141.211 | 443 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 13:02:17 UTC | 289 | OUT | |
2024-10-07 13:02:17 UTC | 175 | OUT | |
2024-10-07 13:02:17 UTC | 163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 50026 | 188.40.141.211 | 443 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 13:02:39 UTC | 287 | OUT | |
2024-10-07 13:02:39 UTC | 264 | OUT | |
2024-10-07 13:02:40 UTC | 163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.5 | 50027 | 188.40.141.211 | 443 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 13:02:40 UTC | 290 | OUT | |
2024-10-07 13:02:40 UTC | 278 | OUT | |
2024-10-07 13:02:41 UTC | 163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.5 | 50029 | 188.40.141.211 | 443 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 13:03:02 UTC | 286 | OUT | |
2024-10-07 13:03:02 UTC | 300 | OUT | |
2024-10-07 13:03:02 UTC | 163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.5 | 50030 | 188.40.141.211 | 443 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 13:03:03 UTC | 286 | OUT | |
2024-10-07 13:03:03 UTC | 270 | OUT | |
2024-10-07 13:03:03 UTC | 163 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:58:55 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\Desktop\BzLGqYKy7o.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 447'488 bytes |
MD5 hash: | D0D4805488E7E745515FFF2165D3CC05 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 08:59:01 |
Start date: | 07/10/2024 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff674740000 |
File size: | 5'141'208 bytes |
MD5 hash: | 662F4F92FDE3557E86D110526BB578D5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 08:59:20 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\AppData\Roaming\teihrdr |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 447'488 bytes |
MD5 hash: | D0D4805488E7E745515FFF2165D3CC05 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 08:59:47 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\AppData\Local\Temp\B9A0.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 445'952 bytes |
MD5 hash: | 0719C6940AABCC832DB40F7EE68A25DC |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 8 |
Start time: | 09:00:01 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\AppData\Roaming\teihrdr |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 447'488 bytes |
MD5 hash: | D0D4805488E7E745515FFF2165D3CC05 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 9 |
Start time: | 09:00:11 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\AppData\Roaming\jtihrdr |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 445'952 bytes |
MD5 hash: | 0719C6940AABCC832DB40F7EE68A25DC |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 7.9% |
Dynamic/Decrypted Code Coverage: | 42.6% |
Signature Coverage: | 43.4% |
Total number of Nodes: | 122 |
Total number of Limit Nodes: | 4 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005B01D0 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004E003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004E0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004018E6 Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401915 Relevance: 1.3, APIs: 1, Instructions: 59sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004018F1 Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401912 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005AFE8F Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401925 Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004E092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403277 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040324F Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403256 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403247 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005AFAAD Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040326C Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403290 Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004E0D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 7.8% |
Dynamic/Decrypted Code Coverage: | 42.6% |
Signature Coverage: | 0% |
Total number of Nodes: | 122 |
Total number of Limit Nodes: | 4 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0060003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0069F998 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00600E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004018E6 Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401915 Relevance: 1.3, APIs: 1, Instructions: 59sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004018F1 Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401912 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0069F657 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401925 Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 6.1% |
Dynamic/Decrypted Code Coverage: | 42.5% |
Signature Coverage: | 0% |
Total number of Nodes: | 113 |
Total number of Limit Nodes: | 4 |
Graph
Function 004014C4 Relevance: 10.8, APIs: 7, Instructions: 277COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01FA003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0059F525 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 01FA0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401991 Relevance: 1.3, APIs: 1, Instructions: 64sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004019A9 Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004019AF Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004019B8 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0059F1E4 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 7.9% |
Dynamic/Decrypted Code Coverage: | 42.6% |
Signature Coverage: | 0% |
Total number of Nodes: | 122 |
Total number of Limit Nodes: | 4 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0070003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00741518 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00700E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004018E6 Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401915 Relevance: 1.3, APIs: 1, Instructions: 59sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004018F1 Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401912 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007411D7 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401925 Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 6.2% |
Dynamic/Decrypted Code Coverage: | 42.5% |
Signature Coverage: | 0% |
Total number of Nodes: | 113 |
Total number of Limit Nodes: | 4 |
Graph
Function 004014C4 Relevance: 10.8, APIs: 7, Instructions: 277COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0058F34D Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00520E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401991 Relevance: 1.3, APIs: 1, Instructions: 64sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004019A9 Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004019AF Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004019B8 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0058F00C Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|