Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 6652 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 6495432F0808EB94291D12C862216FE2) - explorer.exe (PID: 2580 cmdline:
C:\Windows \Explorer. EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
- wdhwgdv (PID: 4476 cmdline:
C:\Users\u ser\AppDat a\Roaming\ wdhwgdv MD5: 6495432F0808EB94291D12C862216FE2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
SmokeLoader | The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body. |
{"Version": 2022, "C2 list": ["http://tnc-corp.ru/tmp/index.php", "http://volisc.biz/tmp/index.php", "http://livbev.online/tmp/index.php", "http://liverds.at/tmp/index.php"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Windows_Trojan_Smokeloader_4e31426e | unknown | unknown |
| |
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
Click to see the 7 entries |
System Summary |
---|
Source: | Author: Max Altgelt (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-20T06:02:29.062843+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 56798 | 181.123.219.23 | 80 | TCP |
2024-10-20T06:03:47.872011+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 57004 | 181.123.219.23 | 80 | TCP |
2024-10-20T06:04:03.773750+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 57064 | 181.123.219.23 | 80 | TCP |
2024-10-20T06:04:21.852569+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 57074 | 181.123.219.23 | 80 | TCP |
2024-10-20T06:04:37.747088+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 57075 | 181.123.219.23 | 80 | TCP |
2024-10-20T06:04:54.668067+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 57076 | 181.123.219.23 | 80 | TCP |
2024-10-20T06:05:13.486893+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 57077 | 152.231.120.3 | 80 | TCP |
2024-10-20T06:05:33.359838+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 59097 | 152.231.120.3 | 80 | TCP |
2024-10-20T06:05:50.361206+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 59098 | 152.231.120.3 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00403054 | |
Source: | Code function: | 0_2_00401583 | |
Source: | Code function: | 0_2_00402721 | |
Source: | Code function: | 0_2_0040158E | |
Source: | Code function: | 0_2_004015BC | |
Source: | Code function: | 5_2_00403054 | |
Source: | Code function: | 5_2_00401583 | |
Source: | Code function: | 5_2_00402721 | |
Source: | Code function: | 5_2_0040158E | |
Source: | Code function: | 5_2_004015BC |
Source: | Code function: | 0_2_00401A28 | |
Source: | Code function: | 5_2_00401A28 |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_00601D11 |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00402957 | |
Source: | Code function: | 0_2_00402926 | |
Source: | Code function: | 0_2_00402942 | |
Source: | Code function: | 0_2_0060966C | |
Source: | Code function: | 0_2_0060344E | |
Source: | Code function: | 0_2_0060966C | |
Source: | Code function: | 0_2_006092B2 | |
Source: | Code function: | 0_2_006229BE | |
Source: | Code function: | 0_2_0062298D | |
Source: | Code function: | 0_2_006229A9 | |
Source: | Code function: | 5_2_00402957 | |
Source: | Code function: | 5_2_00402926 | |
Source: | Code function: | 5_2_00402942 | |
Source: | Code function: | 5_2_005F344E | |
Source: | Code function: | 5_2_005F966C | |
Source: | Code function: | 5_2_005F966C | |
Source: | Code function: | 5_2_005F92B2 | |
Source: | Code function: | 5_2_006129BE | |
Source: | Code function: | 5_2_0061298D | |
Source: | Code function: | 5_2_006129A9 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File deleted: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior |
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: |
Source: | Binary or memory string: |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | System information queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_006015EE | |
Source: | Code function: | 0_2_0062092B | |
Source: | Code function: | 0_2_00620D90 | |
Source: | Code function: | 5_2_005F15EE | |
Source: | Code function: | 5_2_0061092B | |
Source: | Code function: | 5_2_00610D90 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File created: | Jump to dropped file |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | 1 DLL Side-Loading | 32 Process Injection | 11 Masquerading | OS Credential Dumping | 511 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 12 Virtualization/Sandbox Evasion | LSASS Memory | 12 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 32 Process Injection | Security Account Manager | 3 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 112 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Hidden Files and Directories | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 12 Software Packing | Cached Domain Credentials | 12 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 File Deletion | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | ReversingLabs | Win32.Trojan.CrypterX | ||
41% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1306978 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1306978 | ||
100% | Joe Sandbox ML | |||
41% | ReversingLabs | Win32.Trojan.CrypterX |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse | ||
6% | Virustotal | Browse | ||
5% | Virustotal | Browse | ||
6% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
tnc-corp.ru | 187.204.28.205 | true | true |
| unknown |
volisc.biz | unknown | unknown | true |
| unknown |
liverds.at | unknown | unknown | true |
| unknown |
livbev.online | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
181.123.219.23 | unknown | Paraguay | 23201 | TelecelSAPY | true | |
152.231.120.3 | unknown | Chile | 27651 | ENTELCHILESACL | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1538051 |
Start date and time: | 2024-10-20 06:01:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@2/2@81/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtOpenKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
00:02:23 | API Interceptor | |
05:02:24 | Task Scheduler |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
152.231.120.3 | Get hash | malicious | SmokeLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
tnc-corp.ru | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ENTELCHILESACL | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
TelecelSAPY | Get hash | malicious | Mirai, Moobot | Browse |
| |
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 377856 |
Entropy (8bit): | 6.53330579906143 |
Encrypted: | false |
SSDEEP: | 6144:VaIYQL38hwc85w569ALrSsP5hglG+E3hX936mDtQhkBTI9I9jtj8OU8vJpm:VLLL8hh85wYytPrcG+0qk2hg/VtTB7m |
MD5: | 6495432F0808EB94291D12C862216FE2 |
SHA1: | B26485ED3EE5990D1C8363E743D8E0903E2B3433 |
SHA-256: | 4DCF43767F4FD901EF13A37DA7499A54C61CF045A045186151A8BBEFC251EE6B |
SHA-512: | 60B929C8670CEF82A54FA274A8A9C010B516D87E61E5B45B8BD3D324E5D11F55A804ACB03FC760983D082AB2A3E8E772391C15F78FDCEF4AA9D5C13363566F2F |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.53330579906143 |
TrID: |
|
File name: | file.exe |
File size: | 377'856 bytes |
MD5: | 6495432f0808eb94291d12c862216fe2 |
SHA1: | b26485ed3ee5990d1c8363e743d8e0903e2b3433 |
SHA256: | 4dcf43767f4fd901ef13a37da7499a54c61cf045a045186151a8bbefc251ee6b |
SHA512: | 60b929c8670cef82a54fa274a8a9c010b516d87e61e5b45b8bd3d324e5d11f55a804acb03fc760983d082ab2a3e8e772391c15f78fdcef4aa9d5c13363566f2f |
SSDEEP: | 6144:VaIYQL38hwc85w569ALrSsP5hglG+E3hX936mDtQhkBTI9I9jtj8OU8vJpm:VLLL8hh85wYytPrcG+0qk2hg/VtTB7m |
TLSH: | D484E0213680C532E9B655304F31E2E65A7EFC722965814B77443BBE3E313C29AB935B |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u@$.1!J.1!J.1!J./s..(!J./s..G!J./s...!J...1.4!J.1!K..!J./s..0!J./s..0!J./s..0!J.Rich1!J.........................PE..L....[9e... |
Icon Hash: | 64106e6656664a46 |
Entrypoint: | 0x404de6 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x65395B95 [Wed Oct 25 18:16:53 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | fa634277cf7ca53dcfe49ebb014dd360 |
Instruction |
---|
call 00007F21387F4835h |
jmp 00007F21387F074Eh |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 20h |
mov eax, dword ptr [ebp+08h] |
push esi |
push edi |
push 00000008h |
pop ecx |
mov esi, 004012ACh |
lea edi, dword ptr [ebp-20h] |
rep movsd |
mov dword ptr [ebp-08h], eax |
mov eax, dword ptr [ebp+0Ch] |
pop edi |
mov dword ptr [ebp-04h], eax |
pop esi |
test eax, eax |
je 00007F21387F08DEh |
test byte ptr [eax], 00000008h |
je 00007F21387F08D9h |
mov dword ptr [ebp-0Ch], 01994000h |
lea eax, dword ptr [ebp-0Ch] |
push eax |
push dword ptr [ebp-10h] |
push dword ptr [ebp-1Ch] |
push dword ptr [ebp-20h] |
call dword ptr [004010D4h] |
leave |
retn 0008h |
mov edi, edi |
push ebp |
mov ebp, esp |
push ecx |
push ebx |
mov eax, dword ptr [ebp+0Ch] |
add eax, 0Ch |
mov dword ptr [ebp-04h], eax |
mov ebx, dword ptr fs:[00000000h] |
mov eax, dword ptr [ebx] |
mov dword ptr fs:[00000000h], eax |
mov eax, dword ptr [ebp+08h] |
mov ebx, dword ptr [ebp+0Ch] |
mov ebp, dword ptr [ebp-04h] |
mov esp, dword ptr [ebx-04h] |
jmp eax |
pop ebx |
leave |
retn 0008h |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
mov edi, edi |
push ebp |
mov ebp, esp |
push ecx |
push ecx |
push ebx |
push esi |
push edi |
mov esi, dword ptr fs:[00000000h] |
mov dword ptr [ebp-04h], esi |
mov dword ptr [ebp-08h], 00404EAEh |
push 00000000h |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp-08h] |
push dword ptr [ebp+08h] |
call 00007F21387FDF25h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x4a658 | 0x3c | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5e000 | 0x9ee0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x68000 | 0xd04 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2f40 | 0x40 | .text |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x1b8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x4a05c | 0x4a200 | 96e51ed94bb13add85d8f3990145b7f8 | False | 0.7261343275716695 | data | 7.003544202786242 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x4c000 | 0x1199c | 0x6000 | 96142be66429191e63d42e6d1a442645 | False | 0.08296712239583333 | data | 0.9865295359522287 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x5e000 | 0x9ee0 | 0xa000 | 7b10c1577034405fb38319c3073f89b9 | False | 0.4546142578125 | data | 5.148333936210553 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x68000 | 0x1c3c | 0x1e00 | 7a4cdd3c4fa6b4ccb869d794090cf380 | False | 0.3671875 | data | 3.726000255969721 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x64d70 | 0x330 | Device independent bitmap graphic, 48 x 96 x 1, image size 0 | 0.1948529411764706 | ||
RT_CURSOR | 0x650a0 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.33223684210526316 | ||
RT_CURSOR | 0x651f8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.2953091684434968 | ||
RT_CURSOR | 0x660a0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.46705776173285196 | ||
RT_CURSOR | 0x66948 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5361271676300579 | ||
RT_ICON | 0x5e4f0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Tamil | India | 0.38832622601279315 |
RT_ICON | 0x5e4f0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Tamil | Sri Lanka | 0.38832622601279315 |
RT_ICON | 0x5f398 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Tamil | India | 0.5532490974729242 |
RT_ICON | 0x5f398 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Tamil | Sri Lanka | 0.5532490974729242 |
RT_ICON | 0x5fc40 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Tamil | India | 0.6296082949308756 |
RT_ICON | 0x5fc40 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Tamil | Sri Lanka | 0.6296082949308756 |
RT_ICON | 0x60308 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Tamil | India | 0.6676300578034682 |
RT_ICON | 0x60308 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Tamil | Sri Lanka | 0.6676300578034682 |
RT_ICON | 0x60870 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Tamil | India | 0.49844398340248963 |
RT_ICON | 0x60870 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Tamil | Sri Lanka | 0.49844398340248963 |
RT_ICON | 0x62e18 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Tamil | India | 0.5180581613508443 |
RT_ICON | 0x62e18 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Tamil | Sri Lanka | 0.5180581613508443 |
RT_ICON | 0x63ec0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Tamil | India | 0.5040983606557377 |
RT_ICON | 0x63ec0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Tamil | Sri Lanka | 0.5040983606557377 |
RT_ICON | 0x64848 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Tamil | India | 0.5656028368794326 |
RT_ICON | 0x64848 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Tamil | Sri Lanka | 0.5656028368794326 |
RT_DIALOG | 0x67148 | 0x58 | data | 0.8977272727272727 | ||
RT_STRING | 0x671a0 | 0x57a | data | Tamil | India | 0.42368045649072755 |
RT_STRING | 0x671a0 | 0x57a | data | Tamil | Sri Lanka | 0.42368045649072755 |
RT_STRING | 0x67720 | 0x2cc | data | Tamil | India | 0.473463687150838 |
RT_STRING | 0x67720 | 0x2cc | data | Tamil | Sri Lanka | 0.473463687150838 |
RT_STRING | 0x679f0 | 0x4ea | data | Tamil | India | 0.4507154213036566 |
RT_STRING | 0x679f0 | 0x4ea | data | Tamil | Sri Lanka | 0.4507154213036566 |
RT_ACCELERATOR | 0x64d28 | 0x48 | data | Tamil | India | 0.8472222222222222 |
RT_ACCELERATOR | 0x64d28 | 0x48 | data | Tamil | Sri Lanka | 0.8472222222222222 |
RT_GROUP_CURSOR | 0x651d0 | 0x22 | data | 1.0294117647058822 | ||
RT_GROUP_CURSOR | 0x66eb0 | 0x30 | data | 0.9375 | ||
RT_GROUP_ICON | 0x64cb0 | 0x76 | data | Tamil | India | 0.6610169491525424 |
RT_GROUP_ICON | 0x64cb0 | 0x76 | data | Tamil | Sri Lanka | 0.6610169491525424 |
RT_VERSION | 0x66ee0 | 0x264 | data | 0.5359477124183006 |
DLL | Import |
---|---|
KERNEL32.dll | GetComputerNameA, TlsGetValue, GetConsoleAliasExesA, CreateProcessW, ClearCommError, InterlockedIncrement, GetCurrentProcess, SetEnvironmentVariableW, SetComputerNameW, GetTickCount, CreateNamedPipeW, EnumTimeFormatsA, CreateActCtxW, GetCurrencyFormatW, GetEnvironmentStrings, SetFileShortNameW, GetLocaleInfoW, ReadConsoleInputA, SetVolumeMountPointA, GetVersionExW, GetTimeFormatW, GetFileAttributesW, GetModuleFileNameW, GetShortPathNameA, CreateJobObjectA, LCMapStringA, VerifyVersionInfoW, InterlockedExchange, GetLogicalDriveStringsA, GetLastError, SetLastError, GetProcAddress, VirtualAlloc, DefineDosDeviceA, GlobalFree, GetTempFileNameA, LoadLibraryA, CreateSemaphoreW, InterlockedExchangeAdd, GetNumberFormatW, OpenEventA, GetCommMask, OpenJobObjectW, GetModuleFileNameA, GlobalUnWire, GetCurrentDirectoryA, GetShortPathNameW, GetDiskFreeSpaceExA, SetFileAttributesW, CommConfigDialogW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, RaiseException, RtlUnwind, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, TerminateProcess, IsDebuggerPresent, HeapAlloc, HeapFree, EnterCriticalSection, LeaveCriticalSection, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, InterlockedDecrement, HeapCreate, VirtualFree, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, WideCharToMultiByte, HeapSize, GetLocaleInfoA, GetModuleHandleA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, CloseHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, CreateFileA |
USER32.dll | GetAltTabInfoW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Tamil | India | |
Tamil | Sri Lanka |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-20T06:02:29.062843+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 56798 | 181.123.219.23 | 80 | TCP |
2024-10-20T06:03:47.872011+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 57004 | 181.123.219.23 | 80 | TCP |
2024-10-20T06:04:03.773750+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 57064 | 181.123.219.23 | 80 | TCP |
2024-10-20T06:04:21.852569+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 57074 | 181.123.219.23 | 80 | TCP |
2024-10-20T06:04:37.747088+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 57075 | 181.123.219.23 | 80 | TCP |
2024-10-20T06:04:54.668067+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 57076 | 181.123.219.23 | 80 | TCP |
2024-10-20T06:05:13.486893+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 57077 | 152.231.120.3 | 80 | TCP |
2024-10-20T06:05:33.359838+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 59097 | 152.231.120.3 | 80 | TCP |
2024-10-20T06:05:50.361206+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 59098 | 152.231.120.3 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 20, 2024 06:02:27.675338030 CEST | 56798 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:02:27.680279970 CEST | 80 | 56798 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:02:27.680357933 CEST | 56798 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:02:27.680521011 CEST | 56798 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:02:27.680555105 CEST | 56798 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:02:27.685288906 CEST | 80 | 56798 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:02:27.685447931 CEST | 80 | 56798 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:02:29.062674999 CEST | 80 | 56798 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:02:29.062843084 CEST | 56798 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:02:29.062906027 CEST | 56798 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:02:29.067642927 CEST | 80 | 56798 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:03:46.508483887 CEST | 57004 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:03:46.513364077 CEST | 80 | 57004 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:03:46.513470888 CEST | 57004 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:03:46.513629913 CEST | 57004 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:03:46.513658047 CEST | 57004 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:03:46.518469095 CEST | 80 | 57004 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:03:46.518520117 CEST | 80 | 57004 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:03:47.871893883 CEST | 80 | 57004 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:03:47.872010946 CEST | 57004 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:03:47.873688936 CEST | 57004 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:03:47.878511906 CEST | 80 | 57004 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:02.356702089 CEST | 57064 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:02.361716986 CEST | 80 | 57064 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:02.361820936 CEST | 57064 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:02.361991882 CEST | 57064 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:02.362026930 CEST | 57064 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:02.366863012 CEST | 80 | 57064 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:02.366976023 CEST | 80 | 57064 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:03.773643970 CEST | 80 | 57064 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:03.773750067 CEST | 57064 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:03.776237965 CEST | 57064 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:03.781086922 CEST | 80 | 57064 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:20.498364925 CEST | 57074 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:20.503598928 CEST | 80 | 57074 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:20.503731966 CEST | 57074 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:20.503911972 CEST | 57074 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:20.503942966 CEST | 57074 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:20.508712053 CEST | 80 | 57074 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:20.508862019 CEST | 80 | 57074 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:21.852444887 CEST | 80 | 57074 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:21.852569103 CEST | 57074 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:21.852637053 CEST | 57074 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:21.857476950 CEST | 80 | 57074 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:36.342783928 CEST | 57075 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:36.347974062 CEST | 80 | 57075 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:36.348074913 CEST | 57075 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:36.348220110 CEST | 57075 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:36.348248005 CEST | 57075 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:36.353238106 CEST | 80 | 57075 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:36.353270054 CEST | 80 | 57075 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:37.746958017 CEST | 80 | 57075 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:37.747087955 CEST | 57075 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:37.747124910 CEST | 57075 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:37.751983881 CEST | 80 | 57075 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:53.259325981 CEST | 57076 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:53.264332056 CEST | 80 | 57076 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:53.264436007 CEST | 57076 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:53.264657021 CEST | 57076 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:53.264688969 CEST | 57076 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:53.269393921 CEST | 80 | 57076 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:53.269591093 CEST | 80 | 57076 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:54.667985916 CEST | 80 | 57076 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:04:54.668066978 CEST | 57076 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:54.668104887 CEST | 57076 | 80 | 192.168.2.4 | 181.123.219.23 |
Oct 20, 2024 06:04:54.673038006 CEST | 80 | 57076 | 181.123.219.23 | 192.168.2.4 |
Oct 20, 2024 06:05:11.496117115 CEST | 57077 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:11.501161098 CEST | 80 | 57077 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:11.501264095 CEST | 57077 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:11.501455069 CEST | 57077 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:11.501496077 CEST | 57077 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:11.506344080 CEST | 80 | 57077 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:11.506372929 CEST | 80 | 57077 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:13.486825943 CEST | 80 | 57077 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:13.486846924 CEST | 80 | 57077 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:13.486862898 CEST | 80 | 57077 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:13.486892939 CEST | 57077 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:13.486943960 CEST | 57077 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:13.486962080 CEST | 57077 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:13.486962080 CEST | 57077 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:13.491801977 CEST | 80 | 57077 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:32.102277994 CEST | 59097 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:32.108062983 CEST | 80 | 59097 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:32.108166933 CEST | 59097 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:32.108335018 CEST | 59097 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:32.108369112 CEST | 59097 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:32.113135099 CEST | 80 | 59097 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:32.113308907 CEST | 80 | 59097 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:33.359750032 CEST | 80 | 59097 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:33.359838009 CEST | 59097 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:33.359929085 CEST | 59097 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:33.364717007 CEST | 80 | 59097 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:49.088704109 CEST | 59098 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:49.094296932 CEST | 80 | 59098 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:49.094371080 CEST | 59098 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:49.094544888 CEST | 59098 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:49.094574928 CEST | 59098 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:49.099347115 CEST | 80 | 59098 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:49.099479914 CEST | 80 | 59098 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:50.360996962 CEST | 80 | 59098 | 152.231.120.3 | 192.168.2.4 |
Oct 20, 2024 06:05:50.361206055 CEST | 59098 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:50.361206055 CEST | 59098 | 80 | 192.168.2.4 | 152.231.120.3 |
Oct 20, 2024 06:05:50.366110086 CEST | 80 | 59098 | 152.231.120.3 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 20, 2024 06:02:23.452756882 CEST | 54582 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:02:24.443025112 CEST | 54582 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:02:24.449812889 CEST | 53 | 54582 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:02:25.741895914 CEST | 53 | 54582 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:02:29.066656113 CEST | 59060 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:02:30.052763939 CEST | 59060 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:02:31.053829908 CEST | 59060 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:02:33.052539110 CEST | 59060 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:02:35.266899109 CEST | 53 | 59060 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:02:35.266913891 CEST | 53 | 59060 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:02:35.266922951 CEST | 53 | 59060 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:02:35.266932011 CEST | 53 | 59060 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:02:35.271102905 CEST | 51821 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:02:35.279709101 CEST | 53 | 51821 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:02:35.281821966 CEST | 53793 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:02:36.271622896 CEST | 53793 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:02:37.286936998 CEST | 53793 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:02:39.287017107 CEST | 53793 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:02:41.426759005 CEST | 53 | 53793 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:02:41.426774979 CEST | 53 | 53793 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:02:41.426783085 CEST | 53 | 53793 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:02:41.426793098 CEST | 53 | 53793 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:03:48.111795902 CEST | 63489 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:03:49.116193056 CEST | 63489 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:03:50.115669012 CEST | 63489 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:03:52.115117073 CEST | 63489 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:03:54.340567112 CEST | 53 | 63489 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:03:54.340609074 CEST | 53 | 63489 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:03:54.340636969 CEST | 53 | 63489 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:03:54.340667963 CEST | 53 | 63489 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:03:54.374310017 CEST | 53216 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:03:54.383609056 CEST | 53 | 53216 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:03:54.422172070 CEST | 53532 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:03:55.418617964 CEST | 53532 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:03:56.428385973 CEST | 53532 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:03:58.560297966 CEST | 53532 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:00.589171886 CEST | 53 | 53532 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:00.589210987 CEST | 53 | 53532 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:00.589222908 CEST | 53 | 53532 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:00.589234114 CEST | 53 | 53532 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:03.798331976 CEST | 56242 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:04.803531885 CEST | 56242 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:05.822396994 CEST | 56242 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:07.820353031 CEST | 56242 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:09.986706972 CEST | 53 | 56242 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:09.986751080 CEST | 53 | 56242 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:09.986778975 CEST | 53 | 56242 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:09.986804962 CEST | 53 | 56242 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:09.998655081 CEST | 56232 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:10.008263111 CEST | 53 | 56232 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:10.020721912 CEST | 59553 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:11.021517992 CEST | 59553 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:12.037214994 CEST | 59553 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:14.037036896 CEST | 59553 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:16.183670998 CEST | 53 | 59553 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:16.183717012 CEST | 53 | 59553 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:16.183760881 CEST | 53 | 59553 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:16.183788061 CEST | 53 | 59553 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:21.862377882 CEST | 63349 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:22.849551916 CEST | 63349 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:23.865495920 CEST | 63349 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:25.880780935 CEST | 63349 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:28.185077906 CEST | 53 | 63349 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:28.185116053 CEST | 53 | 63349 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:28.185142994 CEST | 53 | 63349 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:28.185168982 CEST | 53 | 63349 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:28.191004038 CEST | 50644 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:28.200258017 CEST | 53 | 50644 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:28.202442884 CEST | 58760 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:29.361452103 CEST | 58760 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:30.366839886 CEST | 58760 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:32.239702940 CEST | 53 | 58760 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:32.239742994 CEST | 53 | 58760 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:32.239770889 CEST | 53 | 58760 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:37.762324095 CEST | 54512 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:38.764034986 CEST | 54512 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:39.775680065 CEST | 54512 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:41.781719923 CEST | 54512 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:43.959927082 CEST | 53 | 54512 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:43.959966898 CEST | 53 | 54512 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:43.960012913 CEST | 53 | 54512 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:43.960038900 CEST | 53 | 54512 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:43.985183001 CEST | 59570 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:43.994116068 CEST | 53 | 59570 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:43.996458054 CEST | 52847 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:45.017965078 CEST | 52847 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:46.010179043 CEST | 52847 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:48.007585049 CEST | 53 | 52847 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:48.007607937 CEST | 53 | 52847 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:48.007621050 CEST | 53 | 52847 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:04:54.693775892 CEST | 51516 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:55.709264994 CEST | 51516 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:56.711445093 CEST | 51516 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:04:58.730252981 CEST | 51516 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:02.708540916 CEST | 53 | 51516 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:02.708580971 CEST | 53 | 51516 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:02.708609104 CEST | 53 | 51516 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:02.708636045 CEST | 53 | 51516 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:02.754718065 CEST | 64377 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:02.764462948 CEST | 53 | 64377 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:02.780143976 CEST | 63796 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:03.771567106 CEST | 63796 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:04.771477938 CEST | 63796 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:04.788497925 CEST | 53 | 63796 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:04.788538933 CEST | 53 | 63796 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:04.788570881 CEST | 53 | 63796 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:09.141108036 CEST | 65196 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:10.146533012 CEST | 65196 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:11.146544933 CEST | 65196 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:11.495147943 CEST | 53 | 65196 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:11.495191097 CEST | 53 | 65196 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:11.495219946 CEST | 53 | 65196 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:13.497422934 CEST | 50264 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:14.490206957 CEST | 50264 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:14.497441053 CEST | 53 | 50264 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:20.337811947 CEST | 53 | 50264 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:21.724271059 CEST | 50766 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:21.733058929 CEST | 53 | 50766 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:21.735491991 CEST | 55786 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:22.725940943 CEST | 55786 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:23.743175030 CEST | 55786 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:25.757951021 CEST | 55786 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:27.945332050 CEST | 53 | 55786 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:27.945372105 CEST | 53 | 55786 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:27.945400000 CEST | 53 | 55786 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:27.945426941 CEST | 53 | 55786 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:33.383588076 CEST | 58860 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:34.380913973 CEST | 58860 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:35.397222042 CEST | 58860 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:37.412142992 CEST | 58860 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:39.637048006 CEST | 53 | 58860 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:39.637089014 CEST | 53 | 58860 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:39.637100935 CEST | 53 | 58860 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:39.637113094 CEST | 53 | 58860 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:39.661550045 CEST | 53072 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:39.670794010 CEST | 53 | 53072 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:39.696885109 CEST | 65037 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:40.709117889 CEST | 65037 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:41.709932089 CEST | 65037 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:43.709012032 CEST | 65037 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:43.822143078 CEST | 53 | 65037 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:43.822181940 CEST | 53 | 65037 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:43.822210073 CEST | 53 | 65037 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:43.822236061 CEST | 53 | 65037 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:50.380108118 CEST | 59564 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:51.384907007 CEST | 59564 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:52.396862030 CEST | 59564 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:54.403475046 CEST | 59564 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:56.591583967 CEST | 53 | 59564 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:56.591639042 CEST | 53 | 59564 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:56.591665983 CEST | 53 | 59564 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:56.591694117 CEST | 53 | 59564 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:56.611051083 CEST | 52975 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:56.619939089 CEST | 53 | 52975 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:05:56.637810946 CEST | 63290 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:57.630898952 CEST | 63290 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:05:58.652486086 CEST | 63290 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:06:00.662128925 CEST | 63290 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 06:06:02.934820890 CEST | 53 | 63290 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:06:02.934834957 CEST | 53 | 63290 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:06:02.934844017 CEST | 53 | 63290 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 06:06:02.934853077 CEST | 53 | 63290 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 20, 2024 06:02:23.452756882 CEST | 192.168.2.4 | 1.1.1.1 | 0x8d2d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:24.443025112 CEST | 192.168.2.4 | 1.1.1.1 | 0x8d2d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:29.066656113 CEST | 192.168.2.4 | 1.1.1.1 | 0xcc4c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:30.052763939 CEST | 192.168.2.4 | 1.1.1.1 | 0xcc4c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:31.053829908 CEST | 192.168.2.4 | 1.1.1.1 | 0xcc4c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:33.052539110 CEST | 192.168.2.4 | 1.1.1.1 | 0xcc4c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:35.271102905 CEST | 192.168.2.4 | 1.1.1.1 | 0x5d7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:35.281821966 CEST | 192.168.2.4 | 1.1.1.1 | 0x412a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:36.271622896 CEST | 192.168.2.4 | 1.1.1.1 | 0x412a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:37.286936998 CEST | 192.168.2.4 | 1.1.1.1 | 0x412a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:39.287017107 CEST | 192.168.2.4 | 1.1.1.1 | 0x412a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:48.111795902 CEST | 192.168.2.4 | 1.1.1.1 | 0x2471 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:49.116193056 CEST | 192.168.2.4 | 1.1.1.1 | 0x2471 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:50.115669012 CEST | 192.168.2.4 | 1.1.1.1 | 0x2471 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:52.115117073 CEST | 192.168.2.4 | 1.1.1.1 | 0x2471 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:54.374310017 CEST | 192.168.2.4 | 1.1.1.1 | 0x5a2c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:54.422172070 CEST | 192.168.2.4 | 1.1.1.1 | 0x3b9d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:55.418617964 CEST | 192.168.2.4 | 1.1.1.1 | 0x3b9d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:56.428385973 CEST | 192.168.2.4 | 1.1.1.1 | 0x3b9d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:58.560297966 CEST | 192.168.2.4 | 1.1.1.1 | 0x3b9d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:03.798331976 CEST | 192.168.2.4 | 1.1.1.1 | 0xa303 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:04.803531885 CEST | 192.168.2.4 | 1.1.1.1 | 0xa303 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:05.822396994 CEST | 192.168.2.4 | 1.1.1.1 | 0xa303 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:07.820353031 CEST | 192.168.2.4 | 1.1.1.1 | 0xa303 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:09.998655081 CEST | 192.168.2.4 | 1.1.1.1 | 0x5e99 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:10.020721912 CEST | 192.168.2.4 | 1.1.1.1 | 0x883c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:11.021517992 CEST | 192.168.2.4 | 1.1.1.1 | 0x883c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:12.037214994 CEST | 192.168.2.4 | 1.1.1.1 | 0x883c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:14.037036896 CEST | 192.168.2.4 | 1.1.1.1 | 0x883c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:21.862377882 CEST | 192.168.2.4 | 1.1.1.1 | 0x32c4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:22.849551916 CEST | 192.168.2.4 | 1.1.1.1 | 0x32c4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:23.865495920 CEST | 192.168.2.4 | 1.1.1.1 | 0x32c4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:25.880780935 CEST | 192.168.2.4 | 1.1.1.1 | 0x32c4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:28.191004038 CEST | 192.168.2.4 | 1.1.1.1 | 0xec6d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:28.202442884 CEST | 192.168.2.4 | 1.1.1.1 | 0xaf11 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:29.361452103 CEST | 192.168.2.4 | 1.1.1.1 | 0xaf11 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:30.366839886 CEST | 192.168.2.4 | 1.1.1.1 | 0xaf11 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:37.762324095 CEST | 192.168.2.4 | 1.1.1.1 | 0x4915 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:38.764034986 CEST | 192.168.2.4 | 1.1.1.1 | 0x4915 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:39.775680065 CEST | 192.168.2.4 | 1.1.1.1 | 0x4915 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:41.781719923 CEST | 192.168.2.4 | 1.1.1.1 | 0x4915 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:43.985183001 CEST | 192.168.2.4 | 1.1.1.1 | 0xfb6d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:43.996458054 CEST | 192.168.2.4 | 1.1.1.1 | 0x35b0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:45.017965078 CEST | 192.168.2.4 | 1.1.1.1 | 0x35b0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:46.010179043 CEST | 192.168.2.4 | 1.1.1.1 | 0x35b0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:54.693775892 CEST | 192.168.2.4 | 1.1.1.1 | 0xbd9b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:55.709264994 CEST | 192.168.2.4 | 1.1.1.1 | 0xbd9b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:56.711445093 CEST | 192.168.2.4 | 1.1.1.1 | 0xbd9b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:58.730252981 CEST | 192.168.2.4 | 1.1.1.1 | 0xbd9b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:02.754718065 CEST | 192.168.2.4 | 1.1.1.1 | 0x260f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:02.780143976 CEST | 192.168.2.4 | 1.1.1.1 | 0x8e5a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:03.771567106 CEST | 192.168.2.4 | 1.1.1.1 | 0x8e5a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:04.771477938 CEST | 192.168.2.4 | 1.1.1.1 | 0x8e5a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:09.141108036 CEST | 192.168.2.4 | 1.1.1.1 | 0xa8e3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:10.146533012 CEST | 192.168.2.4 | 1.1.1.1 | 0xa8e3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:11.146544933 CEST | 192.168.2.4 | 1.1.1.1 | 0xa8e3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:13.497422934 CEST | 192.168.2.4 | 1.1.1.1 | 0xc8b9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:14.490206957 CEST | 192.168.2.4 | 1.1.1.1 | 0xc8b9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:21.724271059 CEST | 192.168.2.4 | 1.1.1.1 | 0xe091 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:21.735491991 CEST | 192.168.2.4 | 1.1.1.1 | 0xe7e2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:22.725940943 CEST | 192.168.2.4 | 1.1.1.1 | 0xe7e2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:23.743175030 CEST | 192.168.2.4 | 1.1.1.1 | 0xe7e2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:25.757951021 CEST | 192.168.2.4 | 1.1.1.1 | 0xe7e2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:33.383588076 CEST | 192.168.2.4 | 1.1.1.1 | 0xb446 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:34.380913973 CEST | 192.168.2.4 | 1.1.1.1 | 0xb446 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:35.397222042 CEST | 192.168.2.4 | 1.1.1.1 | 0xb446 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:37.412142992 CEST | 192.168.2.4 | 1.1.1.1 | 0xb446 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:39.661550045 CEST | 192.168.2.4 | 1.1.1.1 | 0xafa0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:39.696885109 CEST | 192.168.2.4 | 1.1.1.1 | 0x88ce | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:40.709117889 CEST | 192.168.2.4 | 1.1.1.1 | 0x88ce | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:41.709932089 CEST | 192.168.2.4 | 1.1.1.1 | 0x88ce | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:43.709012032 CEST | 192.168.2.4 | 1.1.1.1 | 0x88ce | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:50.380108118 CEST | 192.168.2.4 | 1.1.1.1 | 0x72c2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:51.384907007 CEST | 192.168.2.4 | 1.1.1.1 | 0x72c2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:52.396862030 CEST | 192.168.2.4 | 1.1.1.1 | 0x72c2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:54.403475046 CEST | 192.168.2.4 | 1.1.1.1 | 0x72c2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:56.611051083 CEST | 192.168.2.4 | 1.1.1.1 | 0x637a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:56.637810946 CEST | 192.168.2.4 | 1.1.1.1 | 0x961b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:57.630898952 CEST | 192.168.2.4 | 1.1.1.1 | 0x961b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:58.652486086 CEST | 192.168.2.4 | 1.1.1.1 | 0x961b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:06:00.662128925 CEST | 192.168.2.4 | 1.1.1.1 | 0x961b | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 20, 2024 06:02:25.741895914 CEST | 1.1.1.1 | 192.168.2.4 | 0x8d2d | No error (0) | 187.204.28.205 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:02:25.741895914 CEST | 1.1.1.1 | 192.168.2.4 | 0x8d2d | No error (0) | 190.249.249.14 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:02:25.741895914 CEST | 1.1.1.1 | 192.168.2.4 | 0x8d2d | No error (0) | 189.181.30.147 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:02:25.741895914 CEST | 1.1.1.1 | 192.168.2.4 | 0x8d2d | No error (0) | 190.218.17.143 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:02:25.741895914 CEST | 1.1.1.1 | 192.168.2.4 | 0x8d2d | No error (0) | 190.187.52.42 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:02:25.741895914 CEST | 1.1.1.1 | 192.168.2.4 | 0x8d2d | No error (0) | 181.123.219.23 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:02:25.741895914 CEST | 1.1.1.1 | 192.168.2.4 | 0x8d2d | No error (0) | 177.129.90.106 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:02:25.741895914 CEST | 1.1.1.1 | 192.168.2.4 | 0x8d2d | No error (0) | 95.86.30.3 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:02:25.741895914 CEST | 1.1.1.1 | 192.168.2.4 | 0x8d2d | No error (0) | 187.228.106.109 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:02:25.741895914 CEST | 1.1.1.1 | 192.168.2.4 | 0x8d2d | No error (0) | 152.231.120.3 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:02:35.266899109 CEST | 1.1.1.1 | 192.168.2.4 | 0xcc4c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:35.266913891 CEST | 1.1.1.1 | 192.168.2.4 | 0xcc4c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:35.266922951 CEST | 1.1.1.1 | 192.168.2.4 | 0xcc4c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:35.266932011 CEST | 1.1.1.1 | 192.168.2.4 | 0xcc4c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:35.279709101 CEST | 1.1.1.1 | 192.168.2.4 | 0x5d7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:41.426759005 CEST | 1.1.1.1 | 192.168.2.4 | 0x412a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:41.426774979 CEST | 1.1.1.1 | 192.168.2.4 | 0x412a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:41.426783085 CEST | 1.1.1.1 | 192.168.2.4 | 0x412a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:02:41.426793098 CEST | 1.1.1.1 | 192.168.2.4 | 0x412a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:54.340567112 CEST | 1.1.1.1 | 192.168.2.4 | 0x2471 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:54.340609074 CEST | 1.1.1.1 | 192.168.2.4 | 0x2471 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:54.340636969 CEST | 1.1.1.1 | 192.168.2.4 | 0x2471 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:54.340667963 CEST | 1.1.1.1 | 192.168.2.4 | 0x2471 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:03:54.383609056 CEST | 1.1.1.1 | 192.168.2.4 | 0x5a2c | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:00.589171886 CEST | 1.1.1.1 | 192.168.2.4 | 0x3b9d | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:00.589210987 CEST | 1.1.1.1 | 192.168.2.4 | 0x3b9d | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:00.589222908 CEST | 1.1.1.1 | 192.168.2.4 | 0x3b9d | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:00.589234114 CEST | 1.1.1.1 | 192.168.2.4 | 0x3b9d | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:09.986706972 CEST | 1.1.1.1 | 192.168.2.4 | 0xa303 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:09.986751080 CEST | 1.1.1.1 | 192.168.2.4 | 0xa303 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:09.986778975 CEST | 1.1.1.1 | 192.168.2.4 | 0xa303 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:09.986804962 CEST | 1.1.1.1 | 192.168.2.4 | 0xa303 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:10.008263111 CEST | 1.1.1.1 | 192.168.2.4 | 0x5e99 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:16.183670998 CEST | 1.1.1.1 | 192.168.2.4 | 0x883c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:16.183717012 CEST | 1.1.1.1 | 192.168.2.4 | 0x883c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:16.183760881 CEST | 1.1.1.1 | 192.168.2.4 | 0x883c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:16.183788061 CEST | 1.1.1.1 | 192.168.2.4 | 0x883c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:28.185077906 CEST | 1.1.1.1 | 192.168.2.4 | 0x32c4 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:28.185116053 CEST | 1.1.1.1 | 192.168.2.4 | 0x32c4 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:28.185142994 CEST | 1.1.1.1 | 192.168.2.4 | 0x32c4 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:28.185168982 CEST | 1.1.1.1 | 192.168.2.4 | 0x32c4 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:28.200258017 CEST | 1.1.1.1 | 192.168.2.4 | 0xec6d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:32.239702940 CEST | 1.1.1.1 | 192.168.2.4 | 0xaf11 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:32.239742994 CEST | 1.1.1.1 | 192.168.2.4 | 0xaf11 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:32.239770889 CEST | 1.1.1.1 | 192.168.2.4 | 0xaf11 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:43.959927082 CEST | 1.1.1.1 | 192.168.2.4 | 0x4915 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:43.959966898 CEST | 1.1.1.1 | 192.168.2.4 | 0x4915 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:43.960012913 CEST | 1.1.1.1 | 192.168.2.4 | 0x4915 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:43.960038900 CEST | 1.1.1.1 | 192.168.2.4 | 0x4915 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:43.994116068 CEST | 1.1.1.1 | 192.168.2.4 | 0xfb6d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:48.007585049 CEST | 1.1.1.1 | 192.168.2.4 | 0x35b0 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:48.007607937 CEST | 1.1.1.1 | 192.168.2.4 | 0x35b0 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:04:48.007621050 CEST | 1.1.1.1 | 192.168.2.4 | 0x35b0 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:02.708540916 CEST | 1.1.1.1 | 192.168.2.4 | 0xbd9b | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:02.708580971 CEST | 1.1.1.1 | 192.168.2.4 | 0xbd9b | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:02.708609104 CEST | 1.1.1.1 | 192.168.2.4 | 0xbd9b | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:02.708636045 CEST | 1.1.1.1 | 192.168.2.4 | 0xbd9b | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:02.764462948 CEST | 1.1.1.1 | 192.168.2.4 | 0x260f | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:04.788497925 CEST | 1.1.1.1 | 192.168.2.4 | 0x8e5a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:04.788538933 CEST | 1.1.1.1 | 192.168.2.4 | 0x8e5a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:04.788570881 CEST | 1.1.1.1 | 192.168.2.4 | 0x8e5a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:11.495147943 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 152.231.120.3 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495147943 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 187.204.28.205 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495147943 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 190.249.249.14 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495147943 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 189.181.30.147 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495147943 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 190.218.17.143 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495147943 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 190.187.52.42 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495147943 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 181.123.219.23 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495147943 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 177.129.90.106 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495147943 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 95.86.30.3 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495147943 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 187.228.106.109 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495191097 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 152.231.120.3 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495191097 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 187.204.28.205 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495191097 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 190.249.249.14 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495191097 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 189.181.30.147 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495191097 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 190.218.17.143 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495191097 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 190.187.52.42 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495191097 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 181.123.219.23 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495191097 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 177.129.90.106 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495191097 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 95.86.30.3 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495191097 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 187.228.106.109 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495219946 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 152.231.120.3 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495219946 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 187.204.28.205 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495219946 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 190.249.249.14 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495219946 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 189.181.30.147 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495219946 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 190.218.17.143 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495219946 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 190.187.52.42 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495219946 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 181.123.219.23 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495219946 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 177.129.90.106 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495219946 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 95.86.30.3 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:11.495219946 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8e3 | No error (0) | 187.228.106.109 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 06:05:20.337811947 CEST | 1.1.1.1 | 192.168.2.4 | 0xc8b9 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:21.733058929 CEST | 1.1.1.1 | 192.168.2.4 | 0xe091 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:27.945332050 CEST | 1.1.1.1 | 192.168.2.4 | 0xe7e2 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:27.945372105 CEST | 1.1.1.1 | 192.168.2.4 | 0xe7e2 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:27.945400000 CEST | 1.1.1.1 | 192.168.2.4 | 0xe7e2 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:27.945426941 CEST | 1.1.1.1 | 192.168.2.4 | 0xe7e2 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:39.637048006 CEST | 1.1.1.1 | 192.168.2.4 | 0xb446 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:39.637089014 CEST | 1.1.1.1 | 192.168.2.4 | 0xb446 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:39.637100935 CEST | 1.1.1.1 | 192.168.2.4 | 0xb446 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:39.637113094 CEST | 1.1.1.1 | 192.168.2.4 | 0xb446 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:39.670794010 CEST | 1.1.1.1 | 192.168.2.4 | 0xafa0 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:43.822143078 CEST | 1.1.1.1 | 192.168.2.4 | 0x88ce | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:43.822181940 CEST | 1.1.1.1 | 192.168.2.4 | 0x88ce | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:43.822210073 CEST | 1.1.1.1 | 192.168.2.4 | 0x88ce | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:43.822236061 CEST | 1.1.1.1 | 192.168.2.4 | 0x88ce | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:56.591583967 CEST | 1.1.1.1 | 192.168.2.4 | 0x72c2 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:56.591639042 CEST | 1.1.1.1 | 192.168.2.4 | 0x72c2 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:56.591665983 CEST | 1.1.1.1 | 192.168.2.4 | 0x72c2 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:56.591694117 CEST | 1.1.1.1 | 192.168.2.4 | 0x72c2 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:05:56.619939089 CEST | 1.1.1.1 | 192.168.2.4 | 0x637a | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:06:02.934820890 CEST | 1.1.1.1 | 192.168.2.4 | 0x961b | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:06:02.934834957 CEST | 1.1.1.1 | 192.168.2.4 | 0x961b | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:06:02.934844017 CEST | 1.1.1.1 | 192.168.2.4 | 0x961b | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 06:06:02.934853077 CEST | 1.1.1.1 | 192.168.2.4 | 0x961b | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 56798 | 181.123.219.23 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 06:02:27.680521011 CEST | 280 | OUT | |
Oct 20, 2024 06:02:27.680555105 CEST | 169 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 57004 | 181.123.219.23 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 06:03:46.513629913 CEST | 283 | OUT | |
Oct 20, 2024 06:03:46.513658047 CEST | 297 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 57064 | 181.123.219.23 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 06:04:02.361991882 CEST | 285 | OUT | |
Oct 20, 2024 06:04:02.362026930 CEST | 126 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 57074 | 181.123.219.23 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 06:04:20.503911972 CEST | 281 | OUT | |
Oct 20, 2024 06:04:20.503942966 CEST | 269 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 57075 | 181.123.219.23 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 06:04:36.348220110 CEST | 281 | OUT | |
Oct 20, 2024 06:04:36.348248005 CEST | 118 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 57076 | 181.123.219.23 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 06:04:53.264657021 CEST | 283 | OUT | |
Oct 20, 2024 06:04:53.264688969 CEST | 245 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 57077 | 152.231.120.3 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 06:05:11.501455069 CEST | 284 | OUT | |
Oct 20, 2024 06:05:11.501496077 CEST | 354 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 59097 | 152.231.120.3 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 06:05:32.108335018 CEST | 285 | OUT | |
Oct 20, 2024 06:05:32.108369112 CEST | 132 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 59098 | 152.231.120.3 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 06:05:49.094544888 CEST | 285 | OUT | |
Oct 20, 2024 06:05:49.094574928 CEST | 174 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 00:01:58 |
Start date: | 20/10/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 377'856 bytes |
MD5 hash: | 6495432F0808EB94291D12C862216FE2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 00:02:04 |
Start date: | 20/10/2024 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b770000 |
File size: | 5'141'208 bytes |
MD5 hash: | 662F4F92FDE3557E86D110526BB578D5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 5 |
Start time: | 00:02:24 |
Start date: | 20/10/2024 |
Path: | C:\Users\user\AppData\Roaming\wdhwgdv |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 377'856 bytes |
MD5 hash: | 6495432F0808EB94291D12C862216FE2 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 8.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 35.7% |
Total number of Nodes: | 112 |
Total number of Limit Nodes: | 4 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00601D11 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0062003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00620E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401919 Relevance: 1.3, APIs: 1, Instructions: 79sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401959 Relevance: 1.3, APIs: 1, Instructions: 66sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401970 Relevance: 1.3, APIs: 1, Instructions: 56sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401977 Relevance: 1.3, APIs: 1, Instructions: 56sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401987 Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040198A Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006019D0 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0062092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402721 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401A28 Relevance: .3, Instructions: 258COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006015EE Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00620D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 8.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 112 |
Total number of Limit Nodes: | 4 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0061003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 005F1D11 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00610E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401919 Relevance: 1.3, APIs: 1, Instructions: 79sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401959 Relevance: 1.3, APIs: 1, Instructions: 66sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401970 Relevance: 1.3, APIs: 1, Instructions: 56sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401977 Relevance: 1.3, APIs: 1, Instructions: 56sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401987 Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040198A Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005F19D0 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|