Windows
Analysis Report
3sfCdeA1H2.exe
Overview
General Information
Sample name: | 3sfCdeA1H2.exerenamed because original name is a hash value |
Original sample name: | 91be25f31b7891908a50dfdc9f03f2b4.exe |
Analysis ID: | 1533009 |
MD5: | 91be25f31b7891908a50dfdc9f03f2b4 |
SHA1: | 91db4bc09a4976db1b9922e09f2330b48ae50338 |
SHA256: | 422d2cea49b00fdc8b97b75b623006386426ec23637c53341e03d250e5ffe21b |
Tags: | exeStealcuser-abuse_ch |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 3sfCdeA1H2.exe (PID: 6248 cmdline:
"C:\Users\ user\Deskt op\3sfCdeA 1H2.exe" MD5: 91BE25F31B7891908A50DFDC9F03F2B4) - explorer.exe (PID: 2580 cmdline:
C:\Windows \Explorer. EXE MD5: 662F4F92FDE3557E86D110526BB578D5) - WerFault.exe (PID: 5828 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 2 580 -s 496 4 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- tttcvva (PID: 6364 cmdline:
C:\Users\u ser\AppDat a\Roaming\ tttcvva MD5: 91BE25F31B7891908A50DFDC9F03F2B4)
- explorer.exe (PID: 6160 cmdline:
explorer.e xe MD5: 662F4F92FDE3557E86D110526BB578D5)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
SmokeLoader | The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body. |
{"Version": 2022, "C2 list": ["http://nwgrus.ru/tmp/index.php", "http://tech-servers.in.net/tmp/index.php", "http://unicea.ws/tmp/index.php"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Windows_Trojan_Smokeloader_4e31426e | unknown | unknown |
| |
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Windows_Trojan_Smokeloader_4e31426e | unknown | unknown |
| |
Click to see the 7 entries |
System Summary |
---|
Source: | Author: Max Altgelt (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T10:02:39.243661+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:40.058060+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49737 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:40.996326+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49738 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:41.831307+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49739 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:42.639282+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49740 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:43.565248+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49741 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:44.373465+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49742 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:45.214089+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49743 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:46.041902+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49744 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:47.033837+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49745 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:47.853497+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49746 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:48.657828+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49747 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:49.462699+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49748 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:50.282988+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49749 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:51.090176+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49750 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:51.895964+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49751 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:52.778542+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49752 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:53.595039+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49753 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:54.432535+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49754 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:55.356666+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49755 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:56.161080+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49756 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:56.967830+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49757 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:57.802218+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49758 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:58.603169+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49759 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:59.501084+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49760 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:00.325141+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49761 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:01.241528+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49762 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:02.205412+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49763 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:03.013839+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49764 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:03.820532+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49765 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:04.823196+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49766 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:05.614746+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49767 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:06.417805+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49769 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:07.311724+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49770 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:08.128601+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 49772 | 109.175.29.39 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | Network Connect: | Jump to behavior |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00401514 | |
Source: | Code function: | 0_2_00402F97 | |
Source: | Code function: | 0_2_00401542 | |
Source: | Code function: | 0_2_00403247 | |
Source: | Code function: | 0_2_00401549 | |
Source: | Code function: | 0_2_0040324F | |
Source: | Code function: | 0_2_00403256 | |
Source: | Code function: | 0_2_00401557 | |
Source: | Code function: | 0_2_0040326C | |
Source: | Code function: | 0_2_00403277 | |
Source: | Code function: | 0_2_004014FE | |
Source: | Code function: | 0_2_00403290 | |
Source: | Code function: | 5_2_00401514 | |
Source: | Code function: | 5_2_00402F97 | |
Source: | Code function: | 5_2_00401542 | |
Source: | Code function: | 5_2_00403247 | |
Source: | Code function: | 5_2_00401549 | |
Source: | Code function: | 5_2_0040324F | |
Source: | Code function: | 5_2_00403256 | |
Source: | Code function: | 5_2_00401557 | |
Source: | Code function: | 5_2_0040326C | |
Source: | Code function: | 5_2_00403277 | |
Source: | Code function: | 5_2_004014FE | |
Source: | Code function: | 5_2_00403290 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_02CDFA88 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_004014E9 | |
Source: | Code function: | 0_2_004032AB | |
Source: | Code function: | 0_2_02C91550 | |
Source: | Code function: | 0_2_02CE34E3 | |
Source: | Code function: | 0_2_02CE18BB | |
Source: | Code function: | 0_2_02CE2382 | |
Source: | Code function: | 5_2_004014E9 | |
Source: | Code function: | 5_2_004032AB | |
Source: | Code function: | 5_2_02C6466B | |
Source: | Code function: | 5_2_02C62A43 | |
Source: | Code function: | 5_2_02C6350A | |
Source: | Code function: | 5_2_04771550 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File deleted: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: |
Source: | File opened / queried: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | System information queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_02C90D90 | |
Source: | Code function: | 0_2_02C9092B | |
Source: | Code function: | 0_2_02CDF365 | |
Source: | Code function: | 5_2_02C604ED | |
Source: | Code function: | 5_2_0477092B | |
Source: | Code function: | 5_2_04770D90 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File created: | Jump to dropped file |
Source: | Network Connect: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00417090 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | 1 DLL Side-Loading | 32 Process Injection | 11 Masquerading | OS Credential Dumping | 521 Security Software Discovery | Remote Services | Data from Local System | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 23 Virtualization/Sandbox Evasion | LSASS Memory | 23 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 32 Process Injection | Security Account Manager | 3 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Hidden Files and Directories | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 12 Software Packing | Cached Domain Credentials | 13 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 File Deletion | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | |||
38% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
42% | ReversingLabs | |||
38% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
17% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
nwgrus.ru | 109.175.29.39 | true | true |
| unknown |
api.msn.com | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
109.175.29.39 | nwgrus.ru | Bosnia and Herzegowina | 9146 | BIHNETBIHNETAutonomusSystemBA | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1533009 |
Start date and time: | 2024-10-14 10:01:16 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 45s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 3sfCdeA1H2.exerenamed because original name is a hash value |
Original Sample Name: | 91be25f31b7891908a50dfdc9f03f2b4.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@4/9@4/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, SearchApp.exe, WerFault.exe, ShellExperienceHost.exe, WMIADAP.exe, conhost.exe, svchost.exe, StartMenuExperienceHost.exe, mobsync.exe
- Excluded IPs from analysis (whitelisted): 204.79.197.203, 184.28.90.27, 2.23.209.168, 2.23.209.179, 2.23.209.175, 2.23.209.167, 2.23.209.173, 2.23.209.171, 2.23.209.176, 2.23.209.178, 2.23.209.177, 2.23.209.150, 2.23.209.142, 2.23.209.149, 2.23.209.140, 2.23.209.143, 2.23.209.144, 2.23.209.153, 2.23.209.141, 2.23.209.135
- Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, r.bing.com.edgekey.net, a-0003.a-msedge.net, ctldl.windowsupdate.com, p-static.bing.trafficmanager.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, login.live.com, e16604.g.akamaiedge.net, r.bing.com, prod.fs.microsoft.com.akadns.net, api-msn-com.a-0003.a-msedge.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtEnumerateValueKey calls found.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
Time | Type | Description |
---|---|---|
04:02:36 | API Interceptor | |
09:02:36 | Task Scheduler |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
109.175.29.39 | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, SmokeLoader | Browse |
| ||
Get hash | malicious | Babuk, Djvu | Browse |
| ||
Get hash | malicious | Babuk, Djvu | Browse |
| ||
Get hash | malicious | LummaC, CryptOne, LummaC Stealer, SmokeLoader, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Djvu, PrivateLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
nwgrus.ru | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
BIHNETBIHNETAutonomusSystemBA | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | CryptOne, SmokeLoader, Stealc, Vidar | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Explorer.EXE_fe8167436d6db6c6d2c4bed5d6f2d2c06e142845_f78a65ed_33b02981-0a51-457e-a865-9a43db5b7119\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 2.3033525586087413 |
Encrypted: | false |
SSDEEP: | 384:EyC1L+7yzjAWMo+hiRichk8zuiFRY4lO8k:Ey8+7yzj0o4QBhk8zuiFRY4lO8 |
MD5: | 528C33206235BF0975BB80AE0AA1681E |
SHA1: | C97FFC62E26E31CFF3B68369370203120B3F78C3 |
SHA-256: | 839869FF49D5332955AC503D4A24C42530CC1D329AE7FB0E4918F5CD07573E95 |
SHA-512: | 576AD5C28A0B8344223A4E8B8249F47927D1B3DED9D3665B37D777F1A670588FFEEA5D09D615D417280DEAD276E0529695D1854D8D6BCF01CA56A51FFE1E9C34 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1037438 |
Entropy (8bit): | 1.3824087536722143 |
Encrypted: | false |
SSDEEP: | 1536:U2wcgwElAsQU/h3iQCaYbwTrrtqrHSjZXhe0jsrr09AA0z:U2wcgpasQU5lYbwHIrHSNRyss |
MD5: | 2E5D06104DC17C0DC2DAED64D6EFC010 |
SHA1: | D39481A33C7D8A1B4AA850222466B1CCA563FC9B |
SHA-256: | 48E9C226198F00EEB3C95D18878B23D309978866E4A81F70EA5D4E380C44FBDE |
SHA-512: | 908C0B64A51A67DD0672E800085F95DFA20F3E90DBD087AA3CF1CB8DEB222B33D1D4E8B0E71DBA41BB49C4E475C264BC2A3DF4F1FA322018568A1DC53BCFB8C3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10850 |
Entropy (8bit): | 3.6981518541042036 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJdfUc6YX8TIgmfqzVoprq89bsytimPPFfPEm:R6lXJlUc6YsTIgmfqzVGsoimPPFf5 |
MD5: | 433516E8E46D655F49161C493281F13E |
SHA1: | 1020BF0C3038A25534B2060776D03100E2F77E27 |
SHA-256: | EBE8BB0D63D4DA1635EEEF0B4251016CF39571F1D840F6A5ADD7539FF37C0C68 |
SHA-512: | 385C005504DFF7DE74DFCE39FB9413C57B0A177DE63C93F5C3FFA1378267E7C587B3DB659D209A4B3C1906E8AD48DF76C4B87A534CB6E1ECDCF20E1418E77A61 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4724 |
Entropy (8bit): | 4.462573756837234 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs5Jg771I9mRWpW8VYeYm8M4JYmFcxiyq85cZb9Q3jd:uIjfLI7ZA7VGJ04Dba3jd |
MD5: | 20276AD4AF30732E28E826EA939807C3 |
SHA1: | 35F839B1C266DA90C8012D63184DDCF44983B5BC |
SHA-256: | 4C9F216C81A2170A8A1B6B784A238809CBB65ECAE10FE24A13A26B188BC0021A |
SHA-512: | D0C183F55A1DEF9CFFABDE29EDECF689F4B8A7C350710717890A6A0C78CEB6E1C1861C5BBCF41EA08E6B265F00E40ABAA6D6469F9E61F97EF66EDAEE2730788D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002d.db
Download File
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 108216 |
Entropy (8bit): | 4.005657858968619 |
Encrypted: | false |
SSDEEP: | 768:h7F9oInjxkCGxzOPajk0+ACWHpfnzbNyLYduJxP7pxoZsR1v9nvnFOOmdypfR3YU:fdkVzTrJvzgxhGiwGGnS5mFwiKui9l+a |
MD5: | 6D2F6F99D48B83155842E1CEC3F994C8 |
SHA1: | 964230E8E72EA4C61AD95584B51A4BF7CC410FE6 |
SHA-256: | 06F09810929E97A0ED27294670A0671A9CABD5E8E3B2BC10B938DA10D7804E08 |
SHA-512: | C564FFB74CE3D4A2BD8E16003D9538DF6C5DB59EE98737C51D33912A3DBDDE5A239727619D2CD88B720B39A2D1533845C571B3354BF6156926B55B88994296F5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002e.db
Download File
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 108216 |
Entropy (8bit): | 4.006497453778269 |
Encrypted: | false |
SSDEEP: | 768:JaF9oZnjxk5GCzOPajk0+ACWHpfnz3N9LYduJxP7pxoZsR1v9sa8FOOmdypfR3YV:DdkzzTrJvz0YhGiwGGnn6mFkiKSiDl+a |
MD5: | C7924E891E0A9CF96CE20C115FD235D5 |
SHA1: | F17E697C1F605224D8AF18E82A79F90A56580998 |
SHA-256: | B2848EFB802A716D521EF52B431EE2942978E60E012399CF5A9E9AA1F13D37AB |
SHA-512: | B0D0E01C63181909D044EE1A07FAC32066E45E396B6434F95852E885D4F2ABF8BDD247BFD895C1071B7F17E02D79482A10A973CA5060AA57460665F5F1030E60 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 750 |
Entropy (8bit): | 5.170609118186295 |
Encrypted: | false |
SSDEEP: | 12:YWgc2XCYAH+a+r8LsmwUaH+2yrZMAdrKC8K/y8kEhq1HLxycXNNZ/TCB893c3Z:Yzc2oH2rUaHt0drc6hE14 |
MD5: | 1A171512171521F2562921DD1C63E2A3 |
SHA1: | EE912010557ACEF76F944EE54B3B8AB02803CBAB |
SHA-256: | B1400CC813D647D477607836A4AA62D384914AF364530FFEF09F0A3ED512DFA7 |
SHA-512: | BC5A65A19203D7257F439D699F2562EB0AEA429C34D5A8613B762DC179AF0FEF499BADB1035C1AF75B04FF98FB092F988E18E904492F1538BC3D7E275B2C505B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 265728 |
Entropy (8bit): | 5.865289236213907 |
Encrypted: | false |
SSDEEP: | 3072:7jbcVSAwzdpaK6AQcrI+t5wCyxF9Davc5oUCIqzpjAqMi:PbcgeKJ8/4c5oVIqzpjAqh |
MD5: | 91BE25F31B7891908A50DFDC9F03F2B4 |
SHA1: | 91DB4BC09A4976DB1B9922E09F2330B48AE50338 |
SHA-256: | 422D2CEA49B00FDC8B97B75B623006386426EC23637C53341E03D250E5FFE21B |
SHA-512: | 39F10CDAD12C1857378DBB262C2D124450F03DE19109F5012472D14CDBA2C1B609D16A33F136BE3175699B6747F96F4053E34072B21E4F1C8E30035B4A02E1B9 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 5.865289236213907 |
TrID: |
|
File name: | 3sfCdeA1H2.exe |
File size: | 265'728 bytes |
MD5: | 91be25f31b7891908a50dfdc9f03f2b4 |
SHA1: | 91db4bc09a4976db1b9922e09f2330b48ae50338 |
SHA256: | 422d2cea49b00fdc8b97b75b623006386426ec23637c53341e03d250e5ffe21b |
SHA512: | 39f10cdad12c1857378dbb262c2d124450f03de19109f5012472d14cdba2c1b609d16a33f136be3175699b6747f96f4053e34072b21e4f1c8e30035b4a02e1b9 |
SSDEEP: | 3072:7jbcVSAwzdpaK6AQcrI+t5wCyxF9Davc5oUCIqzpjAqMi:PbcgeKJ8/4c5oVIqzpjAqh |
TLSH: | EC44088162F16C13EFB64B325E39D994363FBCA25E7572DFA100762F187B1A0A513B12 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................U.c.......q.......`.......v......E........................a.......d.....Rich....................PE..L....).f... |
Icon Hash: | 17694cb2b24d2117 |
Entrypoint: | 0x401a22 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x661F299C [Wed Apr 17 01:45:00 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 26a7df6d78a90bac0a71dda0842d4e4f |
Instruction |
---|
call 00007F74D4FDE312h |
jmp 00007F74D4FDAB8Dh |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 00000328h |
mov dword ptr [0041C650h], eax |
mov dword ptr [0041C64Ch], ecx |
mov dword ptr [0041C648h], edx |
mov dword ptr [0041C644h], ebx |
mov dword ptr [0041C640h], esi |
mov dword ptr [0041C63Ch], edi |
mov word ptr [0041C668h], ss |
mov word ptr [0041C65Ch], cs |
mov word ptr [0041C638h], ds |
mov word ptr [0041C634h], es |
mov word ptr [0041C630h], fs |
mov word ptr [0041C62Ch], gs |
pushfd |
pop dword ptr [0041C660h] |
mov eax, dword ptr [ebp+00h] |
mov dword ptr [0041C654h], eax |
mov eax, dword ptr [ebp+04h] |
mov dword ptr [0041C658h], eax |
lea eax, dword ptr [ebp+08h] |
mov dword ptr [0041C664h], eax |
mov eax, dword ptr [ebp-00000320h] |
mov dword ptr [0041C5A0h], 00010001h |
mov eax, dword ptr [0041C658h] |
mov dword ptr [0041C554h], eax |
mov dword ptr [0041C548h], C0000409h |
mov dword ptr [0041C54Ch], 00000001h |
mov eax, dword ptr [0041B008h] |
mov dword ptr [ebp-00000328h], eax |
mov eax, dword ptr [0041B00Ch] |
mov dword ptr [ebp-00000324h], eax |
call dword ptr [000000D8h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x199ec | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2723000 | 0x22dd0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x18000 | 0x19c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1646f | 0x16600 | 8e1df092712797f4ed2c63781970f1a9 | False | 0.8006394029329609 | data | 7.485220555336947 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x18000 | 0x2346 | 0x2400 | 1441f6878108ae7a1e880f66e9300026 | False | 0.3709852430555556 | data | 5.430377870583949 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x1b000 | 0x270121c | 0x1600 | 9b1eaffe006746dc9f65246d77e8674e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.dasu | 0x271d000 | 0x4400 | 0x3800 | b211778b80f6d441b6cf61ada776fc6d | False | 0.0025809151785714285 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.dedileg | 0x2722000 | 0x400 | 0x400 | 0f343b0931126a20f133d67c2b018a3b | False | 0.0166015625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x2723000 | 0x22dd0 | 0x22e00 | a52944790072aafd6cb9097c3faac98d | False | 0.3802503360215054 | data | 4.842357757725682 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x273b678 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.7368421052631579 | ||
RT_CURSOR | 0x273b7a8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.06130705394190871 | ||
RT_CURSOR | 0x273dd78 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.7368421052631579 | ||
RT_CURSOR | 0x273dea8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.06130705394190871 | ||
RT_ICON | 0x2723b50 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Turkish | Turkey | 0.5674307036247335 |
RT_ICON | 0x27249f8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Turkish | Turkey | 0.6376353790613718 |
RT_ICON | 0x27252a0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Turkish | Turkey | 0.6849078341013825 |
RT_ICON | 0x2725968 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Turkish | Turkey | 0.7456647398843931 |
RT_ICON | 0x2725ed0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | Turkish | Turkey | 0.512863070539419 |
RT_ICON | 0x2728478 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Turkish | Turkey | 0.6137429643527205 |
RT_ICON | 0x2729520 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | Turkish | Turkey | 0.6163934426229508 |
RT_ICON | 0x2729ea8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | Turkish | Turkey | 0.7553191489361702 |
RT_ICON | 0x272a388 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Turkish | Turkey | 0.3997867803837953 |
RT_ICON | 0x272b230 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Turkish | Turkey | 0.5036101083032491 |
RT_ICON | 0x272bad8 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Turkish | Turkey | 0.5264976958525346 |
RT_ICON | 0x272c1a0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Turkish | Turkey | 0.5484104046242775 |
RT_ICON | 0x272c708 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Turkish | Turkey | 0.35549792531120333 |
RT_ICON | 0x272ecb0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Turkish | Turkey | 0.38133208255159473 |
RT_ICON | 0x272fd58 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Turkish | Turkey | 0.4069672131147541 |
RT_ICON | 0x27306e0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Turkish | Turkey | 0.42109929078014185 |
RT_ICON | 0x2730bc0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Turkish | Turkey | 0.39285714285714285 |
RT_ICON | 0x2731a68 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Turkish | Turkey | 0.5537003610108303 |
RT_ICON | 0x2732310 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Turkish | Turkey | 0.6226958525345622 |
RT_ICON | 0x27329d8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Turkish | Turkey | 0.6372832369942196 |
RT_ICON | 0x2732f40 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Turkish | Turkey | 0.425422138836773 |
RT_ICON | 0x2733fe8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Turkish | Turkey | 0.4209016393442623 |
RT_ICON | 0x2734970 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Turkish | Turkey | 0.46187943262411346 |
RT_ICON | 0x2734e40 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Turkish | Turkey | 0.279317697228145 |
RT_ICON | 0x2735ce8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Turkish | Turkey | 0.3664259927797834 |
RT_ICON | 0x2736590 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Turkish | Turkey | 0.3773041474654378 |
RT_ICON | 0x2736c58 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Turkish | Turkey | 0.3764450867052023 |
RT_ICON | 0x27371c0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Turkish | Turkey | 0.2587136929460581 |
RT_ICON | 0x2739768 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Turkish | Turkey | 0.27345215759849906 |
RT_ICON | 0x273a810 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Turkish | Turkey | 0.28852459016393445 |
RT_ICON | 0x273b198 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Turkish | Turkey | 0.32180851063829785 |
RT_STRING | 0x2740630 | 0xaa | data | 0.5588235294117647 | ||
RT_STRING | 0x27406e0 | 0x600 | data | 0.4361979166666667 | ||
RT_STRING | 0x2740ce0 | 0x460 | data | 0.45 | ||
RT_STRING | 0x2741140 | 0x64a | data | 0.4360248447204969 | ||
RT_STRING | 0x2741790 | 0x7b4 | data | 0.417342799188641 | ||
RT_STRING | 0x2741f48 | 0x6d0 | data | 0.4294724770642202 | ||
RT_STRING | 0x2742618 | 0x76c | data | 0.42526315789473684 | ||
RT_STRING | 0x2742d88 | 0x606 | data | 0.4455252918287938 | ||
RT_STRING | 0x2743390 | 0x7c2 | data | 0.42245720040281975 | ||
RT_STRING | 0x2743b58 | 0x810 | data | 0.42102713178294576 | ||
RT_STRING | 0x2744368 | 0x584 | data | 0.4461756373937677 | ||
RT_STRING | 0x27448f0 | 0x74c | data | 0.4234475374732334 | ||
RT_STRING | 0x2745040 | 0x710 | data | 0.4303097345132743 | ||
RT_STRING | 0x2745750 | 0x5f6 | data | 0.4325032765399738 | ||
RT_STRING | 0x2745d48 | 0x88 | data | 0.625 | ||
RT_GROUP_CURSOR | 0x273dd50 | 0x22 | data | 1.0588235294117647 | ||
RT_GROUP_CURSOR | 0x2740450 | 0x22 | data | 1.088235294117647 | ||
RT_GROUP_ICON | 0x2730b48 | 0x76 | data | Turkish | Turkey | 0.6694915254237288 |
RT_GROUP_ICON | 0x273b600 | 0x76 | data | Turkish | Turkey | 0.6694915254237288 |
RT_GROUP_ICON | 0x272a310 | 0x76 | data | Turkish | Turkey | 0.6610169491525424 |
RT_GROUP_ICON | 0x2734dd8 | 0x68 | data | Turkish | Turkey | 0.7211538461538461 |
RT_VERSION | 0x2740478 | 0x1b4 | data | 0.5756880733944955 |
DLL | Import |
---|---|
KERNEL32.dll | ReadConsoleA, InterlockedDecrement, GlobalSize, SetDefaultCommConfigW, QueryDosDeviceA, GetComputerNameW, SetEvent, GetNumaAvailableMemoryNode, FreeEnvironmentStringsA, GetModuleHandleW, GetConsoleAliasesLengthA, SetCommState, GetConsoleWindow, ReadConsoleOutputW, GetVersionExW, GetStringTypeExW, HeapDestroy, GetFileAttributesW, GetConsoleFontSize, OpenJobObjectA, WritePrivateProfileStringW, DisconnectNamedPipe, LCMapStringA, GetLastError, GetProcAddress, SetStdHandle, LoadLibraryA, InterlockedExchangeAdd, LocalAlloc, MoveFileA, GetModuleFileNameA, BuildCommDCBA, FatalAppExitA, GetShortPathNameW, SetCalendarInfoA, FindAtomW, OpenFileMappingA, GetNumaProcessorNode, DeleteVolumeMountPointA, SearchPathW, HeapAlloc, MultiByteToWideChar, Sleep, ExitProcess, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapFree, VirtualFree, VirtualAlloc, HeapReAlloc, HeapCreate, WriteFile, GetStdHandle, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, RtlUnwind, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetFilePointer, GetConsoleCP, GetConsoleMode, FlushFileBuffers, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CloseHandle, CreateFileA |
GDI32.dll | GetBoundsRect |
ADVAPI32.dll | ClearEventLogW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Turkish | Turkey |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T10:02:39.243661+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49736 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:40.058060+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49737 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:40.996326+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49738 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:41.831307+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49739 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:42.639282+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49740 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:43.565248+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49741 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:44.373465+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49742 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:45.214089+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49743 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:46.041902+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49744 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:47.033837+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49745 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:47.853497+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49746 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:48.657828+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49747 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:49.462699+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49748 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:50.282988+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49749 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:51.090176+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49750 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:51.895964+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49751 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:52.778542+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49752 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:53.595039+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49753 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:54.432535+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49754 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:55.356666+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49755 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:56.161080+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49756 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:56.967830+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49757 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:57.802218+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49758 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:58.603169+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49759 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:02:59.501084+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49760 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:00.325141+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49761 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:01.241528+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49762 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:02.205412+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49763 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:03.013839+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49764 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:03.820532+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49765 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:04.823196+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49766 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:05.614746+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49767 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:06.417805+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49769 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:07.311724+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49770 | 109.175.29.39 | 80 | TCP |
2024-10-14T10:03:08.128601+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 49772 | 109.175.29.39 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2024 10:02:38.448226929 CEST | 49736 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:38.453684092 CEST | 80 | 49736 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:38.453769922 CEST | 49736 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:38.453902006 CEST | 49736 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:38.453923941 CEST | 49736 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:38.458955050 CEST | 80 | 49736 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:38.458993912 CEST | 80 | 49736 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:39.243119955 CEST | 80 | 49736 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:39.243606091 CEST | 80 | 49736 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:39.243660927 CEST | 49736 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:39.244494915 CEST | 49736 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:39.247066975 CEST | 49737 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:39.249277115 CEST | 80 | 49736 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:39.252232075 CEST | 80 | 49737 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:39.252372026 CEST | 49737 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:39.252496958 CEST | 49737 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:39.252541065 CEST | 49737 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:39.257407904 CEST | 80 | 49737 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:39.257464886 CEST | 80 | 49737 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:40.057665110 CEST | 80 | 49737 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:40.057750940 CEST | 80 | 49737 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:40.058059931 CEST | 49737 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:40.058166027 CEST | 49737 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:40.060461044 CEST | 49738 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:40.063155890 CEST | 80 | 49737 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:40.065314054 CEST | 80 | 49738 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:40.065385103 CEST | 49738 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:40.065501928 CEST | 49738 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:40.065593004 CEST | 49738 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:40.070281029 CEST | 80 | 49738 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:40.070472956 CEST | 80 | 49738 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:40.996191025 CEST | 80 | 49738 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:40.996238947 CEST | 80 | 49738 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:40.996325970 CEST | 49738 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:41.000817060 CEST | 49738 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:41.006038904 CEST | 80 | 49738 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:41.031969070 CEST | 49739 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:41.037185907 CEST | 80 | 49739 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:41.037493944 CEST | 49739 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:41.037493944 CEST | 49739 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:41.037493944 CEST | 49739 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:41.042339087 CEST | 80 | 49739 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:41.042542934 CEST | 80 | 49739 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:41.830756903 CEST | 80 | 49739 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:41.831177950 CEST | 80 | 49739 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:41.831306934 CEST | 49739 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:41.831306934 CEST | 49739 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:41.833592892 CEST | 49740 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:41.836582899 CEST | 80 | 49739 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:41.838510990 CEST | 80 | 49740 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:41.838607073 CEST | 49740 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:41.838699102 CEST | 49740 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:41.838699102 CEST | 49740 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:41.843863964 CEST | 80 | 49740 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:41.843905926 CEST | 80 | 49740 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:42.637752056 CEST | 80 | 49740 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:42.639051914 CEST | 80 | 49740 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:42.639281988 CEST | 49740 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:42.639281988 CEST | 49740 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:42.642024040 CEST | 49741 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:42.644653082 CEST | 80 | 49740 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:42.647506952 CEST | 80 | 49741 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:42.647579908 CEST | 49741 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:42.647681952 CEST | 49741 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:42.647697926 CEST | 49741 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:42.652764082 CEST | 80 | 49741 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:42.652795076 CEST | 80 | 49741 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:43.564790964 CEST | 80 | 49741 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:43.564973116 CEST | 80 | 49741 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:43.565248013 CEST | 49741 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:43.568638086 CEST | 49741 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:43.574096918 CEST | 80 | 49741 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:43.580332041 CEST | 49742 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:43.585764885 CEST | 80 | 49742 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:43.585872889 CEST | 49742 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:43.586003065 CEST | 49742 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:43.586028099 CEST | 49742 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:43.591243029 CEST | 80 | 49742 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:43.591281891 CEST | 80 | 49742 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:44.373192072 CEST | 80 | 49742 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:44.373238087 CEST | 80 | 49742 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:44.373465061 CEST | 49742 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:44.373630047 CEST | 49742 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:44.378771067 CEST | 80 | 49742 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:44.378794909 CEST | 49743 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:44.384133101 CEST | 80 | 49743 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:44.384390116 CEST | 49743 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:44.384479046 CEST | 49743 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:44.384479046 CEST | 49743 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:44.389827967 CEST | 80 | 49743 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:44.389870882 CEST | 80 | 49743 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:45.213128090 CEST | 80 | 49743 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:45.213996887 CEST | 80 | 49743 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:45.214088917 CEST | 49743 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:45.214175940 CEST | 49743 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:45.217801094 CEST | 49744 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:45.219115973 CEST | 80 | 49743 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:45.222758055 CEST | 80 | 49744 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:45.222843885 CEST | 49744 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:45.222959995 CEST | 49744 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:45.222994089 CEST | 49744 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:45.227775097 CEST | 80 | 49744 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:45.227946043 CEST | 80 | 49744 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:46.040815115 CEST | 80 | 49744 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:46.041796923 CEST | 80 | 49744 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:46.041902065 CEST | 49744 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:46.093352079 CEST | 49744 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:46.098289967 CEST | 80 | 49744 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:46.112363100 CEST | 49745 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:46.117500067 CEST | 80 | 49745 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:46.117583036 CEST | 49745 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:46.120929956 CEST | 49745 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:46.120958090 CEST | 49745 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:46.126019955 CEST | 80 | 49745 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:46.126077890 CEST | 80 | 49745 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:47.032917976 CEST | 80 | 49745 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:47.033529997 CEST | 80 | 49745 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:47.033837080 CEST | 49745 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:47.034369946 CEST | 49745 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:47.039154053 CEST | 80 | 49745 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:47.041243076 CEST | 49746 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:47.046165943 CEST | 80 | 49746 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:47.046246052 CEST | 49746 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:47.046334982 CEST | 49746 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:47.046350002 CEST | 49746 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:47.051202059 CEST | 80 | 49746 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:47.051282883 CEST | 80 | 49746 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:47.852401018 CEST | 80 | 49746 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:47.853426933 CEST | 80 | 49746 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:47.853497028 CEST | 49746 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:47.853559971 CEST | 49746 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:47.856220961 CEST | 49747 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:47.858429909 CEST | 80 | 49746 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:47.861282110 CEST | 80 | 49747 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:47.861371040 CEST | 49747 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:47.861527920 CEST | 49747 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:47.861558914 CEST | 49747 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:47.866297960 CEST | 80 | 49747 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:47.866441965 CEST | 80 | 49747 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:48.657077074 CEST | 80 | 49747 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:48.657628059 CEST | 80 | 49747 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:48.657828093 CEST | 49747 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:48.657828093 CEST | 49747 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:48.660762072 CEST | 49748 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:48.663192034 CEST | 80 | 49747 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:48.665842056 CEST | 80 | 49748 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:48.665921926 CEST | 49748 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:48.666071892 CEST | 49748 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:48.666121006 CEST | 49748 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:48.671154976 CEST | 80 | 49748 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:48.671247005 CEST | 80 | 49748 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:49.459602118 CEST | 80 | 49748 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:49.462537050 CEST | 80 | 49748 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:49.462698936 CEST | 49748 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:49.462762117 CEST | 49748 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:49.465981007 CEST | 49749 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:49.467551947 CEST | 80 | 49748 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:49.470832109 CEST | 80 | 49749 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:49.470932007 CEST | 49749 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:49.471048117 CEST | 49749 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:49.471084118 CEST | 49749 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:49.475805998 CEST | 80 | 49749 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:49.475956917 CEST | 80 | 49749 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:50.282727003 CEST | 80 | 49749 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:50.282918930 CEST | 80 | 49749 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:50.282988071 CEST | 49749 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:50.283077002 CEST | 49749 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:50.286218882 CEST | 49750 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:50.287947893 CEST | 80 | 49749 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:50.291177988 CEST | 80 | 49750 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:50.291249037 CEST | 49750 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:50.291349888 CEST | 49750 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:50.291383028 CEST | 49750 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:50.296133041 CEST | 80 | 49750 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:50.296276093 CEST | 80 | 49750 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:51.089848995 CEST | 80 | 49750 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:51.090111971 CEST | 80 | 49750 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:51.090176105 CEST | 49750 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:51.090214968 CEST | 49750 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:51.093189955 CEST | 49751 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:51.095118999 CEST | 80 | 49750 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:51.098108053 CEST | 80 | 49751 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:51.098185062 CEST | 49751 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:51.098297119 CEST | 49751 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:51.098311901 CEST | 49751 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:51.103131056 CEST | 80 | 49751 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:51.103230000 CEST | 80 | 49751 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:51.895728111 CEST | 80 | 49751 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:51.895889044 CEST | 80 | 49751 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:51.895963907 CEST | 49751 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:51.896034002 CEST | 49751 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:51.901103020 CEST | 80 | 49751 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:51.907500982 CEST | 49752 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:51.912595987 CEST | 80 | 49752 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:51.912798882 CEST | 49752 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:51.912986994 CEST | 49752 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:51.913023949 CEST | 49752 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:51.917823076 CEST | 80 | 49752 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:51.917936087 CEST | 80 | 49752 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:52.777829885 CEST | 80 | 49752 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:52.778400898 CEST | 80 | 49752 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:52.778542042 CEST | 49752 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:52.778651953 CEST | 49752 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:52.781461954 CEST | 49753 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:52.783560991 CEST | 80 | 49752 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:52.786422014 CEST | 80 | 49753 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:52.786501884 CEST | 49753 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:52.786597967 CEST | 49753 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:52.786632061 CEST | 49753 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:52.791441917 CEST | 80 | 49753 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:52.792155981 CEST | 80 | 49753 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:53.594877958 CEST | 80 | 49753 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:53.594919920 CEST | 80 | 49753 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:53.595038891 CEST | 49753 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:53.595194101 CEST | 49753 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:53.597706079 CEST | 49754 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:53.600116968 CEST | 80 | 49753 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:53.602665901 CEST | 80 | 49754 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:53.602766991 CEST | 49754 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:53.602880955 CEST | 49754 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:53.602914095 CEST | 49754 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:53.607790947 CEST | 80 | 49754 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:53.607940912 CEST | 80 | 49754 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:54.432265043 CEST | 80 | 49754 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:54.432451010 CEST | 80 | 49754 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:54.432534933 CEST | 49754 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:54.432605982 CEST | 49754 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:54.435277939 CEST | 49755 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:54.437434912 CEST | 80 | 49754 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:54.440274954 CEST | 80 | 49755 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:54.440362930 CEST | 49755 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:54.440512896 CEST | 49755 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:54.440557003 CEST | 49755 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:54.445312977 CEST | 80 | 49755 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:54.445611000 CEST | 80 | 49755 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:55.356287003 CEST | 80 | 49755 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:55.356589079 CEST | 80 | 49755 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:55.356666088 CEST | 49755 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:55.356862068 CEST | 49755 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:55.359462976 CEST | 49756 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:55.361706018 CEST | 80 | 49755 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:55.364439964 CEST | 80 | 49756 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:55.364516973 CEST | 49756 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:55.364646912 CEST | 49756 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:55.364675999 CEST | 49756 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:55.369587898 CEST | 80 | 49756 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:55.369961977 CEST | 80 | 49756 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:56.160439014 CEST | 80 | 49756 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:56.161005974 CEST | 80 | 49756 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:56.161079884 CEST | 49756 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:56.161132097 CEST | 49756 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:56.163661957 CEST | 49757 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:56.166066885 CEST | 80 | 49756 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:56.168560028 CEST | 80 | 49757 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:56.168764114 CEST | 49757 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:56.168869972 CEST | 49757 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:56.168869972 CEST | 49757 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:56.173732042 CEST | 80 | 49757 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:56.173873901 CEST | 80 | 49757 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:56.967535973 CEST | 80 | 49757 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:56.967680931 CEST | 80 | 49757 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:56.967829943 CEST | 49757 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:56.967871904 CEST | 49757 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:56.970235109 CEST | 49758 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:56.972856998 CEST | 80 | 49757 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:56.975229979 CEST | 80 | 49758 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:56.975310087 CEST | 49758 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:56.975419044 CEST | 49758 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:56.977700949 CEST | 49758 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:56.980389118 CEST | 80 | 49758 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:56.982736111 CEST | 80 | 49758 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:57.801300049 CEST | 80 | 49758 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:57.802153111 CEST | 80 | 49758 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:57.802217960 CEST | 49758 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:57.802557945 CEST | 49758 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:57.804518938 CEST | 49759 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:57.807507038 CEST | 80 | 49758 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:57.809566021 CEST | 80 | 49759 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:57.809920073 CEST | 49759 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:57.810257912 CEST | 49759 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:57.810257912 CEST | 49759 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:57.815251112 CEST | 80 | 49759 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:57.815341949 CEST | 80 | 49759 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:58.602148056 CEST | 80 | 49759 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:58.603007078 CEST | 80 | 49759 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:58.603168964 CEST | 49759 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:58.603260994 CEST | 49759 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:58.606524944 CEST | 49760 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:58.608335972 CEST | 80 | 49759 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:58.611499071 CEST | 80 | 49760 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:58.611591101 CEST | 49760 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:58.611738920 CEST | 49760 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:58.611777067 CEST | 49760 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:58.616776943 CEST | 80 | 49760 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:58.616811991 CEST | 80 | 49760 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:59.500734091 CEST | 80 | 49760 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:59.500781059 CEST | 80 | 49760 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:59.501084089 CEST | 49760 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:59.501351118 CEST | 49760 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:59.504414082 CEST | 49761 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:59.506295919 CEST | 80 | 49760 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:59.509593964 CEST | 80 | 49761 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:59.509684086 CEST | 49761 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:59.509779930 CEST | 49761 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:59.509802103 CEST | 49761 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:02:59.514758110 CEST | 80 | 49761 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:02:59.514786959 CEST | 80 | 49761 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:00.324894905 CEST | 80 | 49761 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:00.324990034 CEST | 80 | 49761 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:00.325140953 CEST | 49761 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:00.325211048 CEST | 49761 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:00.327958107 CEST | 49762 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:00.330169916 CEST | 80 | 49761 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:00.332890034 CEST | 80 | 49762 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:00.332969904 CEST | 49762 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:00.333209991 CEST | 49762 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:00.333230972 CEST | 49762 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:00.337985992 CEST | 80 | 49762 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:00.338177919 CEST | 80 | 49762 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:01.241354942 CEST | 80 | 49762 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:01.241477013 CEST | 80 | 49762 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:01.241528034 CEST | 49762 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:01.244995117 CEST | 49762 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:01.249847889 CEST | 80 | 49762 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:01.398951054 CEST | 49763 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:01.404083014 CEST | 80 | 49763 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:01.404159069 CEST | 49763 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:01.404306889 CEST | 49763 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:01.404340982 CEST | 49763 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:01.409140110 CEST | 80 | 49763 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:01.409153938 CEST | 80 | 49763 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:02.205260992 CEST | 80 | 49763 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:02.205349922 CEST | 80 | 49763 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:02.205411911 CEST | 49763 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:02.205519915 CEST | 49763 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:02.210397959 CEST | 80 | 49763 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:02.214718103 CEST | 49764 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:02.219717979 CEST | 80 | 49764 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:02.219791889 CEST | 49764 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:02.219935894 CEST | 49764 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:02.219971895 CEST | 49764 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:02.224771023 CEST | 80 | 49764 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:02.224922895 CEST | 80 | 49764 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:03.013564110 CEST | 80 | 49764 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:03.013725996 CEST | 80 | 49764 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:03.013839006 CEST | 49764 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:03.014036894 CEST | 49764 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:03.016741037 CEST | 49765 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:03.019205093 CEST | 80 | 49764 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:03.021811008 CEST | 80 | 49765 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:03.021902084 CEST | 49765 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:03.022027969 CEST | 49765 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:03.022027969 CEST | 49765 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:03.026832104 CEST | 80 | 49765 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:03.027013063 CEST | 80 | 49765 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:03.815471888 CEST | 80 | 49765 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:03.817471981 CEST | 80 | 49765 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:03.820532084 CEST | 49765 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:03.855640888 CEST | 49765 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:03.860541105 CEST | 80 | 49765 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:03.937942028 CEST | 49766 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:03.943032980 CEST | 80 | 49766 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:03.943108082 CEST | 49766 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:03.945909977 CEST | 49766 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:03.945910931 CEST | 49766 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:03.950735092 CEST | 80 | 49766 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:03.950916052 CEST | 80 | 49766 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:04.822065115 CEST | 80 | 49766 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:04.822968960 CEST | 80 | 49766 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:04.823195934 CEST | 49766 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:04.823195934 CEST | 49766 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:04.826041937 CEST | 49767 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:04.828200102 CEST | 80 | 49766 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:04.831000090 CEST | 80 | 49767 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:04.831084967 CEST | 49767 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:04.831216097 CEST | 49767 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:04.831258059 CEST | 49767 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:04.836023092 CEST | 80 | 49767 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:04.836163044 CEST | 80 | 49767 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:05.614105940 CEST | 80 | 49767 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:05.614420891 CEST | 80 | 49767 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:05.614746094 CEST | 49767 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:05.614870071 CEST | 49767 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:05.617141962 CEST | 49769 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:05.619806051 CEST | 80 | 49767 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:05.622423887 CEST | 80 | 49769 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:05.622641087 CEST | 49769 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:05.622786999 CEST | 49769 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:05.622817039 CEST | 49769 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:05.627614021 CEST | 80 | 49769 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:05.627756119 CEST | 80 | 49769 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:06.417629004 CEST | 80 | 49769 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:06.417754889 CEST | 80 | 49769 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:06.417804956 CEST | 49769 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:06.417855024 CEST | 49769 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:06.422831059 CEST | 80 | 49769 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:06.456892967 CEST | 49770 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:06.461868048 CEST | 80 | 49770 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:06.461940050 CEST | 49770 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:06.462102890 CEST | 49770 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:06.462138891 CEST | 49770 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:06.467046022 CEST | 80 | 49770 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:06.467075109 CEST | 80 | 49770 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:07.311100960 CEST | 80 | 49770 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:07.311444044 CEST | 80 | 49770 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:07.311723948 CEST | 49770 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:07.311794043 CEST | 49770 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:07.315206051 CEST | 49772 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:07.316705942 CEST | 80 | 49770 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:07.320128918 CEST | 80 | 49772 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:07.320271969 CEST | 49772 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:07.320449114 CEST | 49772 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:07.320485115 CEST | 49772 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:07.325234890 CEST | 80 | 49772 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:07.325284958 CEST | 80 | 49772 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:08.127748966 CEST | 80 | 49772 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:08.128184080 CEST | 80 | 49772 | 109.175.29.39 | 192.168.2.4 |
Oct 14, 2024 10:03:08.128601074 CEST | 49772 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:08.128680944 CEST | 49772 | 80 | 192.168.2.4 | 109.175.29.39 |
Oct 14, 2024 10:03:08.133577108 CEST | 80 | 49772 | 109.175.29.39 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2024 10:02:36.086679935 CEST | 51865 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 10:02:37.077652931 CEST | 51865 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 10:02:38.146615982 CEST | 51865 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 10:02:38.444628954 CEST | 53 | 51865 | 1.1.1.1 | 192.168.2.4 |
Oct 14, 2024 10:02:38.444684029 CEST | 53 | 51865 | 1.1.1.1 | 192.168.2.4 |
Oct 14, 2024 10:02:38.444715023 CEST | 53 | 51865 | 1.1.1.1 | 192.168.2.4 |
Oct 14, 2024 10:03:46.790268898 CEST | 49292 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 14, 2024 10:02:36.086679935 CEST | 192.168.2.4 | 1.1.1.1 | 0xfe89 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 10:02:37.077652931 CEST | 192.168.2.4 | 1.1.1.1 | 0xfe89 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 10:02:38.146615982 CEST | 192.168.2.4 | 1.1.1.1 | 0xfe89 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 10:03:46.790268898 CEST | 192.168.2.4 | 1.1.1.1 | 0x10e6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 14, 2024 10:02:38.444628954 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 109.175.29.39 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444628954 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 212.112.110.243 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444628954 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 190.147.128.172 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444628954 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 116.58.10.60 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444628954 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 190.249.249.14 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444628954 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 190.187.52.42 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444628954 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 63.143.98.185 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444628954 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444628954 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 201.212.52.197 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444628954 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 189.181.56.137 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444684029 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 109.175.29.39 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444684029 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 212.112.110.243 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444684029 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 190.147.128.172 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444684029 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 116.58.10.60 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444684029 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 190.249.249.14 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444684029 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 190.187.52.42 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444684029 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 63.143.98.185 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444684029 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444684029 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 201.212.52.197 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444684029 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 189.181.56.137 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444715023 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 109.175.29.39 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444715023 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 212.112.110.243 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444715023 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 190.147.128.172 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444715023 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 116.58.10.60 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444715023 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 190.249.249.14 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444715023 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 190.187.52.42 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444715023 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 63.143.98.185 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444715023 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444715023 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 201.212.52.197 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:02:38.444715023 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe89 | No error (0) | 189.181.56.137 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 10:03:46.797075033 CEST | 1.1.1.1 | 192.168.2.4 | 0x10e6 | No error (0) | api-msn-com.a-0003.a-msedge.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49736 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:38.453902006 CEST | 280 | OUT | |
Oct 14, 2024 10:02:38.453923941 CEST | 240 | OUT | |
Oct 14, 2024 10:02:39.243119955 CEST | 152 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49737 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:39.252496958 CEST | 281 | OUT | |
Oct 14, 2024 10:02:39.252541065 CEST | 168 | OUT | |
Oct 14, 2024 10:02:40.057665110 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49738 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:40.065501928 CEST | 279 | OUT | |
Oct 14, 2024 10:02:40.065593004 CEST | 158 | OUT | |
Oct 14, 2024 10:02:40.996191025 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49739 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:41.037493944 CEST | 281 | OUT | |
Oct 14, 2024 10:02:41.037493944 CEST | 253 | OUT | |
Oct 14, 2024 10:02:41.830756903 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49740 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:41.838699102 CEST | 282 | OUT | |
Oct 14, 2024 10:02:41.838699102 CEST | 289 | OUT | |
Oct 14, 2024 10:02:42.637752056 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49741 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:42.647681952 CEST | 281 | OUT | |
Oct 14, 2024 10:02:42.647697926 CEST | 297 | OUT | |
Oct 14, 2024 10:02:43.564790964 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49742 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:43.586003065 CEST | 279 | OUT | |
Oct 14, 2024 10:02:43.586028099 CEST | 146 | OUT | |
Oct 14, 2024 10:02:44.373192072 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49743 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:44.384479046 CEST | 279 | OUT | |
Oct 14, 2024 10:02:44.384479046 CEST | 259 | OUT | |
Oct 14, 2024 10:02:45.213128090 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49744 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:45.222959995 CEST | 281 | OUT | |
Oct 14, 2024 10:02:45.222994089 CEST | 276 | OUT | |
Oct 14, 2024 10:02:46.040815115 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49745 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:46.120929956 CEST | 279 | OUT | |
Oct 14, 2024 10:02:46.120958090 CEST | 141 | OUT | |
Oct 14, 2024 10:02:47.032917976 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.4 | 49746 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:47.046334982 CEST | 280 | OUT | |
Oct 14, 2024 10:02:47.046350002 CEST | 185 | OUT | |
Oct 14, 2024 10:02:47.852401018 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.4 | 49747 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:47.861527920 CEST | 278 | OUT | |
Oct 14, 2024 10:02:47.861558914 CEST | 131 | OUT | |
Oct 14, 2024 10:02:48.657077074 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.4 | 49748 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:48.666071892 CEST | 280 | OUT | |
Oct 14, 2024 10:02:48.666121006 CEST | 215 | OUT | |
Oct 14, 2024 10:02:49.459602118 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.4 | 49749 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:49.471048117 CEST | 278 | OUT | |
Oct 14, 2024 10:02:49.471084118 CEST | 267 | OUT | |
Oct 14, 2024 10:02:50.282727003 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.4 | 49750 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:50.291349888 CEST | 280 | OUT | |
Oct 14, 2024 10:02:50.291383028 CEST | 329 | OUT | |
Oct 14, 2024 10:02:51.089848995 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.4 | 49751 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:51.098297119 CEST | 283 | OUT | |
Oct 14, 2024 10:02:51.098311901 CEST | 236 | OUT | |
Oct 14, 2024 10:02:51.895728111 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.4 | 49752 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:51.912986994 CEST | 280 | OUT | |
Oct 14, 2024 10:02:51.913023949 CEST | 234 | OUT | |
Oct 14, 2024 10:02:52.777829885 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.4 | 49753 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:52.786597967 CEST | 281 | OUT | |
Oct 14, 2024 10:02:52.786632061 CEST | 193 | OUT | |
Oct 14, 2024 10:02:53.594877958 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.4 | 49754 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:53.602880955 CEST | 279 | OUT | |
Oct 14, 2024 10:02:53.602914095 CEST | 278 | OUT | |
Oct 14, 2024 10:02:54.432265043 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.4 | 49755 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:54.440512896 CEST | 281 | OUT | |
Oct 14, 2024 10:02:54.440557003 CEST | 119 | OUT | |
Oct 14, 2024 10:02:55.356287003 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.4 | 49756 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:55.364646912 CEST | 283 | OUT | |
Oct 14, 2024 10:02:55.364675999 CEST | 286 | OUT | |
Oct 14, 2024 10:02:56.160439014 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.4 | 49757 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:56.168869972 CEST | 278 | OUT | |
Oct 14, 2024 10:02:56.168869972 CEST | 115 | OUT | |
Oct 14, 2024 10:02:56.967535973 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
22 | 192.168.2.4 | 49758 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:56.975419044 CEST | 278 | OUT | |
Oct 14, 2024 10:02:56.977700949 CEST | 180 | OUT | |
Oct 14, 2024 10:02:57.801300049 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
23 | 192.168.2.4 | 49759 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:57.810257912 CEST | 283 | OUT | |
Oct 14, 2024 10:02:57.810257912 CEST | 138 | OUT | |
Oct 14, 2024 10:02:58.602148056 CEST | 137 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
24 | 192.168.2.4 | 49760 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:58.611738920 CEST | 281 | OUT | |
Oct 14, 2024 10:02:58.611777067 CEST | 214 | OUT | |
Oct 14, 2024 10:02:59.500734091 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
25 | 192.168.2.4 | 49761 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:02:59.509779930 CEST | 278 | OUT | |
Oct 14, 2024 10:02:59.509802103 CEST | 162 | OUT | |
Oct 14, 2024 10:03:00.324894905 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
26 | 192.168.2.4 | 49762 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:03:00.333209991 CEST | 281 | OUT | |
Oct 14, 2024 10:03:00.333230972 CEST | 166 | OUT | |
Oct 14, 2024 10:03:01.241354942 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
27 | 192.168.2.4 | 49763 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:03:01.404306889 CEST | 278 | OUT | |
Oct 14, 2024 10:03:01.404340982 CEST | 348 | OUT | |
Oct 14, 2024 10:03:02.205260992 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
28 | 192.168.2.4 | 49764 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:03:02.219935894 CEST | 278 | OUT | |
Oct 14, 2024 10:03:02.219971895 CEST | 208 | OUT | |
Oct 14, 2024 10:03:03.013564110 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
29 | 192.168.2.4 | 49765 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:03:03.022027969 CEST | 278 | OUT | |
Oct 14, 2024 10:03:03.022027969 CEST | 137 | OUT | |
Oct 14, 2024 10:03:03.815471888 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
30 | 192.168.2.4 | 49766 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:03:03.945909977 CEST | 278 | OUT | |
Oct 14, 2024 10:03:03.945910931 CEST | 206 | OUT | |
Oct 14, 2024 10:03:04.822065115 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
31 | 192.168.2.4 | 49767 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:03:04.831216097 CEST | 280 | OUT | |
Oct 14, 2024 10:03:04.831258059 CEST | 178 | OUT | |
Oct 14, 2024 10:03:05.614105940 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
32 | 192.168.2.4 | 49769 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:03:05.622786999 CEST | 279 | OUT | |
Oct 14, 2024 10:03:05.622817039 CEST | 221 | OUT | |
Oct 14, 2024 10:03:06.417629004 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
33 | 192.168.2.4 | 49770 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:03:06.462102890 CEST | 278 | OUT | |
Oct 14, 2024 10:03:06.462138891 CEST | 344 | OUT | |
Oct 14, 2024 10:03:07.311100960 CEST | 484 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
34 | 192.168.2.4 | 49772 | 109.175.29.39 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 14, 2024 10:03:07.320449114 CEST | 279 | OUT | |
Oct 14, 2024 10:03:07.320485115 CEST | 347 | OUT | |
Oct 14, 2024 10:03:08.127748966 CEST | 484 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 04:02:09 |
Start date: | 14/10/2024 |
Path: | C:\Users\user\Desktop\3sfCdeA1H2.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 265'728 bytes |
MD5 hash: | 91BE25F31B7891908A50DFDC9F03F2B4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 04:02:17 |
Start date: | 14/10/2024 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b770000 |
File size: | 5'141'208 bytes |
MD5 hash: | 662F4F92FDE3557E86D110526BB578D5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 04:02:36 |
Start date: | 14/10/2024 |
Path: | C:\Users\user\AppData\Roaming\tttcvva |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7ff70f330000 |
File size: | 265'728 bytes |
MD5 hash: | 91BE25F31B7891908A50DFDC9F03F2B4 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 10 |
Start time: | 04:03:39 |
Start date: | 14/10/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d9380000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 04:03:42 |
Start date: | 14/10/2024 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b770000 |
File size: | 5'141'208 bytes |
MD5 hash: | 662F4F92FDE3557E86D110526BB578D5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 9.3% |
Dynamic/Decrypted Code Coverage: | 28.7% |
Signature Coverage: | 41.5% |
Total number of Nodes: | 171 |
Total number of Limit Nodes: | 5 |
Graph
Function 00417090 Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 271filelibrarypipeCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02CDFA88 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C9003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00417363 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65libraryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416D00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63librarymemoryloaderCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C90E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004018E6 Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401915 Relevance: 1.3, APIs: 1, Instructions: 59sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004018F1 Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401912 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02CDF747 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401925 Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416CD0 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C9092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02CDF365 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403277 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040324F Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C90D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403256 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403247 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040326C Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403290 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416FF0 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 9.5% |
Dynamic/Decrypted Code Coverage: | 28.7% |
Signature Coverage: | 0% |
Total number of Nodes: | 171 |
Total number of Limit Nodes: | 5 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417090 Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 271filelibrarypipeCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0477003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00417363 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65libraryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416D00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63librarymemoryloaderCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C60C10 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 04770E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004018E6 Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401915 Relevance: 1.3, APIs: 1, Instructions: 59sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004018F1 Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401912 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C608CF Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401925 Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416CD0 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416FF0 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|