Windows
Analysis Report
bac4j0DRRb.exe
Overview
General Information
Sample name: | bac4j0DRRb.exerenamed because original name is a hash value |
Original sample name: | AD9E28142AB51F364542C7DAC2D73A8C.exe |
Analysis ID: | 1538231 |
MD5: | ad9e28142ab51f364542c7dac2d73a8c |
SHA1: | 8bd52e4e93b44a347d05c3c94c397354894088ae |
SHA256: | a9ec84d22acda7f438810bae0831bc151e6784f2005c896d687ab295ef4a7fd5 |
Tags: | exeRedLineStealeruser-abuse_ch |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- bac4j0DRRb.exe (PID: 4028 cmdline:
"C:\Users\ user\Deskt op\bac4j0D RRb.exe" MD5: AD9E28142AB51F364542C7DAC2D73A8C)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": ["ierinapu.xyz:80"], "Bot Id": "@apexbeatsjuggin"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
Windows_Trojan_RedLineStealer_f54632eb | unknown | unknown |
| |
MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
Windows_Trojan_RedLineStealer_f54632eb | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
Click to see the 1 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
Windows_Trojan_RedLineStealer_f54632eb | unknown | unknown |
| |
MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
|
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-20T21:02:17.139662+0200 | 2018141 | 1 | A Network Trojan was detected | 18.141.10.107 | 80 | 192.168.2.5 | 49708 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-20T21:02:17.139662+0200 | 2037771 | 1 | A Network Trojan was detected | 18.141.10.107 | 80 | 192.168.2.5 | 49708 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-20T21:02:05.829393+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:08.742100+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49705 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:11.392076+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49706 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:14.540121+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49707 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:17.133861+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49708 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:19.918328+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49713 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:22.456520+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49727 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:25.067847+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49742 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:27.613147+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49752 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:30.197493+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49763 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:32.792047+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49775 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:35.364874+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49787 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:38.422893+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49797 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:40.994757+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49811 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:43.552295+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49823 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:46.136200+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49834 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:49.164825+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49847 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:51.747237+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49860 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:54.307507+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49872 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:56.905258+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49883 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:59.466963+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49897 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:02.050809+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49912 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:05.062590+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49923 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:07.601149+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49938 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:10.161871+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49950 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:12.946777+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49961 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:15.499426+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49974 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:18.051436+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49987 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:20.609574+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49999 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:23.165100+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50007 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:25.819073+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50008 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:28.382549+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50009 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:30.947354+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50010 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:33.463359+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50011 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:35.962807+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50012 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:38.421418+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50013 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:40.843150+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50014 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:43.250308+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50015 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:45.617806+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50016 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:47.952099+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50017 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:50.270234+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50018 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:52.569756+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50019 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:55.110951+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50020 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:57.550012+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50021 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:59.765805+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50022 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:04:01.976012+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50023 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:04:04.159964+0200 | 2034361 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 50024 | 18.141.10.107 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | DNS query: |
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_026CDDE8 | |
Source: | Code function: | 0_2_026CD4F0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 2 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 2 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Timestomp | Security Account Manager | 12 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
81% | ReversingLabs | ByteCode-MSIL.Trojan.SpiderRedLine | ||
100% | Avira | HEUR/AGEN.1305493 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ierinapu.xyz | 18.141.10.107 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
18.141.10.107 | ierinapu.xyz | United States | 16509 | AMAZON-02US | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1538231 |
Start date and time: | 2024-10-20 21:01:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | bac4j0DRRb.exerenamed because original name is a hash value |
Original Sample Name: | AD9E28142AB51F364542C7DAC2D73A8C.exe |
Detection: | MAL |
Classification: | mal100.troj.winEXE@1/0@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target bac4j0DRRb.exe, PID 4028 because it is empty
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: bac4j0DRRb.exe
Time | Type | Description |
---|---|---|
15:03:29 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
18.141.10.107 | Get hash | malicious | PureLog Stealer, RedLine | Browse |
| |
Get hash | malicious | PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ierinapu.xyz | Get hash | malicious | RedLine | Browse |
| |
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | RedLine | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AMAZON-02US | Get hash | malicious | Mirai, Okiru | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
|
File type: | |
Entropy (8bit): | 5.8100248969799795 |
TrID: |
|
File name: | bac4j0DRRb.exe |
File size: | 98'304 bytes |
MD5: | ad9e28142ab51f364542c7dac2d73a8c |
SHA1: | 8bd52e4e93b44a347d05c3c94c397354894088ae |
SHA256: | a9ec84d22acda7f438810bae0831bc151e6784f2005c896d687ab295ef4a7fd5 |
SHA512: | 22b66f48183a78e209ed05d3f8ee952fc2740545264a406a6e9a1dfd4aa237afa675c73b681a9a946ca25f50a14a25d6b770fdb804d0c139f21853e3a7959c46 |
SSDEEP: | 1536:scdIy9hl8Q4lD2j2j9xEtKzGb4pQ33HbPyFMdEOL3iKx/SEeG6am:scWshrYqO9xkx3HTy+dRFm |
TLSH: | DBA33B25E3ACCA25D7BE4535B970112547F1E28B7041EBCB8DC0A8DF2E637C26A255F2 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y.................0..p..........R~... ........@.. ....................................@................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x417e52 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0xB7C91059 [Fri Sep 16 14:04:09 2067 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
popad |
add byte ptr [ebp+00h], dh |
je 00007EFC18DE6A32h |
outsd |
add byte ptr [esi+00h], ah |
imul eax, dword ptr [eax], 006C006Ch |
add byte ptr [eax+00h], bh |
jo 00007EFC18DE6A32h |
imul eax, dword ptr [eax], 00610072h |
popad |
add byte ptr [ebx+00h], dh |
xor al, byte ptr [eax] |
xor dword ptr [eax], eax |
je 00007EFC18DE6A32h |
imul eax, dword ptr [eax], 006E006Fh |
pop edi |
add byte ptr [ecx+00h], bh |
popad |
add byte ptr [ebx+00h], dh |
xor al, byte ptr [eax] |
xor dword ptr [eax], eax |
add byte ptr [ecx+00h], ah |
jc 00007EFC18DE6A32h |
add byte ptr [eax], al |
push eax |
add byte ptr [edx+00h], dh |
outsd |
add byte ptr [esi+00h], ah |
imul eax, dword ptr [eax], 0065006Ch |
jnc 00007EFC18DE6A32h |
push esp |
add byte ptr [edi+00h], ch |
je 00007EFC18DE6A32h |
popad |
add byte ptr [eax+eax+20h], ch |
add byte ptr [edi+00h], ch |
add byte ptr [eax], ah |
add byte ptr [edx+00h], dl |
inc ecx |
add byte ptr [ebp+00h], cl |
push 74007400h |
add byte ptr [eax+00h], dh |
jnc 00007EFC18DE6A32h |
cmp al, byte ptr [eax] |
das |
add byte ptr [edi], ch |
add byte ptr [ecx+00h], ah |
jo 00007EFC18DE6A32h |
imul eax, dword ptr [eax], 0069002Eh |
jo 00007EFC18DE6A32h |
add byte ptr [ebx+00h], dh |
bound eax, dword ptr [eax] |
das |
add byte ptr [edi+00h], ah |
add byte ptr [edi+00h], ch |
imul eax, dword ptr [eax], 00000070h |
and eax, 53005500h |
add byte ptr [ebp+00h], al |
push edx |
add byte ptr [eax+00h], dl |
inc ebp |
add byte ptr [esi+00h], ch |
jbe 00007EFC18DE6A32h |
imul eax, dword ptr [eax], 006F0072h |
outsb |
add byte ptr [ebp+00h], ch |
add byte ptr [esi+00h], ch |
je 00007EFC18DE6A32h |
push edx |
add byte ptr [edi+00h], cl |
inc esi |
add byte ptr [ecx+00h], cl |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x17e00 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1a000 | 0x4dc | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1c000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x17de4 | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x16c08 | 0x17000 | 70562c7ea263314ec8976641d8f2638d | False | 0.4346870754076087 | data | 5.92748062692072 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x1a000 | 0x4dc | 0x800 | 711e941cfcea15d24c94223426da5c4e | False | 0.2841796875 | data | 3.0005540254604153 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1c000 | 0xc | 0x400 | e4c1d0dd0af3102ca4f091f961377849 | False | 0.025390625 | data | 0.05585530805374581 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x1a090 | 0x24c | data | 0.46258503401360546 | ||
RT_MANIFEST | 0x1a2ec | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-20T21:02:05.829393+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49704 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:08.742100+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49705 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:11.392076+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49706 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:14.540121+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49707 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:17.133861+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49708 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:17.139662+0200 | 2018141 | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz | 1 | 18.141.10.107 | 80 | 192.168.2.5 | 49708 | TCP |
2024-10-20T21:02:17.139662+0200 | 2037771 | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst | 1 | 18.141.10.107 | 80 | 192.168.2.5 | 49708 | TCP |
2024-10-20T21:02:19.918328+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49713 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:22.456520+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49727 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:25.067847+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49742 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:27.613147+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49752 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:30.197493+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49763 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:32.792047+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49775 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:35.364874+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49787 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:38.422893+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49797 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:40.994757+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49811 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:43.552295+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49823 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:46.136200+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49834 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:49.164825+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49847 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:51.747237+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49860 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:54.307507+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49872 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:56.905258+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49883 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:02:59.466963+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49897 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:02.050809+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49912 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:05.062590+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49923 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:07.601149+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49938 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:10.161871+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49950 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:12.946777+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49961 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:15.499426+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49974 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:18.051436+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49987 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:20.609574+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 49999 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:23.165100+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50007 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:25.819073+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50008 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:28.382549+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50009 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:30.947354+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50010 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:33.463359+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50011 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:35.962807+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50012 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:38.421418+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50013 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:40.843150+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50014 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:43.250308+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50015 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:45.617806+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50016 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:47.952099+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50017 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:50.270234+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50018 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:52.569756+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50019 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:55.110951+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50020 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:57.550012+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50021 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:03:59.765805+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50022 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:04:01.976012+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50023 | 18.141.10.107 | 80 | TCP |
2024-10-20T21:04:04.159964+0200 | 2034361 | ET MALWARE RedLine - GetArguments Request | 1 | 192.168.2.5 | 50024 | 18.141.10.107 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 20, 2024 21:02:04.261671066 CEST | 49704 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:04.266705990 CEST | 80 | 49704 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:04.266829014 CEST | 49704 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:04.283566952 CEST | 49704 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:04.288563013 CEST | 80 | 49704 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:04.642263889 CEST | 49704 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:04.647269011 CEST | 80 | 49704 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:05.829224110 CEST | 80 | 49704 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:05.829392910 CEST | 49704 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:06.094630957 CEST | 49704 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:06.099656105 CEST | 80 | 49704 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:07.189769030 CEST | 49705 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:07.194829941 CEST | 80 | 49705 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:07.194953918 CEST | 49705 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:07.195065022 CEST | 49705 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:07.199968100 CEST | 80 | 49705 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:07.548538923 CEST | 49705 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:07.553528070 CEST | 80 | 49705 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:08.741961956 CEST | 80 | 49705 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:08.742005110 CEST | 80 | 49705 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:08.742100000 CEST | 49705 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:08.750032902 CEST | 49705 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:08.755467892 CEST | 80 | 49705 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:08.755573034 CEST | 49705 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:09.783278942 CEST | 49706 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:09.788513899 CEST | 80 | 49706 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:09.788604975 CEST | 49706 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:09.788760900 CEST | 49706 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:09.793715954 CEST | 80 | 49706 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:10.142242908 CEST | 49706 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:10.147347927 CEST | 80 | 49706 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:11.348874092 CEST | 80 | 49706 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:11.392076015 CEST | 49706 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:11.927690983 CEST | 80 | 49706 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:11.927897930 CEST | 49706 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:11.928131104 CEST | 49706 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:11.933502913 CEST | 80 | 49706 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:12.951692104 CEST | 49707 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:12.956712961 CEST | 80 | 49707 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:12.956809044 CEST | 49707 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:12.958386898 CEST | 49707 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:12.963268995 CEST | 80 | 49707 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:13.314109087 CEST | 49707 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:13.319089890 CEST | 80 | 49707 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:14.540033102 CEST | 80 | 49707 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:14.540121078 CEST | 49707 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:14.540235043 CEST | 49707 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:14.545181036 CEST | 80 | 49707 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:15.556891918 CEST | 49708 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:15.561909914 CEST | 80 | 49708 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:15.562011003 CEST | 49708 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:15.562393904 CEST | 49708 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:15.567486048 CEST | 80 | 49708 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:15.907783031 CEST | 49708 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:15.912609100 CEST | 80 | 49708 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:17.133744955 CEST | 80 | 49708 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:17.133781910 CEST | 80 | 49708 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:17.133861065 CEST | 49708 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:17.134239912 CEST | 49708 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:17.139662027 CEST | 80 | 49708 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:17.139800072 CEST | 49708 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:18.143719912 CEST | 49713 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:18.148683071 CEST | 80 | 49713 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:18.148786068 CEST | 49713 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:18.149034977 CEST | 49713 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:18.154192924 CEST | 80 | 49713 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:18.501557112 CEST | 49713 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:18.646982908 CEST | 80 | 49713 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:19.917916059 CEST | 80 | 49713 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:19.918328047 CEST | 49713 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:19.923783064 CEST | 80 | 49713 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:19.923868895 CEST | 49713 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:20.923870087 CEST | 49727 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:20.928770065 CEST | 80 | 49727 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:20.928858995 CEST | 49727 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:20.929020882 CEST | 49727 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:20.933881044 CEST | 80 | 49727 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:21.282757044 CEST | 49727 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:21.287811995 CEST | 80 | 49727 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:22.456445932 CEST | 80 | 49727 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:22.456461906 CEST | 80 | 49727 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:22.456520081 CEST | 49727 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:22.456777096 CEST | 49727 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:22.462037086 CEST | 80 | 49727 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:22.462097883 CEST | 49727 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:23.470753908 CEST | 49742 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:23.475692987 CEST | 80 | 49742 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:23.475881100 CEST | 49742 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:23.475944042 CEST | 49742 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:23.480983019 CEST | 80 | 49742 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:23.829780102 CEST | 49742 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:23.834819078 CEST | 80 | 49742 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:25.067586899 CEST | 80 | 49742 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:25.067603111 CEST | 80 | 49742 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:25.067847013 CEST | 49742 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:25.068068981 CEST | 49742 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:25.073204994 CEST | 80 | 49742 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:25.073280096 CEST | 49742 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:26.080391884 CEST | 49752 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:26.085624933 CEST | 80 | 49752 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:26.085722923 CEST | 49752 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:26.085975885 CEST | 49752 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:26.090804100 CEST | 80 | 49752 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:26.439042091 CEST | 49752 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:26.445044994 CEST | 80 | 49752 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:27.612859011 CEST | 80 | 49752 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:27.613147020 CEST | 49752 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:27.618818045 CEST | 80 | 49752 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:27.618885994 CEST | 49752 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:28.627095938 CEST | 49763 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:28.631953955 CEST | 80 | 49763 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:28.632041931 CEST | 49763 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:28.632296085 CEST | 49763 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:28.637092113 CEST | 80 | 49763 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:28.986020088 CEST | 49763 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:28.990988016 CEST | 80 | 49763 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:30.197283983 CEST | 80 | 49763 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:30.197432995 CEST | 80 | 49763 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:30.197493076 CEST | 49763 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:30.202209949 CEST | 49763 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:30.207168102 CEST | 80 | 49763 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:31.220989943 CEST | 49775 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:31.226963043 CEST | 80 | 49775 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:31.227082014 CEST | 49775 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:31.227277994 CEST | 49775 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:31.232290983 CEST | 80 | 49775 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:31.579915047 CEST | 49775 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:31.585290909 CEST | 80 | 49775 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:32.791874886 CEST | 80 | 49775 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:32.792047024 CEST | 49775 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:32.794750929 CEST | 49775 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:32.799952030 CEST | 80 | 49775 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:33.799467087 CEST | 49787 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:33.804574966 CEST | 80 | 49787 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:33.804795980 CEST | 49787 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:33.804934978 CEST | 49787 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:33.810256004 CEST | 80 | 49787 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:34.158037901 CEST | 49787 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:34.163394928 CEST | 80 | 49787 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:35.364775896 CEST | 80 | 49787 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:35.364873886 CEST | 49787 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:35.364972115 CEST | 49787 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:35.369872093 CEST | 80 | 49787 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:36.376981020 CEST | 49797 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:36.382199049 CEST | 80 | 49797 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:36.382301092 CEST | 49797 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:36.382538080 CEST | 49797 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:36.387346029 CEST | 80 | 49797 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:36.735929966 CEST | 49797 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:36.741060972 CEST | 80 | 49797 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:38.422796011 CEST | 80 | 49797 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:38.422893047 CEST | 49797 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:38.423075914 CEST | 49797 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:38.427845001 CEST | 80 | 49797 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:39.439713001 CEST | 49811 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:39.444677114 CEST | 80 | 49811 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:39.444768906 CEST | 49811 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:39.444983959 CEST | 49811 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:39.450028896 CEST | 80 | 49811 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:39.798471928 CEST | 49811 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:39.803440094 CEST | 80 | 49811 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:40.994419098 CEST | 80 | 49811 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:40.994688988 CEST | 80 | 49811 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:40.994756937 CEST | 49811 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:40.994894028 CEST | 49811 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:41.000932932 CEST | 80 | 49811 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:42.008426905 CEST | 49823 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:42.013439894 CEST | 80 | 49823 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:42.013586044 CEST | 49823 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:42.013925076 CEST | 49823 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:42.019696951 CEST | 80 | 49823 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:42.361083984 CEST | 49823 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:42.366070986 CEST | 80 | 49823 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:43.552083015 CEST | 80 | 49823 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:43.552141905 CEST | 80 | 49823 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:43.552294970 CEST | 49823 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:43.552412033 CEST | 49823 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:43.557801962 CEST | 80 | 49823 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:43.557852030 CEST | 49823 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:44.589025974 CEST | 49834 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:44.594173908 CEST | 80 | 49834 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:44.594249010 CEST | 49834 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:44.594475985 CEST | 49834 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:44.599239111 CEST | 80 | 49834 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:44.939131975 CEST | 49834 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:44.944066048 CEST | 80 | 49834 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:46.136037111 CEST | 80 | 49834 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:46.136080980 CEST | 80 | 49834 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:46.136199951 CEST | 49834 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:46.136409998 CEST | 49834 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:46.141799927 CEST | 80 | 49834 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:46.141864061 CEST | 49834 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:47.142878056 CEST | 49847 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:47.147881985 CEST | 80 | 49847 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:47.147953987 CEST | 49847 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:47.148197889 CEST | 49847 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:47.153023005 CEST | 80 | 49847 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:47.501687050 CEST | 49847 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:47.506577969 CEST | 80 | 49847 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:49.164705992 CEST | 80 | 49847 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:49.164752960 CEST | 80 | 49847 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:49.164824963 CEST | 49847 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:49.165170908 CEST | 49847 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:49.170428991 CEST | 80 | 49847 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:49.170488119 CEST | 49847 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:50.174057961 CEST | 49860 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:50.179141045 CEST | 80 | 49860 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:50.179233074 CEST | 49860 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:50.179478884 CEST | 49860 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:50.184427023 CEST | 80 | 49860 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:50.532835007 CEST | 49860 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:50.537802935 CEST | 80 | 49860 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:51.747039080 CEST | 80 | 49860 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:51.747236967 CEST | 49860 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:51.747236967 CEST | 49860 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:51.752065897 CEST | 80 | 49860 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:52.751981974 CEST | 49872 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:52.756889105 CEST | 80 | 49872 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:52.756967068 CEST | 49872 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:52.757081032 CEST | 49872 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:52.762521029 CEST | 80 | 49872 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:53.114702940 CEST | 49872 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:53.119631052 CEST | 80 | 49872 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:54.307440996 CEST | 80 | 49872 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:54.307507038 CEST | 49872 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:54.307610989 CEST | 49872 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:54.313344955 CEST | 80 | 49872 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:55.314538002 CEST | 49883 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:55.319485903 CEST | 80 | 49883 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:55.319570065 CEST | 49883 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:55.319730997 CEST | 49883 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:55.324685097 CEST | 80 | 49883 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:55.673580885 CEST | 49883 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:55.678525925 CEST | 80 | 49883 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:56.904721975 CEST | 80 | 49883 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:56.905200005 CEST | 80 | 49883 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:56.905257940 CEST | 49883 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:56.905411959 CEST | 49883 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:56.910279989 CEST | 80 | 49883 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:57.908390045 CEST | 49897 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:57.913463116 CEST | 80 | 49897 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:57.913580894 CEST | 49897 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:57.913707018 CEST | 49897 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:57.918580055 CEST | 80 | 49897 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:58.267163038 CEST | 49897 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:58.272039890 CEST | 80 | 49897 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:59.466890097 CEST | 80 | 49897 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:02:59.466963053 CEST | 49897 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:59.467073917 CEST | 49897 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:02:59.471959114 CEST | 80 | 49897 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:00.470730066 CEST | 49912 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:00.475646973 CEST | 80 | 49912 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:00.478466988 CEST | 49912 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:00.478621960 CEST | 49912 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:00.484005928 CEST | 80 | 49912 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:00.829677105 CEST | 49912 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:00.834661961 CEST | 80 | 49912 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:02.050719976 CEST | 80 | 49912 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:02.050808907 CEST | 49912 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:02.050893068 CEST | 49912 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:02.055854082 CEST | 80 | 49912 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:03.082242966 CEST | 49923 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:03.087280989 CEST | 80 | 49923 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:03.091465950 CEST | 49923 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:03.091626883 CEST | 49923 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:03.096615076 CEST | 80 | 49923 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:03.439096928 CEST | 49923 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:03.444067955 CEST | 80 | 49923 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:05.062438965 CEST | 80 | 49923 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:05.062589884 CEST | 49923 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:05.062709093 CEST | 49923 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:05.067653894 CEST | 80 | 49923 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:06.064501047 CEST | 49938 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:06.069525003 CEST | 80 | 49938 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:06.069670916 CEST | 49938 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:06.069849014 CEST | 49938 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:06.075241089 CEST | 80 | 49938 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:06.423458099 CEST | 49938 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:06.428827047 CEST | 80 | 49938 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:07.601063013 CEST | 80 | 49938 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:07.601149082 CEST | 49938 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:07.601243019 CEST | 49938 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:07.606103897 CEST | 80 | 49938 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:08.611320019 CEST | 49950 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:08.616271973 CEST | 80 | 49950 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:08.616367102 CEST | 49950 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:08.616539955 CEST | 49950 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:08.621786118 CEST | 80 | 49950 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:08.970402002 CEST | 49950 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:08.975996971 CEST | 80 | 49950 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:10.161314964 CEST | 80 | 49950 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:10.161799908 CEST | 80 | 49950 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:10.161870956 CEST | 49950 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:10.161919117 CEST | 49950 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:10.166960001 CEST | 80 | 49950 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:11.173968077 CEST | 49961 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:11.180027008 CEST | 80 | 49961 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:11.180234909 CEST | 49961 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:11.180259943 CEST | 49961 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:11.185074091 CEST | 80 | 49961 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:11.532819033 CEST | 49961 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:11.537678957 CEST | 80 | 49961 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:12.946690083 CEST | 80 | 49961 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:12.946702957 CEST | 80 | 49961 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:12.946777105 CEST | 49961 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:12.946789026 CEST | 80 | 49961 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:12.946830988 CEST | 49961 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:12.946914911 CEST | 49961 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:12.949387074 CEST | 80 | 49961 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:12.949450016 CEST | 49961 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:12.951812029 CEST | 80 | 49961 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:13.955315113 CEST | 49974 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:13.960316896 CEST | 80 | 49974 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:13.960407972 CEST | 49974 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:13.960597992 CEST | 49974 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:13.965642929 CEST | 80 | 49974 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:14.314140081 CEST | 49974 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:14.319083929 CEST | 80 | 49974 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:15.499345064 CEST | 80 | 49974 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:15.499362946 CEST | 80 | 49974 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:15.499425888 CEST | 49974 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:15.499712944 CEST | 49974 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:15.504856110 CEST | 80 | 49974 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:15.504920959 CEST | 49974 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:16.501908064 CEST | 49987 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:16.506892920 CEST | 80 | 49987 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:16.507083893 CEST | 49987 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:16.507194042 CEST | 49987 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:16.512670994 CEST | 80 | 49987 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:16.860898018 CEST | 49987 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:16.866350889 CEST | 80 | 49987 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:18.051305056 CEST | 80 | 49987 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:18.051435947 CEST | 49987 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:18.051549911 CEST | 49987 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:18.056303978 CEST | 80 | 49987 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:19.065217972 CEST | 49999 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:19.070163965 CEST | 80 | 49999 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:19.070280075 CEST | 49999 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:19.070477009 CEST | 49999 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:19.075272083 CEST | 80 | 49999 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:19.423474073 CEST | 49999 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:19.428493977 CEST | 80 | 49999 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:20.609499931 CEST | 80 | 49999 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:20.609574080 CEST | 49999 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:20.609680891 CEST | 49999 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:20.614526033 CEST | 80 | 49999 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:21.611409903 CEST | 50007 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:21.616755962 CEST | 80 | 50007 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:21.618464947 CEST | 50007 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:21.618640900 CEST | 50007 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:21.623640060 CEST | 80 | 50007 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:21.970757961 CEST | 50007 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:21.975645065 CEST | 80 | 50007 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:23.164999962 CEST | 80 | 50007 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:23.165100098 CEST | 50007 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:23.165314913 CEST | 50007 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:23.170416117 CEST | 80 | 50007 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:24.173836946 CEST | 50008 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:24.283544064 CEST | 80 | 50008 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:24.283636093 CEST | 50008 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:24.283757925 CEST | 50008 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:24.288645983 CEST | 80 | 50008 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:24.642189026 CEST | 50008 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:24.647473097 CEST | 80 | 50008 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:25.818999052 CEST | 80 | 50008 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:25.819072962 CEST | 50008 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:25.819344997 CEST | 50008 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:25.824208975 CEST | 80 | 50008 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:26.830274105 CEST | 50009 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:26.835202932 CEST | 80 | 50009 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:26.835309029 CEST | 50009 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:26.835433960 CEST | 50009 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:26.840205908 CEST | 80 | 50009 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:27.189223051 CEST | 50009 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:27.194042921 CEST | 80 | 50009 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:28.382339001 CEST | 80 | 50009 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:28.382549047 CEST | 50009 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:28.382659912 CEST | 50009 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:28.387953997 CEST | 80 | 50009 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:29.392774105 CEST | 50010 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:29.398499012 CEST | 80 | 50010 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:29.398623943 CEST | 50010 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:29.398751020 CEST | 50010 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:29.404202938 CEST | 80 | 50010 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:29.751642942 CEST | 50010 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:29.756635904 CEST | 80 | 50010 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:30.947282076 CEST | 80 | 50010 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:30.947354078 CEST | 50010 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:30.947525024 CEST | 50010 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:30.952267885 CEST | 80 | 50010 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:31.924515963 CEST | 50011 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:31.929514885 CEST | 80 | 50011 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:31.931504011 CEST | 50011 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:31.931746006 CEST | 50011 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:31.936533928 CEST | 80 | 50011 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:32.282896996 CEST | 50011 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:32.287753105 CEST | 80 | 50011 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:33.463239908 CEST | 80 | 50011 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:33.463359118 CEST | 50011 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:33.463449955 CEST | 50011 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:33.468288898 CEST | 80 | 50011 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:34.414802074 CEST | 50012 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:34.419842958 CEST | 80 | 50012 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:34.419965029 CEST | 50012 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:34.421329975 CEST | 50012 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:34.426166058 CEST | 80 | 50012 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:34.767177105 CEST | 50012 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:34.772106886 CEST | 80 | 50012 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:35.962717056 CEST | 80 | 50012 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:35.962806940 CEST | 50012 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:35.963058949 CEST | 50012 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:35.967822075 CEST | 80 | 50012 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:36.877471924 CEST | 50013 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:36.887413025 CEST | 80 | 50013 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:36.887687922 CEST | 50013 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:36.887742043 CEST | 50013 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:36.892716885 CEST | 80 | 50013 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:37.236094952 CEST | 50013 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:37.240993023 CEST | 80 | 50013 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:38.421133041 CEST | 80 | 50013 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:38.421417952 CEST | 50013 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:38.421561003 CEST | 50013 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:38.428845882 CEST | 80 | 50013 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:39.299372911 CEST | 50014 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:39.304850101 CEST | 80 | 50014 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:39.304933071 CEST | 50014 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:39.305103064 CEST | 50014 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:39.309957027 CEST | 80 | 50014 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:39.657978058 CEST | 50014 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:39.663026094 CEST | 80 | 50014 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:40.843058109 CEST | 80 | 50014 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:40.843149900 CEST | 50014 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:40.843239069 CEST | 50014 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:40.849812031 CEST | 80 | 50014 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:41.690673113 CEST | 50015 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:41.695619106 CEST | 80 | 50015 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:41.695694923 CEST | 50015 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:41.695796967 CEST | 50015 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:41.700534105 CEST | 80 | 50015 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:42.048417091 CEST | 50015 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:42.053425074 CEST | 80 | 50015 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:43.250096083 CEST | 80 | 50015 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:43.250308037 CEST | 50015 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:43.250343084 CEST | 50015 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:43.255348921 CEST | 80 | 50015 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:44.080229044 CEST | 50016 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:44.087904930 CEST | 80 | 50016 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:44.088006020 CEST | 50016 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:44.088260889 CEST | 50016 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:44.093076944 CEST | 80 | 50016 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:44.439193010 CEST | 50016 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:44.444025993 CEST | 80 | 50016 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:45.617157936 CEST | 80 | 50016 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:45.617722988 CEST | 80 | 50016 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:45.617805958 CEST | 50016 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:45.617949009 CEST | 50016 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:45.623665094 CEST | 80 | 50016 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:46.408354044 CEST | 50017 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:46.413346052 CEST | 80 | 50017 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:46.413511992 CEST | 50017 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:46.413619041 CEST | 50017 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:46.418562889 CEST | 80 | 50017 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:46.767276049 CEST | 50017 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:46.772269964 CEST | 80 | 50017 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:47.951793909 CEST | 80 | 50017 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:47.952099085 CEST | 50017 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:47.957482100 CEST | 80 | 50017 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:47.957546949 CEST | 50017 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:48.720834970 CEST | 50018 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:48.726191998 CEST | 80 | 50018 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:48.726300955 CEST | 50018 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:48.726480007 CEST | 50018 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:48.732970953 CEST | 80 | 50018 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:49.079709053 CEST | 50018 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:49.084903955 CEST | 80 | 50018 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:50.270091057 CEST | 80 | 50018 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:50.270234108 CEST | 50018 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:50.270327091 CEST | 50018 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:50.275309086 CEST | 80 | 50018 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:51.018227100 CEST | 50019 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:51.023188114 CEST | 80 | 50019 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:51.023307085 CEST | 50019 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:51.023456097 CEST | 50019 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:51.028367043 CEST | 80 | 50019 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:51.376565933 CEST | 50019 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:51.381531954 CEST | 80 | 50019 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:52.566546917 CEST | 80 | 50019 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:52.569756031 CEST | 50019 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:52.569880009 CEST | 50019 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:52.574723005 CEST | 80 | 50019 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:53.283566952 CEST | 50020 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:53.485446930 CEST | 80 | 50020 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:53.485706091 CEST | 50020 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:53.485963106 CEST | 50020 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:53.490839005 CEST | 80 | 50020 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:53.845417023 CEST | 50020 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:54.314064026 CEST | 50020 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:54.739728928 CEST | 80 | 50020 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:54.739769936 CEST | 80 | 50020 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:55.061579943 CEST | 80 | 50020 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:55.110950947 CEST | 50020 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:55.284759998 CEST | 80 | 50020 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:55.284888983 CEST | 50020 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:55.284955025 CEST | 50020 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:55.289789915 CEST | 80 | 50020 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:55.986399889 CEST | 50021 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:55.991679907 CEST | 80 | 50021 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:55.991756916 CEST | 50021 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:55.991940022 CEST | 50021 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:55.996778965 CEST | 80 | 50021 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:56.345400095 CEST | 50021 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:56.350722075 CEST | 80 | 50021 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:57.549776077 CEST | 80 | 50021 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:57.550012112 CEST | 50021 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:57.550012112 CEST | 50021 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:57.556555986 CEST | 80 | 50021 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:58.221013069 CEST | 50022 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:58.226068974 CEST | 80 | 50022 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:58.226157904 CEST | 50022 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:58.226347923 CEST | 50022 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:58.231705904 CEST | 80 | 50022 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:58.579844952 CEST | 50022 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:58.584985971 CEST | 80 | 50022 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:59.765558004 CEST | 80 | 50022 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:03:59.765805006 CEST | 50022 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:59.765870094 CEST | 50022 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:03:59.770947933 CEST | 80 | 50022 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:04:00.424273014 CEST | 50023 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:04:00.429759026 CEST | 80 | 50023 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:04:00.429914951 CEST | 50023 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:04:00.430083036 CEST | 50023 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:04:00.434964895 CEST | 80 | 50023 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:04:00.782895088 CEST | 50023 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:04:00.788395882 CEST | 80 | 50023 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:04:01.975008965 CEST | 80 | 50023 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:04:01.975924015 CEST | 80 | 50023 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:04:01.976011992 CEST | 50023 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:04:01.978970051 CEST | 50023 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:04:01.983863115 CEST | 80 | 50023 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:04:02.612062931 CEST | 50024 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:04:02.617163897 CEST | 80 | 50024 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:04:02.617279053 CEST | 50024 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:04:02.617428064 CEST | 50024 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:04:02.622318029 CEST | 80 | 50024 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:04:02.970566034 CEST | 50024 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:04:02.975584984 CEST | 80 | 50024 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:04:04.159750938 CEST | 80 | 50024 | 18.141.10.107 | 192.168.2.5 |
Oct 20, 2024 21:04:04.159964085 CEST | 50024 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:04:04.162513018 CEST | 50024 | 80 | 192.168.2.5 | 18.141.10.107 |
Oct 20, 2024 21:04:04.167427063 CEST | 80 | 50024 | 18.141.10.107 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 20, 2024 21:02:04.064412117 CEST | 59282 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 20, 2024 21:02:04.254467010 CEST | 53 | 59282 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 20, 2024 21:02:04.064412117 CEST | 192.168.2.5 | 1.1.1.1 | 0x89a6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 20, 2024 21:02:04.254467010 CEST | 1.1.1.1 | 192.168.2.5 | 0x89a6 | No error (0) | 18.141.10.107 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49704 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:04.283566952 CEST | 233 | OUT | |
Oct 20, 2024 21:02:04.642263889 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49705 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:07.195065022 CEST | 233 | OUT | |
Oct 20, 2024 21:02:07.548538923 CEST | 137 | OUT | |
Oct 20, 2024 21:02:08.741961956 CEST | 25 | IN | |
Oct 20, 2024 21:02:08.742005110 CEST | 464 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49706 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:09.788760900 CEST | 209 | OUT | |
Oct 20, 2024 21:02:10.142242908 CEST | 137 | OUT | |
Oct 20, 2024 21:02:11.348874092 CEST | 25 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49707 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:12.958386898 CEST | 209 | OUT | |
Oct 20, 2024 21:02:13.314109087 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49708 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:15.562393904 CEST | 209 | OUT | |
Oct 20, 2024 21:02:15.907783031 CEST | 137 | OUT | |
Oct 20, 2024 21:02:17.133744955 CEST | 25 | IN | |
Oct 20, 2024 21:02:17.133781910 CEST | 464 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49713 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:18.149034977 CEST | 209 | OUT | |
Oct 20, 2024 21:02:18.501557112 CEST | 137 | OUT | |
Oct 20, 2024 21:02:19.917916059 CEST | 489 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49727 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:20.929020882 CEST | 209 | OUT | |
Oct 20, 2024 21:02:21.282757044 CEST | 137 | OUT | |
Oct 20, 2024 21:02:22.456445932 CEST | 25 | IN | |
Oct 20, 2024 21:02:22.456461906 CEST | 464 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49742 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:23.475944042 CEST | 209 | OUT | |
Oct 20, 2024 21:02:23.829780102 CEST | 137 | OUT | |
Oct 20, 2024 21:02:25.067586899 CEST | 25 | IN | |
Oct 20, 2024 21:02:25.067603111 CEST | 464 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49752 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:26.085975885 CEST | 209 | OUT | |
Oct 20, 2024 21:02:26.439042091 CEST | 137 | OUT | |
Oct 20, 2024 21:02:27.612859011 CEST | 489 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 49763 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:28.632296085 CEST | 209 | OUT | |
Oct 20, 2024 21:02:28.986020088 CEST | 137 | OUT | |
Oct 20, 2024 21:02:30.197283983 CEST | 25 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.5 | 49775 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:31.227277994 CEST | 209 | OUT | |
Oct 20, 2024 21:02:31.579915047 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.5 | 49787 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:33.804934978 CEST | 209 | OUT | |
Oct 20, 2024 21:02:34.158037901 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.5 | 49797 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:36.382538080 CEST | 209 | OUT | |
Oct 20, 2024 21:02:36.735929966 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.5 | 49811 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:39.444983959 CEST | 209 | OUT | |
Oct 20, 2024 21:02:39.798471928 CEST | 137 | OUT | |
Oct 20, 2024 21:02:40.994419098 CEST | 25 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.5 | 49823 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:42.013925076 CEST | 209 | OUT | |
Oct 20, 2024 21:02:42.361083984 CEST | 137 | OUT | |
Oct 20, 2024 21:02:43.552083015 CEST | 25 | IN | |
Oct 20, 2024 21:02:43.552141905 CEST | 464 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.5 | 49834 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:44.594475985 CEST | 209 | OUT | |
Oct 20, 2024 21:02:44.939131975 CEST | 137 | OUT | |
Oct 20, 2024 21:02:46.136037111 CEST | 25 | IN | |
Oct 20, 2024 21:02:46.136080980 CEST | 464 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.5 | 49847 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:47.148197889 CEST | 209 | OUT | |
Oct 20, 2024 21:02:47.501687050 CEST | 137 | OUT | |
Oct 20, 2024 21:02:49.164705992 CEST | 25 | IN | |
Oct 20, 2024 21:02:49.164752960 CEST | 464 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.5 | 49860 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:50.179478884 CEST | 209 | OUT | |
Oct 20, 2024 21:02:50.532835007 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.5 | 49872 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:52.757081032 CEST | 209 | OUT | |
Oct 20, 2024 21:02:53.114702940 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.5 | 49883 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:55.319730997 CEST | 209 | OUT | |
Oct 20, 2024 21:02:55.673580885 CEST | 137 | OUT | |
Oct 20, 2024 21:02:56.904721975 CEST | 25 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.5 | 49897 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:02:57.913707018 CEST | 209 | OUT | |
Oct 20, 2024 21:02:58.267163038 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.5 | 49912 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:00.478621960 CEST | 209 | OUT | |
Oct 20, 2024 21:03:00.829677105 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
22 | 192.168.2.5 | 49923 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:03.091626883 CEST | 209 | OUT | |
Oct 20, 2024 21:03:03.439096928 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
23 | 192.168.2.5 | 49938 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:06.069849014 CEST | 209 | OUT | |
Oct 20, 2024 21:03:06.423458099 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
24 | 192.168.2.5 | 49950 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:08.616539955 CEST | 209 | OUT | |
Oct 20, 2024 21:03:08.970402002 CEST | 137 | OUT | |
Oct 20, 2024 21:03:10.161314964 CEST | 25 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
25 | 192.168.2.5 | 49961 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:11.180259943 CEST | 209 | OUT | |
Oct 20, 2024 21:03:11.532819033 CEST | 137 | OUT | |
Oct 20, 2024 21:03:12.946690083 CEST | 25 | IN | |
Oct 20, 2024 21:03:12.949387074 CEST | 25 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
26 | 192.168.2.5 | 49974 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:13.960597992 CEST | 209 | OUT | |
Oct 20, 2024 21:03:14.314140081 CEST | 137 | OUT | |
Oct 20, 2024 21:03:15.499345064 CEST | 25 | IN | |
Oct 20, 2024 21:03:15.499362946 CEST | 464 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
27 | 192.168.2.5 | 49987 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:16.507194042 CEST | 209 | OUT | |
Oct 20, 2024 21:03:16.860898018 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
28 | 192.168.2.5 | 49999 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:19.070477009 CEST | 209 | OUT | |
Oct 20, 2024 21:03:19.423474073 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
29 | 192.168.2.5 | 50007 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:21.618640900 CEST | 209 | OUT | |
Oct 20, 2024 21:03:21.970757961 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
30 | 192.168.2.5 | 50008 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:24.283757925 CEST | 209 | OUT | |
Oct 20, 2024 21:03:24.642189026 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
31 | 192.168.2.5 | 50009 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:26.835433960 CEST | 209 | OUT | |
Oct 20, 2024 21:03:27.189223051 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
32 | 192.168.2.5 | 50010 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:29.398751020 CEST | 209 | OUT | |
Oct 20, 2024 21:03:29.751642942 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
33 | 192.168.2.5 | 50011 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:31.931746006 CEST | 209 | OUT | |
Oct 20, 2024 21:03:32.282896996 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
34 | 192.168.2.5 | 50012 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:34.421329975 CEST | 209 | OUT | |
Oct 20, 2024 21:03:34.767177105 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
35 | 192.168.2.5 | 50013 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:36.887742043 CEST | 209 | OUT | |
Oct 20, 2024 21:03:37.236094952 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
36 | 192.168.2.5 | 50014 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:39.305103064 CEST | 209 | OUT | |
Oct 20, 2024 21:03:39.657978058 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
37 | 192.168.2.5 | 50015 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:41.695796967 CEST | 209 | OUT | |
Oct 20, 2024 21:03:42.048417091 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
38 | 192.168.2.5 | 50016 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:44.088260889 CEST | 209 | OUT | |
Oct 20, 2024 21:03:44.439193010 CEST | 137 | OUT | |
Oct 20, 2024 21:03:45.617157936 CEST | 25 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
39 | 192.168.2.5 | 50017 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:46.413619041 CEST | 209 | OUT | |
Oct 20, 2024 21:03:46.767276049 CEST | 137 | OUT | |
Oct 20, 2024 21:03:47.951793909 CEST | 489 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
40 | 192.168.2.5 | 50018 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:48.726480007 CEST | 209 | OUT | |
Oct 20, 2024 21:03:49.079709053 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
41 | 192.168.2.5 | 50019 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:51.023456097 CEST | 209 | OUT | |
Oct 20, 2024 21:03:51.376565933 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
42 | 192.168.2.5 | 50020 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:53.485963106 CEST | 209 | OUT | |
Oct 20, 2024 21:03:53.845417023 CEST | 137 | OUT | |
Oct 20, 2024 21:03:54.314064026 CEST | 137 | OUT | |
Oct 20, 2024 21:03:55.061579943 CEST | 25 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
43 | 192.168.2.5 | 50021 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:55.991940022 CEST | 209 | OUT | |
Oct 20, 2024 21:03:56.345400095 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
44 | 192.168.2.5 | 50022 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:03:58.226347923 CEST | 209 | OUT | |
Oct 20, 2024 21:03:58.579844952 CEST | 137 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
45 | 192.168.2.5 | 50023 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:04:00.430083036 CEST | 209 | OUT | |
Oct 20, 2024 21:04:00.782895088 CEST | 137 | OUT | |
Oct 20, 2024 21:04:01.975008965 CEST | 25 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
46 | 192.168.2.5 | 50024 | 18.141.10.107 | 80 | 4028 | C:\Users\user\Desktop\bac4j0DRRb.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 21:04:02.617428064 CEST | 209 | OUT | |
Oct 20, 2024 21:04:02.970566034 CEST | 137 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 15:01:57 |
Start date: | 20/10/2024 |
Path: | C:\Users\user\Desktop\bac4j0DRRb.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x450000 |
File size: | 98'304 bytes |
MD5 hash: | AD9E28142AB51F364542C7DAC2D73A8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Function 026CDDE8 Relevance: 14.9, Strings: 11, Instructions: 1112COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CF860 Relevance: 6.4, Strings: 5, Instructions: 174COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C6640 Relevance: 5.1, Strings: 4, Instructions: 87COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C08C1 Relevance: 2.9, Strings: 2, Instructions: 391COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CE851 Relevance: 2.8, Strings: 2, Instructions: 299COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CA690 Relevance: 2.6, Strings: 2, Instructions: 60COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C674C Relevance: 2.5, Strings: 2, Instructions: 42COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C6C90 Relevance: 2.0, Instructions: 1978COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C6C80 Relevance: 2.0, Instructions: 1975COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CCC60 Relevance: 1.6, Strings: 1, Instructions: 350COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C63D8 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CF850 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CFE3F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C8E98 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CA683 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C0838 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C0848 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CCC50 Relevance: .2, Instructions: 194COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C2523 Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CBF88 Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CD021 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C4738 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C4748 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C3C90 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C9A08 Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CA1B8 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C9A18 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C63C9 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C3CA0 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C275E Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C6B60 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C3317 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CDDD8 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CDD57 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C6B59 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CA1C8 Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C3328 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C3E80 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C2790 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C3EA8 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CFEA8 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CBA60 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CBA70 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C1C79 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C1C88 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CB1F0 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CB1EB Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CA553 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CC15D Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CA560 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CA74F Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CA760 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CA4F0 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CA500 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C6631 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C8E88 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C30F9 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C3DEF Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CA4A8 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C9060 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C3F59 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C9070 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C9050 Relevance: .0, Instructions: 3COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CD4F0 Relevance: 6.6, Strings: 5, Instructions: 384COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C5B20 Relevance: 24.2, Strings: 19, Instructions: 418COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C4BD8 Relevance: 12.7, Strings: 10, Instructions: 219COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C5208 Relevance: 10.2, Strings: 8, Instructions: 235COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CF0C8 Relevance: 7.8, Strings: 6, Instructions: 297COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C58C8 Relevance: 7.7, Strings: 6, Instructions: 166COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C4948 Relevance: 6.4, Strings: 5, Instructions: 164COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CF640 Relevance: 6.4, Strings: 5, Instructions: 107COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CC5E8 Relevance: 5.3, Strings: 4, Instructions: 284COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026CC9E0 Relevance: 5.2, Strings: 4, Instructions: 220COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026C6108 Relevance: 5.2, Strings: 4, Instructions: 203COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|