Analysis Report Invoice# 77-83992-8297382 (2).exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Click to see the 43 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Click to see the 11 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_016AE3B0 | |
Source: | Code function: | 0_2_016A8DC0 | |
Source: | Code function: | 0_2_016AE3A0 | |
Source: | Code function: | 0_2_016A8DB1 | |
Source: | Code function: | 4_2_00DBE3A0 | |
Source: | Code function: | 4_2_00DB8DC0 | |
Source: | Code function: | 4_2_00DB8DB1 |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: |
Source: | Code function: | 0_2_0F2E2FE8 |
Source: | Code function: | 0_2_016AB180 | |
Source: | Code function: | 0_2_016AEBA0 | |
Source: | Code function: | 0_2_016AE3B0 | |
Source: | Code function: | 0_2_016A9A50 | |
Source: | Code function: | 0_2_016A0448 | |
Source: | Code function: | 0_2_016ACC40 | |
Source: | Code function: | 0_2_016A6C10 | |
Source: | Code function: | 0_2_016A34F8 | |
Source: | Code function: | 0_2_016A8F58 | |
Source: | Code function: | 0_2_016AB170 | |
Source: | Code function: | 0_2_016AE3A0 | |
Source: | Code function: | 0_2_016AEB90 | |
Source: | Code function: | 0_2_016A9A3F | |
Source: | Code function: | 0_2_016ACC30 | |
Source: | Code function: | 0_2_016A8F4A | |
Source: | Code function: | 0_2_016AF648 | |
Source: | Code function: | 0_2_0F2E4748 | |
Source: | Code function: | 0_2_0F2E1EA8 | |
Source: | Code function: | 0_2_0F2E0040 | |
Source: | Code function: | 0_2_0F2E4738 | |
Source: | Code function: | 0_2_0F2E5368 | |
Source: | Code function: | 0_2_0F2E1620 | |
Source: | Code function: | 0_2_0F2E1E9D | |
Source: | Code function: | 0_2_0F2E2930 | |
Source: | Code function: | 0_2_0F2E11A8 | |
Source: | Code function: | 0_2_0F2E35F0 | |
Source: | Code function: | 1_2_02F0E480 | |
Source: | Code function: | 1_2_02F0E471 | |
Source: | Code function: | 1_2_02F0BBD4 | |
Source: | Code function: | 1_2_066B0040 | |
Source: | Code function: | 4_2_00DBB170 | |
Source: | Code function: | 4_2_00DB9A3F | |
Source: | Code function: | 4_2_00DBEBA0 | |
Source: | Code function: | 4_2_00DBE3A0 | |
Source: | Code function: | 4_2_00DB34F8 | |
Source: | Code function: | 4_2_00DB0448 | |
Source: | Code function: | 4_2_00DB3C60 | |
Source: | Code function: | 4_2_00DB6C10 | |
Source: | Code function: | 4_2_00DBCC30 | |
Source: | Code function: | 4_2_00DB8F4A | |
Source: | Code function: | 4_2_00DBEB90 | |
Source: | Code function: | 4_2_00DB0427 | |
Source: | Code function: | 4_2_00DBF658 | |
Source: | Code function: | 4_2_0E994748 | |
Source: | Code function: | 4_2_0E991F60 | |
Source: | Code function: | 4_2_0E990040 | |
Source: | Code function: | 4_2_0E991620 | |
Source: | Code function: | 4_2_0E994738 | |
Source: | Code function: | 4_2_0E991F51 | |
Source: | Code function: | 4_2_0E995368 | |
Source: | Code function: | 4_2_0E9911A8 | |
Source: | Code function: | 4_2_0E9929A8 | |
Source: | Code function: | 4_2_0E9935F0 | |
Source: | Code function: | 7_2_0126E471 | |
Source: | Code function: | 7_2_0126E480 | |
Source: | Code function: | 7_2_0126BBD4 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Detected Nanocore Rat | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts1 | Windows Management Instrumentation | Valid Accounts1 | Valid Accounts1 | Masquerading2 | Input Capture11 | Security Software Discovery11 | Remote Services | Input Capture11 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Access Token Manipulation1 | Valid Accounts1 | LSASS Memory | Virtualization/Sandbox Evasion2 | Remote Desktop Protocol | Archive Collected Data11 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Process Injection112 | Virtualization/Sandbox Evasion2 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Remote Access Software1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Access Token Manipulation1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Disable or Modify Tools1 | LSA Secrets | System Information Discovery12 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol1 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Process Injection112 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Deobfuscate/Decode Files or Information1 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Hidden Files and Directories1 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Obfuscated Files or Information1 | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Software Packing11 | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | ReversingLabs | Win32.Trojan.Bulz |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | ReversingLabs | Win32.Trojan.Bulz |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File | ||
100% | Avira | TR/NanoCore.fadte | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
1.ispnano.dns-cloud.net | 194.5.97.173 | true | false | unknown | |
g.msn.com | unknown | unknown | false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 339193 |
Start date: | 13.01.2021 |
Start time: | 17:08:28 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 11m 56s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Invoice# 77-83992-8297382 (2).exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 30 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@6/5@39/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
17:09:35 | API Interceptor | |
17:09:38 | Autostart |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
194.5.97.173 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
1.ispnano.dns-cloud.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DANILENKODE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\Invoice# 77-83992-8297382 (2).exe |
File Type: | |
Category: | dropped |
Size (bytes): | 849920 |
Entropy (8bit): | 5.429435248347001 |
Encrypted: | false |
SSDEEP: | 12288:L0Fi3dg/zDNj6udDKlNCyPhf223d9ZSn9Vb:oi3dg/PNj/KlRbZSnb |
MD5: | 4C67EB7B3F4EA88E5E5487ADE487DE3F |
SHA1: | D118AE4BEEF890783251D53F3F7FE5E6C9A65A10 |
SHA-256: | DB433304C3E22D8222CFE510E8548515C9DCCFC9F080F94EFC67AA11F44A6B3F |
SHA-512: | 37609EA4261FE4DADF403A05014DB11DEFAE9A65CEF8C5639A56166A379B1151EE48100F6726D8160AEFAD9C49EA6A5430E17526B87A41DC2366E6C23CE4759C |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Invoice# 77-83992-8297382 (2).exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\Invoice# 77-83992-8297382 (2).exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1451 |
Entropy (8bit): | 5.345862727722058 |
Encrypted: | false |
SSDEEP: | 24:ML9E4Ks2eE4O1lEE4UVwPKDE4KhK3VZ9pKhuE4IWUAE4KI6no84G1qE4j:MxHKXeHKlEHU0YHKhQnouHIW7HKjovGm |
MD5: | 06F54CDBFEF62849AF5AE052722BD7B6 |
SHA1: | FB0250AAC2057D0B5BCE4CE130891E428F28DA05 |
SHA-256: | 4C039B93A728B546F49C47ED8B448D40A3553CDAABB147067AEE3958133CB446 |
SHA-512: | 34EF5F6D5EAB0E5B11AC81F0D72FC56304291EDEEF6D19DF7145FDECAB5D342767DBBC0B4384B8DECB5741E6B85A4B431DF14FBEB5DDF2DEE103064D2895EABB |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1451 |
Entropy (8bit): | 5.345862727722058 |
Encrypted: | false |
SSDEEP: | 24:ML9E4Ks2eE4O1lEE4UVwPKDE4KhK3VZ9pKhuE4IWUAE4KI6no84G1qE4j:MxHKXeHKlEHU0YHKhQnouHIW7HKjovGm |
MD5: | 06F54CDBFEF62849AF5AE052722BD7B6 |
SHA1: | FB0250AAC2057D0B5BCE4CE130891E428F28DA05 |
SHA-256: | 4C039B93A728B546F49C47ED8B448D40A3553CDAABB147067AEE3958133CB446 |
SHA-512: | 34EF5F6D5EAB0E5B11AC81F0D72FC56304291EDEEF6D19DF7145FDECAB5D342767DBBC0B4384B8DECB5741E6B85A4B431DF14FBEB5DDF2DEE103064D2895EABB |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\Invoice# 77-83992-8297382 (2).exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:aYl:aQ |
MD5: | 49CFF363A29F80058C2F4C57C1021A70 |
SHA1: | A498CB7524C13C67F39E088417AEE9193645F6F0 |
SHA-256: | 04941065834332F29ECCFACA73DD5BFA47DE6B7628E23F45C50EB229893210AD |
SHA-512: | 0E2FB71980BA615F463FB5FF6C6CCA2893912B0219F4B0497AA19A6D856155DAD0D3C5DC5B7808EEAE9545791C2656B633B978F583DA6E2AC2B1BCA331976CC6 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.429435248347001 |
TrID: |
|
File name: | Invoice# 77-83992-8297382 (2).exe |
File size: | 849920 |
MD5: | 4c67eb7b3f4ea88e5e5487ade487de3f |
SHA1: | d118ae4beef890783251d53f3f7fe5e6c9a65a10 |
SHA256: | db433304c3e22d8222cfe510e8548515c9dccfc9f080f94efc67aa11f44a6b3f |
SHA512: | 37609ea4261fe4dadf403a05014db11defae9a65cef8c5639a56166a379b1151ee48100f6726d8160aefad9c49ea6a5430e17526b87a41dc2366e6c23ce4759c |
SSDEEP: | 12288:L0Fi3dg/zDNj6udDKlNCyPhf223d9ZSn9Vb:oi3dg/PNj/KlRbZSnb |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......7..............P.................. ... ....@.. .......................`............`................................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4d0c1e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
Time Stamp: | 0x37DD8418 [Mon Sep 13 23:09:12 1999 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xd0bcc | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd2000 | 0x596 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xd4000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xcec24 | 0xcee00 | False | 0.490468041918 | data | 5.43331937316 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xd2000 | 0x596 | 0x600 | False | 0.413411458333 | data | 4.05390274957 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xd4000 | 0xc | 0x200 | False | 0.044921875 | data | 0.0815394123432 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0xd20a0 | 0x30c | data | ||
RT_MANIFEST | 0xd23ac | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2021 |
Assembly Version | 1.0.0.0 |
InternalName | Stub52.exe |
FileVersion | 1.0.0.0 |
CompanyName | |
LegalTrademarks | |
Comments | |
ProductName | Stub52 |
ProductVersion | 1.0.0.0 |
FileDescription | Stub52 |
OriginalFilename | Stub52.exe |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 13, 2021 17:09:36.716850042 CET | 49712 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:09:36.768384933 CET | 10004 | 49712 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:09:37.277143955 CET | 49712 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:09:37.326282978 CET | 10004 | 49712 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:09:37.839719057 CET | 49712 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:09:37.889018059 CET | 10004 | 49712 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:09:43.399245024 CET | 49713 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:09:43.448784113 CET | 10004 | 49713 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:09:44.027650118 CET | 49713 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:09:44.077121973 CET | 10004 | 49713 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:09:44.637187958 CET | 49713 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:09:44.686736107 CET | 10004 | 49713 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:09:48.800421953 CET | 49717 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:09:48.849715948 CET | 10004 | 49717 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:09:49.528851986 CET | 49717 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:09:49.578217983 CET | 10004 | 49717 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:09:50.137547016 CET | 49717 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:09:50.186742067 CET | 10004 | 49717 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:09:54.329802036 CET | 49720 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:09:54.379086018 CET | 10004 | 49720 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:09:55.028629065 CET | 49720 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:09:55.077912092 CET | 10004 | 49720 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:09:55.638024092 CET | 49720 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:09:55.688035011 CET | 10004 | 49720 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:09:59.924818993 CET | 49724 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:09:59.974153042 CET | 10004 | 49724 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:00.540069103 CET | 49724 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:00.589448929 CET | 10004 | 49724 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:01.138472080 CET | 49724 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:01.254395962 CET | 10004 | 49724 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:05.364154100 CET | 49728 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:05.414776087 CET | 10004 | 49728 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:05.928263903 CET | 49728 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:05.977524996 CET | 10004 | 49728 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:06.530002117 CET | 49728 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:06.579221010 CET | 10004 | 49728 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:10.730393887 CET | 49738 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:10.779676914 CET | 10004 | 49738 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:11.279241085 CET | 49738 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:11.328452110 CET | 10004 | 49738 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:11.983228922 CET | 49738 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:12.033037901 CET | 10004 | 49738 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:16.135730982 CET | 49749 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:16.184935093 CET | 10004 | 49749 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:16.686604023 CET | 49749 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:16.735814095 CET | 10004 | 49749 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:17.374187946 CET | 49749 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:17.423360109 CET | 10004 | 49749 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:21.603288889 CET | 49750 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:21.652797937 CET | 10004 | 49750 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:22.187079906 CET | 49750 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:22.236682892 CET | 10004 | 49750 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:22.780889988 CET | 49750 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:22.833842993 CET | 10004 | 49750 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:26.931889057 CET | 49753 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:26.981302977 CET | 10004 | 49753 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:27.484529018 CET | 49753 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:27.533932924 CET | 10004 | 49753 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:28.046943903 CET | 49753 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:28.096316099 CET | 10004 | 49753 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:32.224612951 CET | 49754 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:32.274112940 CET | 10004 | 49754 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:32.781811953 CET | 49754 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:32.831726074 CET | 10004 | 49754 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:33.344243050 CET | 49754 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:33.393853903 CET | 10004 | 49754 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:37.569816113 CET | 49755 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:37.619103909 CET | 10004 | 49755 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:38.125946045 CET | 49755 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:38.175285101 CET | 10004 | 49755 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:38.688491106 CET | 49755 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:38.737788916 CET | 10004 | 49755 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:42.835010052 CET | 49756 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:42.884427071 CET | 10004 | 49756 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:43.392069101 CET | 49756 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:43.460846901 CET | 10004 | 49756 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:43.970176935 CET | 49756 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:44.019666910 CET | 10004 | 49756 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:48.126225948 CET | 49757 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:48.175662994 CET | 10004 | 49757 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:48.689410925 CET | 49757 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:48.738691092 CET | 10004 | 49757 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:49.252041101 CET | 49757 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:49.301299095 CET | 10004 | 49757 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:53.429653883 CET | 49758 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:53.479063034 CET | 10004 | 49758 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:53.989485025 CET | 49758 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:54.038609982 CET | 10004 | 49758 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:54.549243927 CET | 49758 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:54.598433971 CET | 10004 | 49758 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:58.731355906 CET | 49759 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:58.780493975 CET | 10004 | 49759 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:59.284090042 CET | 49759 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:59.333575010 CET | 10004 | 49759 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:10:59.846481085 CET | 49759 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:10:59.895761967 CET | 10004 | 49759 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:04.107656002 CET | 49760 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:04.157145023 CET | 10004 | 49760 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:04.659398079 CET | 49760 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:04.709103107 CET | 10004 | 49760 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:05.221992016 CET | 49760 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:05.271406889 CET | 10004 | 49760 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:11.270730019 CET | 49761 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:11.319988012 CET | 10004 | 49761 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:11.831831932 CET | 49761 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:11.881004095 CET | 10004 | 49761 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:12.394362926 CET | 49761 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:12.444956064 CET | 10004 | 49761 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:16.628418922 CET | 49764 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:16.677779913 CET | 10004 | 49764 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:17.191637039 CET | 49764 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:17.241030931 CET | 10004 | 49764 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:17.754206896 CET | 49764 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:17.803564072 CET | 10004 | 49764 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:21.934524059 CET | 49765 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:21.987149000 CET | 10004 | 49765 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:22.489048958 CET | 49765 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:22.538125038 CET | 10004 | 49765 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:23.051522970 CET | 49765 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:23.100675106 CET | 10004 | 49765 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:27.202641010 CET | 49766 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:27.251967907 CET | 10004 | 49766 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:27.755142927 CET | 49766 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:27.804662943 CET | 10004 | 49766 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:28.317595005 CET | 49766 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:28.366888046 CET | 10004 | 49766 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:32.506751060 CET | 49767 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:32.555866957 CET | 10004 | 49767 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:33.068326950 CET | 49767 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:33.117489100 CET | 10004 | 49767 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:33.630503893 CET | 49767 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:33.679714918 CET | 10004 | 49767 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:37.886945009 CET | 49768 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:37.936693907 CET | 10004 | 49768 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:38.443414927 CET | 49768 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:38.492921114 CET | 10004 | 49768 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:39.005964041 CET | 49768 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:39.056788921 CET | 10004 | 49768 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:43.157021046 CET | 49769 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:43.206331015 CET | 10004 | 49769 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:43.709722996 CET | 49769 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:43.758857965 CET | 10004 | 49769 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:44.272111893 CET | 49769 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:44.321363926 CET | 10004 | 49769 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:48.536966085 CET | 49772 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:48.586213112 CET | 10004 | 49772 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:49.100599051 CET | 49772 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:49.150079012 CET | 10004 | 49772 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:49.663084984 CET | 49772 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:49.712935925 CET | 10004 | 49772 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:53.847565889 CET | 49773 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:53.896764994 CET | 10004 | 49773 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:54.397891998 CET | 49773 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:54.447297096 CET | 10004 | 49773 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:11:54.960439920 CET | 49773 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:11:55.009988070 CET | 10004 | 49773 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:01.266836882 CET | 49774 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:01.316265106 CET | 10004 | 49774 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:01.915467024 CET | 49774 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:01.964806080 CET | 10004 | 49774 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:02.523214102 CET | 49774 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:02.572539091 CET | 10004 | 49774 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:06.670568943 CET | 49777 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:06.720004082 CET | 10004 | 49777 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:07.228813887 CET | 49777 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:07.278978109 CET | 10004 | 49777 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:07.815005064 CET | 49777 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:07.864326954 CET | 10004 | 49777 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:11.970531940 CET | 49783 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:12.019689083 CET | 10004 | 49783 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:12.530124903 CET | 49783 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:12.579417944 CET | 10004 | 49783 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:13.217650890 CET | 49783 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:13.267040968 CET | 10004 | 49783 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:17.381640911 CET | 49787 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:17.430819988 CET | 10004 | 49787 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:17.936811924 CET | 49787 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:17.985955000 CET | 10004 | 49787 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:18.499368906 CET | 49787 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:18.548578978 CET | 10004 | 49787 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:22.706068993 CET | 49788 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:22.755253077 CET | 10004 | 49788 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:23.265444040 CET | 49788 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:23.314702034 CET | 10004 | 49788 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:23.828996897 CET | 49788 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:23.878385067 CET | 10004 | 49788 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:28.031662941 CET | 49789 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:28.080996037 CET | 10004 | 49789 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:28.593987942 CET | 49789 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:28.643279076 CET | 10004 | 49789 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:29.156528950 CET | 49789 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:29.205878973 CET | 10004 | 49789 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:33.278913975 CET | 49790 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:33.328360081 CET | 10004 | 49790 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:33.828773022 CET | 49790 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:33.878405094 CET | 10004 | 49790 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:34.391370058 CET | 49790 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:34.440861940 CET | 10004 | 49790 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:38.513010025 CET | 49791 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:38.562539101 CET | 10004 | 49791 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:39.063642979 CET | 49791 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:39.113276958 CET | 10004 | 49791 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:39.626152039 CET | 49791 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:39.675518036 CET | 10004 | 49791 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:43.747081995 CET | 49792 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:43.797219038 CET | 10004 | 49792 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:44.298511982 CET | 49792 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:44.347872972 CET | 10004 | 49792 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:44.861104965 CET | 49792 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:44.911178112 CET | 10004 | 49792 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:48.984991074 CET | 49793 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:49.034157038 CET | 10004 | 49793 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:49.548923016 CET | 49793 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:49.598165035 CET | 10004 | 49793 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:50.111371040 CET | 49793 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:50.160742998 CET | 10004 | 49793 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:54.235516071 CET | 49794 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:54.284753084 CET | 10004 | 49794 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:54.799325943 CET | 49794 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:54.848685980 CET | 10004 | 49794 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:55.361808062 CET | 49794 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:55.413533926 CET | 10004 | 49794 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:12:59.485568047 CET | 49795 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:12:59.537291050 CET | 10004 | 49795 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:13:00.049704075 CET | 49795 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:13:00.098994970 CET | 10004 | 49795 | 194.5.97.173 | 192.168.2.3 |
Jan 13, 2021 17:13:00.612215042 CET | 49795 | 10004 | 192.168.2.3 | 194.5.97.173 |
Jan 13, 2021 17:13:00.661590099 CET | 10004 | 49795 | 194.5.97.173 | 192.168.2.3 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 13, 2021 17:09:28.497873068 CET | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:09:28.545753002 CET | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:09:30.097846985 CET | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:09:30.148536921 CET | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:09:36.633502007 CET | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:09:36.703766108 CET | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:09:43.339847088 CET | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:09:43.396136045 CET | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:09:47.129807949 CET | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:09:47.187757015 CET | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:09:48.737692118 CET | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:09:48.799089909 CET | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:09:49.170738935 CET | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:09:49.221443892 CET | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:09:54.257950068 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:09:54.327219009 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:09:57.605323076 CET | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:09:57.665364027 CET | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:09:58.054920912 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:09:58.105823994 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:09:58.906404972 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:09:58.954344034 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:09:59.875073910 CET | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:09:59.922853947 CET | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:01.104103088 CET | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:01.154850006 CET | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:04.195559025 CET | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:04.251647949 CET | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:05.037314892 CET | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:05.085202932 CET | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:05.305628061 CET | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:05.362389088 CET | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:05.939368010 CET | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:05.987246990 CET | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:06.753321886 CET | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:06.804006100 CET | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:07.158162117 CET | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:07.216087103 CET | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:07.363090038 CET | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:07.420190096 CET | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:07.619266987 CET | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:07.667121887 CET | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:08.528155088 CET | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:08.578916073 CET | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:08.703545094 CET | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:08.762765884 CET | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:09.439726114 CET | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:09.490441084 CET | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:10.292624950 CET | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:10.340560913 CET | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:10.680809975 CET | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:10.728758097 CET | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:11.144009113 CET | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:11.191858053 CET | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:11.978118896 CET | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:12.027245045 CET | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:13.100095987 CET | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:13.147995949 CET | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:13.912931919 CET | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:13.960949898 CET | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:14.609074116 CET | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:14.669406891 CET | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:14.829952002 CET | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:14.877903938 CET | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:16.075653076 CET | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:16.134773016 CET | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:21.541862011 CET | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:21.602304935 CET | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:23.246170044 CET | 56338 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:23.294035912 CET | 53 | 56338 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:26.182544947 CET | 59420 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:26.246912003 CET | 53 | 59420 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:26.873873949 CET | 58784 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:26.930425882 CET | 53 | 58784 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:32.166691065 CET | 63978 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:32.223047972 CET | 53 | 63978 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:37.515794039 CET | 62938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:37.566517115 CET | 53 | 62938 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:42.785608053 CET | 55708 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:42.833533049 CET | 53 | 55708 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:48.068613052 CET | 56803 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:48.124769926 CET | 53 | 56803 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:53.342681885 CET | 57145 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:53.399116993 CET | 53 | 57145 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:10:58.670852900 CET | 55359 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:10:58.729885101 CET | 53 | 55359 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:11:04.047702074 CET | 58306 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:11:04.105832100 CET | 53 | 58306 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:11:11.220237970 CET | 64124 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:11:11.268183947 CET | 53 | 64124 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:11:12.391298056 CET | 49361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:11:12.441092014 CET | 53 | 49361 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:11:16.535574913 CET | 63150 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:11:16.591797113 CET | 53 | 63150 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:11:21.867281914 CET | 53279 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:11:21.917999029 CET | 53 | 53279 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:11:27.144418955 CET | 56881 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:11:27.200948954 CET | 53 | 56881 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:11:32.449100018 CET | 53642 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:11:32.505148888 CET | 53 | 53642 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:11:37.825323105 CET | 55667 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:11:37.884396076 CET | 53 | 55667 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:11:43.098982096 CET | 54833 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:11:43.155555964 CET | 53 | 54833 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:11:47.840683937 CET | 62476 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:11:47.889309883 CET | 53 | 62476 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:11:48.292572975 CET | 49705 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:11:48.363360882 CET | 53 | 49705 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:11:48.474570036 CET | 61477 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:11:48.533888102 CET | 53 | 61477 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:11:53.790071011 CET | 61633 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:11:53.846435070 CET | 53 | 61633 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:01.194253922 CET | 55949 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:01.253833055 CET | 53 | 55949 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:05.255992889 CET | 57601 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:05.306658983 CET | 53 | 57601 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:06.062604904 CET | 49342 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:06.135001898 CET | 53 | 49342 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:06.609291077 CET | 56253 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:06.668634892 CET | 53 | 56253 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:07.035053015 CET | 49667 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:07.091231108 CET | 53 | 49667 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:07.822472095 CET | 55439 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:07.878669977 CET | 53 | 55439 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:08.999607086 CET | 57069 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:09.071839094 CET | 53 | 57069 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:09.929860115 CET | 57659 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:09.986413956 CET | 53 | 57659 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:11.465353012 CET | 54717 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:11.513204098 CET | 53 | 54717 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:11.913475037 CET | 63975 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:11.969543934 CET | 53 | 63975 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:13.596380949 CET | 56639 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:13.655941963 CET | 53 | 56639 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:14.919383049 CET | 51856 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:14.975591898 CET | 53 | 51856 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:16.517098904 CET | 56546 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:16.576900005 CET | 53 | 56546 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:17.317095041 CET | 62152 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:17.379125118 CET | 53 | 62152 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:22.594510078 CET | 53470 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:22.650772095 CET | 53 | 53470 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:27.921185970 CET | 56446 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:27.977909088 CET | 53 | 56446 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:33.220309019 CET | 59631 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:33.277091980 CET | 53 | 59631 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:38.455576897 CET | 55515 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:38.512006044 CET | 53 | 55515 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:43.689896107 CET | 64547 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:43.746169090 CET | 53 | 64547 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:48.924525023 CET | 51759 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:48.984445095 CET | 53 | 51759 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:54.175184011 CET | 59207 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:54.234867096 CET | 53 | 59207 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 17:12:59.425617933 CET | 54269 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 17:12:59.484936953 CET | 53 | 54269 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 13, 2021 17:09:36.633502007 CET | 192.168.2.3 | 8.8.8.8 | 0x8d2b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:09:43.339847088 CET | 192.168.2.3 | 8.8.8.8 | 0xb451 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:09:48.737692118 CET | 192.168.2.3 | 8.8.8.8 | 0x9a1d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:09:54.257950068 CET | 192.168.2.3 | 8.8.8.8 | 0xa401 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:09:59.875073910 CET | 192.168.2.3 | 8.8.8.8 | 0x4d12 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:10:05.305628061 CET | 192.168.2.3 | 8.8.8.8 | 0x31b8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:10:10.680809975 CET | 192.168.2.3 | 8.8.8.8 | 0x731b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:10:16.075653076 CET | 192.168.2.3 | 8.8.8.8 | 0xdb7c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:10:21.541862011 CET | 192.168.2.3 | 8.8.8.8 | 0xed52 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:10:26.182544947 CET | 192.168.2.3 | 8.8.8.8 | 0xd7bd | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:10:26.873873949 CET | 192.168.2.3 | 8.8.8.8 | 0xeab | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:10:32.166691065 CET | 192.168.2.3 | 8.8.8.8 | 0x24d2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:10:37.515794039 CET | 192.168.2.3 | 8.8.8.8 | 0x9f9d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:10:42.785608053 CET | 192.168.2.3 | 8.8.8.8 | 0xe9b8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:10:48.068613052 CET | 192.168.2.3 | 8.8.8.8 | 0xc501 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:10:53.342681885 CET | 192.168.2.3 | 8.8.8.8 | 0xbada | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:10:58.670852900 CET | 192.168.2.3 | 8.8.8.8 | 0x9107 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:11:04.047702074 CET | 192.168.2.3 | 8.8.8.8 | 0x1e09 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:11:11.220237970 CET | 192.168.2.3 | 8.8.8.8 | 0x395e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:11:16.535574913 CET | 192.168.2.3 | 8.8.8.8 | 0x252c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:11:21.867281914 CET | 192.168.2.3 | 8.8.8.8 | 0xb9bc | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:11:27.144418955 CET | 192.168.2.3 | 8.8.8.8 | 0xdab8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:11:32.449100018 CET | 192.168.2.3 | 8.8.8.8 | 0x8966 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:11:37.825323105 CET | 192.168.2.3 | 8.8.8.8 | 0x63a5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:11:43.098982096 CET | 192.168.2.3 | 8.8.8.8 | 0x10f8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:11:48.474570036 CET | 192.168.2.3 | 8.8.8.8 | 0x6fc2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:11:53.790071011 CET | 192.168.2.3 | 8.8.8.8 | 0x5cd2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:12:01.194253922 CET | 192.168.2.3 | 8.8.8.8 | 0x25c7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:12:06.609291077 CET | 192.168.2.3 | 8.8.8.8 | 0x264f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:12:11.913475037 CET | 192.168.2.3 | 8.8.8.8 | 0x1e99 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:12:17.317095041 CET | 192.168.2.3 | 8.8.8.8 | 0x7030 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:12:22.594510078 CET | 192.168.2.3 | 8.8.8.8 | 0x8006 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:12:27.921185970 CET | 192.168.2.3 | 8.8.8.8 | 0xb879 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:12:33.220309019 CET | 192.168.2.3 | 8.8.8.8 | 0xf2bb | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:12:38.455576897 CET | 192.168.2.3 | 8.8.8.8 | 0x6341 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:12:43.689896107 CET | 192.168.2.3 | 8.8.8.8 | 0xc6af | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:12:48.924525023 CET | 192.168.2.3 | 8.8.8.8 | 0xf39f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:12:54.175184011 CET | 192.168.2.3 | 8.8.8.8 | 0xf665 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 17:12:59.425617933 CET | 192.168.2.3 | 8.8.8.8 | 0x7a69 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 13, 2021 17:09:36.703766108 CET | 8.8.8.8 | 192.168.2.3 | 0x8d2b | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:09:36.703766108 CET | 8.8.8.8 | 192.168.2.3 | 0x8d2b | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:09:43.396136045 CET | 8.8.8.8 | 192.168.2.3 | 0xb451 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:09:43.396136045 CET | 8.8.8.8 | 192.168.2.3 | 0xb451 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:09:48.799089909 CET | 8.8.8.8 | 192.168.2.3 | 0x9a1d | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:09:48.799089909 CET | 8.8.8.8 | 192.168.2.3 | 0x9a1d | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:09:54.327219009 CET | 8.8.8.8 | 192.168.2.3 | 0xa401 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:09:54.327219009 CET | 8.8.8.8 | 192.168.2.3 | 0xa401 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:09:59.922853947 CET | 8.8.8.8 | 192.168.2.3 | 0x4d12 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:09:59.922853947 CET | 8.8.8.8 | 192.168.2.3 | 0x4d12 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:05.362389088 CET | 8.8.8.8 | 192.168.2.3 | 0x31b8 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:05.362389088 CET | 8.8.8.8 | 192.168.2.3 | 0x31b8 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:10.728758097 CET | 8.8.8.8 | 192.168.2.3 | 0x731b | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:10.728758097 CET | 8.8.8.8 | 192.168.2.3 | 0x731b | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:16.134773016 CET | 8.8.8.8 | 192.168.2.3 | 0xdb7c | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:16.134773016 CET | 8.8.8.8 | 192.168.2.3 | 0xdb7c | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:21.602304935 CET | 8.8.8.8 | 192.168.2.3 | 0xed52 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:21.602304935 CET | 8.8.8.8 | 192.168.2.3 | 0xed52 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:26.246912003 CET | 8.8.8.8 | 192.168.2.3 | 0xd7bd | No error (0) | g-msn-com-nsatc.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | ||
Jan 13, 2021 17:10:26.930425882 CET | 8.8.8.8 | 192.168.2.3 | 0xeab | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:26.930425882 CET | 8.8.8.8 | 192.168.2.3 | 0xeab | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:32.223047972 CET | 8.8.8.8 | 192.168.2.3 | 0x24d2 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:32.223047972 CET | 8.8.8.8 | 192.168.2.3 | 0x24d2 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:37.566517115 CET | 8.8.8.8 | 192.168.2.3 | 0x9f9d | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:37.566517115 CET | 8.8.8.8 | 192.168.2.3 | 0x9f9d | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:42.833533049 CET | 8.8.8.8 | 192.168.2.3 | 0xe9b8 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:42.833533049 CET | 8.8.8.8 | 192.168.2.3 | 0xe9b8 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:48.124769926 CET | 8.8.8.8 | 192.168.2.3 | 0xc501 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:48.124769926 CET | 8.8.8.8 | 192.168.2.3 | 0xc501 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:53.399116993 CET | 8.8.8.8 | 192.168.2.3 | 0xbada | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:53.399116993 CET | 8.8.8.8 | 192.168.2.3 | 0xbada | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:58.729885101 CET | 8.8.8.8 | 192.168.2.3 | 0x9107 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:10:58.729885101 CET | 8.8.8.8 | 192.168.2.3 | 0x9107 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:04.105832100 CET | 8.8.8.8 | 192.168.2.3 | 0x1e09 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:04.105832100 CET | 8.8.8.8 | 192.168.2.3 | 0x1e09 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:11.268183947 CET | 8.8.8.8 | 192.168.2.3 | 0x395e | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:11.268183947 CET | 8.8.8.8 | 192.168.2.3 | 0x395e | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:16.591797113 CET | 8.8.8.8 | 192.168.2.3 | 0x252c | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:16.591797113 CET | 8.8.8.8 | 192.168.2.3 | 0x252c | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:21.917999029 CET | 8.8.8.8 | 192.168.2.3 | 0xb9bc | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:21.917999029 CET | 8.8.8.8 | 192.168.2.3 | 0xb9bc | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:27.200948954 CET | 8.8.8.8 | 192.168.2.3 | 0xdab8 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:27.200948954 CET | 8.8.8.8 | 192.168.2.3 | 0xdab8 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:32.505148888 CET | 8.8.8.8 | 192.168.2.3 | 0x8966 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:32.505148888 CET | 8.8.8.8 | 192.168.2.3 | 0x8966 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:37.884396076 CET | 8.8.8.8 | 192.168.2.3 | 0x63a5 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:37.884396076 CET | 8.8.8.8 | 192.168.2.3 | 0x63a5 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:43.155555964 CET | 8.8.8.8 | 192.168.2.3 | 0x10f8 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:43.155555964 CET | 8.8.8.8 | 192.168.2.3 | 0x10f8 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:48.533888102 CET | 8.8.8.8 | 192.168.2.3 | 0x6fc2 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:48.533888102 CET | 8.8.8.8 | 192.168.2.3 | 0x6fc2 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:53.846435070 CET | 8.8.8.8 | 192.168.2.3 | 0x5cd2 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:11:53.846435070 CET | 8.8.8.8 | 192.168.2.3 | 0x5cd2 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:01.253833055 CET | 8.8.8.8 | 192.168.2.3 | 0x25c7 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:01.253833055 CET | 8.8.8.8 | 192.168.2.3 | 0x25c7 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:06.668634892 CET | 8.8.8.8 | 192.168.2.3 | 0x264f | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:06.668634892 CET | 8.8.8.8 | 192.168.2.3 | 0x264f | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:11.969543934 CET | 8.8.8.8 | 192.168.2.3 | 0x1e99 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:11.969543934 CET | 8.8.8.8 | 192.168.2.3 | 0x1e99 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:17.379125118 CET | 8.8.8.8 | 192.168.2.3 | 0x7030 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:17.379125118 CET | 8.8.8.8 | 192.168.2.3 | 0x7030 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:22.650772095 CET | 8.8.8.8 | 192.168.2.3 | 0x8006 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:22.650772095 CET | 8.8.8.8 | 192.168.2.3 | 0x8006 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:27.977909088 CET | 8.8.8.8 | 192.168.2.3 | 0xb879 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:27.977909088 CET | 8.8.8.8 | 192.168.2.3 | 0xb879 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:33.277091980 CET | 8.8.8.8 | 192.168.2.3 | 0xf2bb | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:33.277091980 CET | 8.8.8.8 | 192.168.2.3 | 0xf2bb | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:38.512006044 CET | 8.8.8.8 | 192.168.2.3 | 0x6341 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:38.512006044 CET | 8.8.8.8 | 192.168.2.3 | 0x6341 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:43.746169090 CET | 8.8.8.8 | 192.168.2.3 | 0xc6af | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:43.746169090 CET | 8.8.8.8 | 192.168.2.3 | 0xc6af | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:48.984445095 CET | 8.8.8.8 | 192.168.2.3 | 0xf39f | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:48.984445095 CET | 8.8.8.8 | 192.168.2.3 | 0xf39f | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:54.234867096 CET | 8.8.8.8 | 192.168.2.3 | 0xf665 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:54.234867096 CET | 8.8.8.8 | 192.168.2.3 | 0xf665 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:59.484936953 CET | 8.8.8.8 | 192.168.2.3 | 0x7a69 | No error (0) | 194.5.97.173 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 17:12:59.484936953 CET | 8.8.8.8 | 192.168.2.3 | 0x7a69 | No error (0) | 23.105.131.188 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 17:09:23 |
Start date: | 13/01/2021 |
Path: | C:\Users\user\Desktop\Invoice# 77-83992-8297382 (2).exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc30000 |
File size: | 849920 bytes |
MD5 hash: | 4C67EB7B3F4EA88E5E5487ADE487DE3F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 17:09:29 |
Start date: | 13/01/2021 |
Path: | C:\Users\user\Desktop\Invoice# 77-83992-8297382 (2).exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xca0000 |
File size: | 849920 bytes |
MD5 hash: | 4C67EB7B3F4EA88E5E5487ADE487DE3F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 17:09:47 |
Start date: | 13/01/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x420000 |
File size: | 849920 bytes |
MD5 hash: | 4C67EB7B3F4EA88E5E5487ADE487DE3F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 17:09:52 |
Start date: | 13/01/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x810000 |
File size: | 849920 bytes |
MD5 hash: | 4C67EB7B3F4EA88E5E5487ADE487DE3F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 0F2E0040, Relevance: 6.0, Strings: 4, Instructions: 969COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016ACC40, Relevance: 4.7, Strings: 3, Instructions: 974COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016A34F8, Relevance: 4.6, Strings: 3, Instructions: 887COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016ACC30, Relevance: 4.1, Strings: 3, Instructions: 309COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016A8F58, Relevance: 3.1, Strings: 2, Instructions: 645COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016AE3B0, Relevance: 3.0, Strings: 2, Instructions: 451COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016AE3A0, Relevance: 2.9, Strings: 2, Instructions: 446COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016A8F4A, Relevance: 2.9, Strings: 2, Instructions: 442COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016A6C10, Relevance: .9, Instructions: 896COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E1EA8, Relevance: .6, Instructions: 580COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E4748, Relevance: .5, Instructions: 516COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016AB180, Relevance: .5, Instructions: 506COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016A9A50, Relevance: .5, Instructions: 501COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E1E9D, Relevance: .5, Instructions: 479COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016AEBA0, Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016AEB90, Relevance: .2, Instructions: 211COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016A0448, Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016AB170, Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016A9A3F, Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016A8DB1, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016A8DC0, Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E5E15, Relevance: 2.0, APIs: 1, Instructions: 533COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E4FD0, Relevance: 1.6, APIs: 1, Instructions: 99threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016A9938, Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016AE0AF, Relevance: 1.6, APIs: 1, Instructions: 97fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016AA344, Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016A8CA4, Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016ADA38, Relevance: 1.6, APIs: 1, Instructions: 95memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E4FD8, Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016AA37C, Relevance: 1.6, APIs: 1, Instructions: 86fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016AE0FA, Relevance: 1.6, APIs: 1, Instructions: 85fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E6988, Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E6990, Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD6D8, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD7C4, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD7BF, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD6D3, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD21D, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD21C, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 016AF648, Relevance: 1.6, Strings: 1, Instructions: 335COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E5368, Relevance: 1.6, Strings: 1, Instructions: 312COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E11A8, Relevance: 1.6, Strings: 1, Instructions: 312COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E4738, Relevance: .3, Instructions: 343COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E1620, Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E2930, Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0F2E35F0, Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 066B3558, Relevance: 1.7, APIs: 1, Instructions: 206COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F093E8, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F0FB20, Relevance: 1.7, APIs: 1, Instructions: 182COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F0FB98, Relevance: 1.6, APIs: 1, Instructions: 145COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F0DA04, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F0A14C, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F0BCF9, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F095C8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F0DA3C, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F0FE38, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0132D4A0, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0164D01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0132D49B, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0164D017, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB9938, Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBDA38, Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0E994FD0, Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB9940, Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBDA40, Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0E994FD8, Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBE1F7, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBA37C, Relevance: 1.6, APIs: 1, Instructions: 86fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBE0FA, Relevance: 1.6, APIs: 1, Instructions: 85fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0E996988, Relevance: 1.6, APIs: 1, Instructions: 78threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0E996990, Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0126FAA0, Relevance: 1.7, APIs: 1, Instructions: 220COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012693E8, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0126FBF8, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0126BDC1, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0126BD00, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0126BCF9, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012695C8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0126FE38, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0126FE40, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F1D4A0, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011BD01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011BD006, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F1D49B, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|