Play interactive tourEdit tour
Analysis Report bF7H5z6B1q.exe
Overview
General Information |
---|
Joe Sandbox Version: | 28.0.0 Lapis Lazuli |
Analysis ID: | 100782 |
Start date: | 22.04.2020 |
Start time: | 21:55:41 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 7m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | bF7H5z6B1q.exe |
Cookbook file name: | default.jbs |
Analysis system description: | W10 x64 1809 Native physical Machine for testing VM-aware malware (Office 2016, Internet Explorer 11, Java 8u231, Adobe Reader DC 19) |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.rans.troj.spyw.evad.winEXE@7/0@1/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Whitelisted | Threat | Detection | |
---|---|---|---|---|---|---|---|
Threshold | 100 | 0 - 100 | Report FP / FN | false | AgentTesla |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 5 | 0 - 5 | false |
Classification Spiderchart |
---|
Analysis Advice |
---|
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation111 | Winlogon Helper DLL | Access Token Manipulation1 | Disabling Security Tools11 | Credential Dumping2 | Virtualization/Sandbox Evasion13 | Remote File Copy1 | Email Collection1 | Data Encrypted1 | Standard Cryptographic Protocol1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Replication Through Removable Media | Graphical User Interface1 | Port Monitors | Process Injection12 | Virtualization/Sandbox Evasion13 | Credentials in Registry1 | Process Discovery2 | Remote Services | Data from Local System2 | Exfiltration Over Other Network Medium | Uncommonly Used Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
External Remote Services | Windows Management Instrumentation | Accessibility Features | Path Interception | Access Token Manipulation1 | Input Capture | Security Software Discovery321 | Windows Remote Management | Data from Network Shared Drive | Automated Exfiltration | Remote File Copy1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Drive-by Compromise | Scheduled Task | System Firmware | DLL Search Order Hijacking | Process Injection12 | Credentials in Files | Remote System Discovery1 | Logon Scripts | Input Capture | Data Encrypted | Standard Non-Application Layer Protocol2 | SIM Card Swap | Premium SMS Toll Fraud | |
Exploit Public-Facing Application | Command-Line Interface | Shortcut Modification | File System Permissions Weakness | Obfuscated Files or Information1 | Account Manipulation | System Information Discovery214 | Shared Webroot | Data Staged | Scheduled Transfer | Standard Application Layer Protocol22 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Spearphishing Link | Graphical User Interface | Modify Existing Service | New Service | DLL Side-Loading1 | Brute Force | System Owner/User Discovery | Third-party Software | Screen Capture | Data Transfer Size Limits | Commonly Used Port | Jamming or Denial of Service | Abuse Accessibility Features |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: |
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: |
Detected TCP or UDP traffic on non-standard ports | Show sources |
Source: | TCP traffic: |
IP address seen in connection with other malware | Show sources |
Source: | IP Address: |
Internet Provider seen in connection with other malware | Show sources |
Source: | ASN Name: |
Uses SMTP (mail sending) | Show sources |
Source: | TCP traffic: |
Uses a known web browser user agent for HTTP communication | Show sources |
Source: | HTTP traffic detected: |
Connects to IPs without corresponding DNS lookups | Show sources |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Downloads files from webservers via HTTP | Show sources |
Source: | HTTP traffic detected: |
Performs DNS lookups | Show sources |
Source: | DNS traffic detected: |
Urls found in memory or binary data | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: |
Potential malicious icon found | Show sources |
Source: | Icon embedded in PE file: |
Contains functionality to call native functions | Show sources |
Source: | Code function: | 10_2_0112AD34 | |
Source: | Code function: | 10_2_0112A8CD | |
Source: | Code function: | 10_2_0112039C | |
Source: | Code function: | 10_2_0112B11C | |
Source: | Code function: | 10_2_0112AD50 | |
Source: | Code function: | 10_2_01120548 | |
Source: | Code function: | 10_2_0112B170 | |
Source: | Code function: | 10_2_0112AD94 | |
Source: | Code function: | 10_2_0112B1BC | |
Source: | Code function: | 10_2_011205A8 | |
Source: | Code function: | 10_2_0112ADDC | |
Source: | Code function: | 10_2_0112B025 | |
Source: | Code function: | 10_2_0112B074 | |
Source: | Code function: | 10_2_011204A6 | |
Source: | Code function: | 10_2_011204A8 | |
Source: | Code function: | 10_2_0112B0CC | |
Source: | Code function: | 10_2_011204FD | |
Source: | Code function: | 10_2_0112B321 | |
Source: | Code function: | 10_2_0112072C | |
Source: | Code function: | 10_2_0112AF55 | |
Source: | Code function: | 10_2_0112AF99 | |
Source: | Code function: | 10_2_0112AFDD | |
Source: | Code function: | 10_2_0112B21D | |
Source: | Code function: | 10_2_0112AE25 | |
Source: | Code function: | 10_2_01120644 | |
Source: | Code function: | 10_2_0112AE74 | |
Source: | Code function: | 10_2_01120694 | |
Source: | Code function: | 10_2_0112B284 | |
Source: | Code function: | 10_2_0112AEBC | |
Source: | Code function: | 10_2_0112B2D0 | |
Source: | Code function: | 10_2_1FD2B362 | |
Source: | Code function: | 10_2_1FD2B331 |
Detected potential crypto function | Show sources |
Source: | Code function: | 3_2_004018FC | |
Source: | Code function: | 10_2_222FF6E0 | |
Source: | Code function: | 10_2_222FE070 | |
Source: | Code function: | 10_2_222F0006 | |
Source: | Code function: | 10_2_222FE880 | |
Source: | Code function: | 10_2_222FF41A | |
Source: | Code function: | 10_2_222FE06A | |
Source: | Code function: | 10_2_222FECA4 | |
Source: | Code function: | 10_2_222FE870 | |
Source: | Code function: | 10_2_222FEFD9 | |
Source: | Code function: | 10_2_222FED16 | |
Source: | Code function: | 10_2_222FF6D1 | |
Source: | Code function: | 10_2_22CF1E40 | |
Source: | Code function: | 10_2_22CFEFC0 | |
Source: | Code function: | 10_2_22CF07E0 | |
Source: | Code function: | 10_2_22CFE788 | |
Source: | Code function: | 10_2_22CF59D0 | |
Source: | Code function: | 10_2_22CF3DE9 | |
Source: | Code function: | 10_2_22CFC980 | |
Source: | Code function: | 10_2_22CF2EC4 | |
Source: | Code function: | 10_2_22CFCAC1 | |
Source: | Code function: | 10_2_22CFCA70 | |
Source: | Code function: | 10_2_22CF6B5E | |
Source: | Code function: | 10_2_22CFA360 | |
Source: | Code function: | 10_2_22CF330B | |
Source: | Code function: | 10_2_22CF50D7 | |
Source: | Code function: | 10_2_22CFC49A | |
Source: | Code function: | 10_2_22CF7490 | |
Source: | Code function: | 10_2_22CF1E40 | |
Source: | Code function: | 10_2_22CFB078 | |
Source: | Code function: | 10_2_22CFA427 | |
Source: | Code function: | 10_2_22CFBC20 | |
Source: | Code function: | 10_2_22CF59C6 | |
Source: | Code function: | 10_2_22CF69F0 | |
Source: | Code function: | 10_2_22CF4990 | |
Source: | Code function: | 10_2_22CFC971 | |
Source: | Code function: | 10_2_22CF3113 | |
Source: | Code function: | 10_2_22CF392D | |
Source: | Code function: | 10_2_22DE44F8 | |
Source: | Code function: | 10_2_22DE09E8 | |
Source: | Code function: | 10_2_22DE3850 | |
Source: | Code function: | 10_2_22DE1E48 | |
Source: | Code function: | 10_2_22DE0640 | |
Source: | Code function: | 10_2_22DE2578 | |
Source: | Code function: | 10_2_22DE0C00 | |
Source: | Code function: | 10_2_22DE5601 | |
Source: | Code function: | 10_2_22DE0139 | |
Source: | Code function: | 10_2_22DE1320 | |
Source: | Code function: | 10_2_22DE09D8 | |
Source: | Code function: | 10_2_22DE44E9 | |
Source: | Code function: | 10_2_22DE4ABF | |
Source: | Code function: | 10_2_22DE3840 | |
Source: | Code function: | 10_2_22DE1311 | |
Source: | Code function: | 10_2_22DE1E39 | |
Source: | Code function: | 10_2_22DE0633 |
PE file contains strange resources | Show sources |
Source: | Static PE information: |
Sample file is different than original file name gathered from version info | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Tries to load missing DLLs | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Yara signature match | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Classification label | Show sources |
Source: | Classification label: |
Contains functionality to adjust token privileges (e.g. debug / backup) | Show sources |
Source: | Code function: | 10_2_1FD2B1E6 | |
Source: | Code function: | 10_2_1FD2B1AF |
Creates mutexes | Show sources |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
PE file has an executable .text section and no other executable section | Show sources |
Source: | Static PE information: |
Parts of this applications are using VB runtime library 6.0 (Probably coded in Visual Basic) | Show sources |
Source: | Section loaded: | Jump to behavior |
Parts of this applications are using the .NET runtime (Probably coded in C#) | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Queries process information (via WMI, Win32_Process) | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Reads software policies | Show sources |
Source: | Key opened: | Jump to behavior |
Reads the hosts file | Show sources |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Sample is known by Antivirus | Show sources |
Source: | Virustotal: |
Spawns processes | Show sources |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Uses an in-process (OLE) Automation server | Show sources |
Source: | Key value queried: | Jump to behavior |
Found graphical window changes (likely an installer) | Show sources |
Source: | Window detected: |
Uses Microsoft Silverlight | Show sources |
Source: | File opened: | Jump to behavior |
Checks if Microsoft Office is installed | Show sources |
Source: | Key opened: | Jump to behavior |
Uses new MSVCR Dlls | Show sources |
Source: | File opened: | Jump to behavior |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: |
Data Obfuscation: |
---|
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: | Code function: | 3_2_004085E2 | |
Source: | Code function: | 3_2_004085E2 | |
Source: | Code function: | 3_2_004085E2 | |
Source: | Code function: | 3_2_02BA5728 | |
Source: | Code function: | 3_2_02BA58CC | |
Source: | Code function: | 3_2_02BA3C1A | |
Source: | Code function: | 3_2_02BA455B | |
Source: | Code function: | 10_2_011295EE | |
Source: | Code function: | 10_2_0112961E | |
Source: | Code function: | 10_2_22CF4ED3 | |
Source: | Code function: | 10_2_22CF9C91 | |
Source: | Code function: | 10_2_22CF5992 | |
Source: | Code function: | 10_2_22CF598E | |
Source: | Code function: | 10_2_22CF598A | |
Source: | Code function: | 10_2_22CF59A6 | |
Source: | Code function: | 10_2_22CF599E | |
Source: | Code function: | 10_2_22CF599A | |
Source: | Code function: | 10_2_22CF59AA | |
Source: | Code function: | 10_2_22CF59B6 | |
Source: | Code function: | 10_2_22CF594E | |
Source: | Code function: | 10_2_22CF5966 | |
Source: | Code function: | 10_2_22CF595A | |
Source: | Code function: | 10_2_22CF5976 | |
Source: | Code function: | 10_2_22CF596E | |
Source: | Code function: | 10_2_22CF151C | |
Source: | Code function: | 10_2_22CF5946 | |
Source: | Code function: | 10_2_22CF593A | |
Source: | Code function: | 10_2_22CF5932 | |
Source: | Code function: | 10_2_22DE4A8B |
Hooking and other Techniques for Hiding and Protection: |
---|
Disables application error messsages (SetErrorMode) | Show sources |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Contains functionality to detect hardware virtualization (CPUID execution measurement) | Show sources |
Source: | Code function: | 10_2_01124553 |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: | Code function: | 10_2_01124553 |
Contains long sleeps (>= 3 min) | Show sources |
Source: | Thread delayed: | Jump to behavior |
Found large amount of non-executed APIs | Show sources |
Source: | API coverage: |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Sample execution stops while process was sleeping (likely an evasion) | Show sources |
Source: | Last function: |
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries a list of all running processes | Show sources |
Source: | Process information queried: | Jump to behavior |
Anti Debugging: |
---|
Contains functionality to hide a thread from the debugger | Show sources |
Source: | Code function: | 10_2_0112039C |
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: | Code function: | 10_2_01124553 |
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress) | Show sources |
Source: | Code function: | 10_2_01124EF6 |
Contains functionality to read the PEB | Show sources |
Source: | Code function: | 10_2_01122907 | |
Source: | Code function: | 10_2_0112290C | |
Source: | Code function: | 10_2_0112296C | |
Source: | Code function: | 10_2_011224B4 | |
Source: | Code function: | 10_2_01129F1B | |
Source: | Code function: | 10_2_01128700 | |
Source: | Code function: | 10_2_01127200 | |
Source: | Code function: | 10_2_01124277 | |
Source: | Code function: | 10_2_01124279 | |
Source: | Code function: | 10_2_0112728F | |
Source: | Code function: | 10_2_01121AA2 |
Enables debug privileges | Show sources |
Source: | Process token adjusted: | Jump to behavior |
Creates guard pages, often used to prevent reverse engineering and debugging | Show sources |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Creates a process in suspended mode (likely to inject code) | Show sources |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Language, Device and Operating System Detection: |
---|
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Queries the cryptographic machine GUID | Show sources |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Uses netsh to modify the Windows network and firewall settings | Show sources |
Source: | Process created: |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Username: ": "=0A0jhVRt", "URL: ": "http://65WgO3Tt3vwSLEL.net", "To: ": "chimez2@originloger.com", "ByHost: ": "us2.smtp.mailhostbox.com:587", "Password: ": "DSMwV2T", "From: ": "chimez2@originloger.com"}
Signature Similarity |
---|
Sample Distance (10 = nearest)
10
9
8
7
6
5
4
3
2
1
Samplename | Analysis ID | SHA256 | Similarity |
---|
Behavior Graph |
---|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
16% | Virustotal | Browse |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
9% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
3% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Yara Overview |
---|
Initial Sample |
---|
No yara matches |
---|
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
No yara matches |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
LokiBot_Dropper_Packed_R11_Feb18 | Auto-generated rule - file scan copy.pdf.r11 | Florian Roth |
| |
LokiBot_Dropper_Packed_R11_Feb18_RID328F | Semiautomatic generated rule - file scan copy.pdf.r11 | Florian Roth |
| |
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
LokiBot_Dropper_Packed_R11_Feb18 | Auto-generated rule - file scan copy.pdf.r11 | Florian Roth |
| |
LokiBot_Dropper_Packed_R11_Feb18_RID328F | Semiautomatic generated rule - file scan copy.pdf.r11 | Florian Roth |
| |
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security |
Unpacked PEs |
---|
No yara matches |
---|
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: RegAsm connects to smtp port | Show sources |
Source: | Author: Joe Security: |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
208.91.199.223 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
us2.smtp.mailhostbox.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
unknown | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
unknown | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Startup |
---|
|
Created / dropped Files |
---|
No created / dropped files found |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
us2.smtp.mailhostbox.com | 208.91.199.223 | true | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
true |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|
167.114.85.125 | Canada | 16276 | unknown | true | |
208.91.199.223 | United States | 394695 | unknown | false |
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 3.92078412945187 |
TrID: |
|
File name: | bF7H5z6B1q.exe |
File size: | 212992 |
MD5: | 87e74af7016e8a9b9304dc537fa093da |
SHA1: | 7e0a71b9c8d3396c19771c7da01c28a7a3eb93e0 |
SHA256: | 350b35550e10e3ed50b1337e8899ab2eb9c9cbae7c077027f52bab3c5266bb84 |
SHA512: | 08b1af8f928cb5f73f7817ff6317b33d55d668650511761bbd206d5faad674a89bcc55622ba51ab9ed8a940c79cd34e1fe846c6511abf311bafebfbbe3d755ff |
SSDEEP: | 1536:cWhaegAOJazn5fhO/o3N8GeXGLaS8Bv4ZvYoaaZmiVkweQHOXhtGwM5S58hSAr:laeYWCG7eJBzsXNOhtAu8hSs |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................................Rich............PE..L......U..................... ............... ....@................ |
File Icon |
---|
Icon Hash: | 20047c7c70f0e004 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4018fc |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x55E9C4F6 [Fri Sep 4 16:21:10 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 776b924fcfd3a36414d026f428f50133 |
Entrypoint Preview |
---|
Instruction |
---|
push 00425528h |
call 00007F2BA0940565h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ebp+50A66F9Bh], al |
imul esp, dword ptr [esi+ecx*2], 928A4885h |
push eax |
nop |
daa |
imul eax, dword ptr [eax], 00000000h |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [esi+67h], ch |
and byte ptr [eax], ch |
inc edx |
outsw |
jc 00007F2BA09405DEh |
jnc 00007F2BA09405E0h |
imul ebp, dword ptr [esi+67h], 4E529B00h |
sbb byte ptr [eax], al |
add byte ptr [eax], 00000000h |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
inc edi |
int3 |
out 50h, eax |
retn 85BBh |
jp 00007F2BA09405BBh |
mov cl, DBh |
push edi |
imul eax, dword ptr [ebp+6547357Dh], 26h |
cmp dword ptr [esi+01h], ebp |
push esp |
dec edx |
mov seg?, ax |
int 37h |
je 00007F2BA0940584h |
mov bh, 3Ah |
dec edi |
lodsd |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
cmp dword ptr [edx], 02h |
add byte ptr [eax+00h], al |
add byte ptr [eax], al |
add byte ptr [eax+eax], al |
jnc 00007F2BA09405E0h |
popad |
jc 00007F2BA0940572h |
or eax, 43000801h |
dec esp |
inc ebp |
dec ebp |
inc ebx |
dec esp |
inc ebp |
dec ebp |
add byte ptr [ecx], bl |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x319c4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x33000 | 0x908 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x12c | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x30eac | 0x31000 | False | 0.266855668048 | data | 4.06885184281 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x32000 | 0xd84 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x33000 | 0x908 | 0x1000 | False | 0.170166015625 | data | 1.97293268134 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x337d8 | 0x130 | data | ||
RT_ICON | 0x334f0 | 0x2e8 | data | ||
RT_ICON | 0x333c8 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x33398 | 0x30 | data | ||
RT_VERSION | 0x33150 | 0x248 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | __vbaR8FixI4, _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, __vbaObjVar, __vbaCastObjVar, _adj_fpatan, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaVarSetObj, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaLateMemCall, __vbaVarLateMemCallLd, __vbaFpI4, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
InternalName | Ophic |
FileVersion | 1.00.0004 |
CompanyName | MOrtisClod |
Comments | MOrtisClod |
ProductName | Epigon |
ProductVersion | 1.00.0004 |
OriginalFilename | Ophic.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/22/20-21:58:16.092094 | TCP | 2018752 | ET TROJAN Generic .bin download from Dotted Quad | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 22, 2020 21:58:15.989227057 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.091386080 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.091686964 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.092093945 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.194216013 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.194374084 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.194391966 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.194633961 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.194650888 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.194665909 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.194814920 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.194844961 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.194881916 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.194952965 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.194978952 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.195055962 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.195090055 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.195121050 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.195182085 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.195241928 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.195285082 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.195334911 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.195415020 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.195457935 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.296952009 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.296969891 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.296988964 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.297075033 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.297147036 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.297184944 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.297256947 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.297261953 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.297398090 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.297415018 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.297436953 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.297552109 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.297594070 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.297724962 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.297807932 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.297835112 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.297907114 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.297924042 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.297995090 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.298026085 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.298104048 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.298129082 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.298161983 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.298253059 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.298331022 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.298363924 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.298432112 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.298477888 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.298500061 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.298608065 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.298626900 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.298784018 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.298810005 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.298907995 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.298976898 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.299122095 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.399498940 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.399521112 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.399538994 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.399611950 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.399799109 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.399849892 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.399868011 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.400043011 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.400068045 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.400075912 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.400190115 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.400218964 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.400249958 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.400306940 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.400371075 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.400427103 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.400461912 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.400537968 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.400614023 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.400640965 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.400717020 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.400800943 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.400882959 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.400899887 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.400994062 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.401027918 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.401101112 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.401135921 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.401196003 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.401230097 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.401282072 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.401359081 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.401365995 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.401479959 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.401506901 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.401597023 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.401609898 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.401717901 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.401726007 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.401839972 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.401844978 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.401946068 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.401992083 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.402065039 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.402117014 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.402184963 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.402205944 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.402302980 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.402314901 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.402420998 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.402435064 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.402542114 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.402554989 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.402661085 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.402671099 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.402780056 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.402785063 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.402896881 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.402904034 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.403017044 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.403023005 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.403136015 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.403137922 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.403254032 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.403258085 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.403373957 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.403376102 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.403491974 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.501965046 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.501981974 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.502187014 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.502202988 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.502274990 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.502337933 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.502393961 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.502414942 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.502546072 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.502629042 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.502630949 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.502717018 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.502748013 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.502806902 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.502862930 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.502896070 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.502984047 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.503061056 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.503118038 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.503158092 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.503223896 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.503241062 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.503345966 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.503350019 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.503463984 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.503470898 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.503582001 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.503591061 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.503700018 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.503707886 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.503820896 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.503895044 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.503927946 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.503987074 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.504039049 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.504072905 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.504157066 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.504168987 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.504287004 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.504295111 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.504406929 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.504412889 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.504524946 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.504533052 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.504645109 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.504650116 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.504770041 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.504770994 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.504884005 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.504899025 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.505000114 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.505012035 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.505121946 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.505140066 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.505240917 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.505248070 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.505358934 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.505429029 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.505481005 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.505522966 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.505594969 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.505680084 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.505711079 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.505801916 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.505839109 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.505852938 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.505954981 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.506062031 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.506069899 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.506153107 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.506190062 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.506251097 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.506318092 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.506371021 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.506422043 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.506496906 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.506545067 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.506576061 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.506666899 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.506742954 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.506828070 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.506829023 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.506917953 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.506956100 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.507026911 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.507051945 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.507148027 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.507200956 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.507251978 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.507329941 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.507379055 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.507452965 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.507499933 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.507531881 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.507615089 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.507622004 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.507738113 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.507740974 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.507857084 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.507859945 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.507976055 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.507977962 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.508094072 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.508097887 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.508213043 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.508328915 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.508408070 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.508445978 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.508533955 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.508569002 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.508635998 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.508682013 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.508718014 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.508812904 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.508884907 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.508924007 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.508974075 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.509035110 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.509044886 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.509166956 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.509247065 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.509284019 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.509337902 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.509403944 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.509423018 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.509526968 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.509531021 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.509644032 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.509654045 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.509771109 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.509805918 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.509947062 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.604552984 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.604571104 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.604686975 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.604733944 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.604744911 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.604768991 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.604887962 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.604980946 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.604998112 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.605196953 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.605251074 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.605268955 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.605381012 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.605439901 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.605459929 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.605519056 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.605576992 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.605598927 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.605699062 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.605771065 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.605846882 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.605859041 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.606039047 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.606054068 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.606061935 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.606205940 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.606225014 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.606323004 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.606411934 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.606432915 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.606527090 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.606558084 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.606585026 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.606653929 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.606686115 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.606777906 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.606781960 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.606884003 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.606911898 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.607002020 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.607011080 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.607139111 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.607165098 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.607254028 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.607316971 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.607355118 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.607408047 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.607490063 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.607498884 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.607626915 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.607640028 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.607729912 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.607811928 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.607830048 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.607903957 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.607954025 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.607992887 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.608069897 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.608072996 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.608190060 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.608256102 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.608304977 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.608340025 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.608426094 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.608428955 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.608549118 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.608556986 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.608665943 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.608736038 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.608819008 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.608829021 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.608916998 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.608992100 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.609016895 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.609081984 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.609132051 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.609164953 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.609261990 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.609324932 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.609376907 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.609406948 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.609493971 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.609498978 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.609617949 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.609678984 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.609728098 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.609776020 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.609858036 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.609862089 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.609976053 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.609976053 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.610093117 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.610095978 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.610213041 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.610217094 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.610330105 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.610335112 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.610446930 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.610451937 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.610569000 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.610569000 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.610686064 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.610690117 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.610805988 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.610807896 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.610924006 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.610925913 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.611042976 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.611044884 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.611161947 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.611165047 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.611283064 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.611283064 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.611402035 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.611411095 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.611522913 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.611586094 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.611638069 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.611677885 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.611761093 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.611807108 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.611903906 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.611995935 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.612015963 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.612116098 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.612236023 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.612273932 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.612353086 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.612385988 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.612473965 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.612477064 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.612595081 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.612658978 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.612709999 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.612735987 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.612831116 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.612905979 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.612942934 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.612977028 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.613065958 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.613078117 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.613192081 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.613241911 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.613295078 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.613342047 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.613426924 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.613432884 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.613548994 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.613555908 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.613666058 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.613733053 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.613785028 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.613821030 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.613900900 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.613907099 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.614012957 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.614023924 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.614139080 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.614206076 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.614257097 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.614279032 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.614377975 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.614451885 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.614490986 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.614525080 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.614614964 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:16.614623070 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.614639997 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:16.614774942 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:21.546791077 CEST | 80 | 49768 | 167.114.85.125 | 192.168.0.80 |
Apr 22, 2020 21:58:21.546901941 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 21:58:47.761327028 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:47.903593063 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:47.904134035 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:48.551398993 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:48.552267075 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:48.694659948 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:48.694683075 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:48.695025921 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:48.837642908 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:48.893582106 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:49.062138081 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:49.205146074 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:49.205178976 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:49.205197096 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:49.205212116 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:49.205229044 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:49.205317974 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:49.252918005 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:49.347939014 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:49.367754936 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:49.514146090 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:49.566114902 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:49.571497917 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:49.713892937 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:49.722738028 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:49.866230011 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:49.867578983 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:50.012317896 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:50.013585091 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:50.157202005 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:50.158406019 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:50.331295967 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:50.332004070 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:50.475039005 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:50.490371943 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:50.490700006 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:50.490895033 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:50.491103888 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 21:58:50.632977962 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:50.633002043 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:50.730345011 CEST | 587 | 49771 | 208.91.199.223 | 192.168.0.80 |
Apr 22, 2020 21:58:50.783814907 CEST | 49771 | 587 | 192.168.0.80 | 208.91.199.223 |
Apr 22, 2020 22:00:05.907879114 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 22:00:06.265427113 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 22:00:06.874631882 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 22:00:08.077517986 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
Apr 22, 2020 22:00:10.483167887 CEST | 49768 | 80 | 192.168.0.80 | 167.114.85.125 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 22, 2020 21:58:10.427838087 CEST | 61715 | 53 | 192.168.0.80 | 1.1.1.1 |
Apr 22, 2020 21:58:10.436350107 CEST | 53 | 61715 | 1.1.1.1 | 192.168.0.80 |
Apr 22, 2020 21:58:26.700720072 CEST | 65110 | 53 | 192.168.0.80 | 1.1.1.1 |
Apr 22, 2020 21:58:26.709319115 CEST | 53 | 65110 | 1.1.1.1 | 192.168.0.80 |
Apr 22, 2020 21:58:32.610244036 CEST | 64961 | 53 | 192.168.0.80 | 1.1.1.1 |
Apr 22, 2020 21:58:32.618798018 CEST | 53 | 64961 | 1.1.1.1 | 192.168.0.80 |
Apr 22, 2020 21:58:47.732878923 CEST | 64185 | 53 | 192.168.0.80 | 1.1.1.1 |
Apr 22, 2020 21:58:47.741924047 CEST | 53 | 64185 | 1.1.1.1 | 192.168.0.80 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 22, 2020 21:58:47.732878923 CEST | 192.168.0.80 | 1.1.1.1 | 0x8622 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 22, 2020 21:58:47.741924047 CEST | 1.1.1.1 | 192.168.0.80 | 0x8622 | No error (0) | 208.91.199.223 | A (IP address) | IN (0x0001) | ||
Apr 22, 2020 21:58:47.741924047 CEST | 1.1.1.1 | 192.168.0.80 | 0x8622 | No error (0) | 208.91.199.224 | A (IP address) | IN (0x0001) | ||
Apr 22, 2020 21:58:47.741924047 CEST | 1.1.1.1 | 192.168.0.80 | 0x8622 | No error (0) | 208.91.198.143 | A (IP address) | IN (0x0001) | ||
Apr 22, 2020 21:58:47.741924047 CEST | 1.1.1.1 | 192.168.0.80 | 0x8622 | No error (0) | 208.91.199.225 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.0.80 | 49768 | 167.114.85.125 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 22, 2020 21:58:16.092093945 CEST | 4947 | OUT | |
Apr 22, 2020 21:58:16.194374084 CEST | 4948 | IN |