Analysis Report POEA ADVISORY ON DELISTED AGENCIES.pdf.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: NanoCore |
---|
{"Version": "1.2.2.0", "Mutex": "c4cca249-81f6-4232-9f14-01569e09f5f0", "Group": "JANUARY", "Domain1": "shahzad73.casacam.net", "Domain2": "shahzad73.ddns.net", "Port": 9036, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4#=qs2bxKs15DbteFYTMsjthM8IIAMC9Avo9uFWUE1JbxpU=", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Click to see the 12 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Click to see the 43 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Sigma detected: Scheduled temp file as task from temp location | Show sources |
Source: | Author: Joe Security: |
Sigma detected: Suspicious Double Extension | Show sources |
Source: | Author: Florian Roth (rule), @blu3_team (idea): |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Compliance: |
---|
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Contains modern PE file flags such as dynamic base (ASLR) or NX | Show sources |
Source: | Static PE information: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
E-Banking Fraud: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: |
Source: | Code function: | 0_2_00F72050 | |
Source: | Code function: | 0_2_01AACBBC | |
Source: | Code function: | 0_2_01AAEB20 | |
Source: | Code function: | 0_2_01AAEB30 | |
Source: | Code function: | 8_2_00EB2050 | |
Source: | Code function: | 8_2_030BEB20 | |
Source: | Code function: | 8_2_030BEB30 | |
Source: | Code function: | 8_2_030BCBBC | |
Source: | Code function: | 8_2_057FF008 | |
Source: | Code function: | 8_2_057FEFF7 | |
Source: | Code function: | 18_2_008D2050 | |
Source: | Code function: | 18_2_0529E471 | |
Source: | Code function: | 18_2_0529E480 | |
Source: | Code function: | 18_2_0529BBD4 | |
Source: | Code function: | 18_2_053FF5F8 | |
Source: | Code function: | 18_2_053F9788 | |
Source: | Code function: | 18_2_053FA5D0 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_01AAD4C1 | |
Source: | Code function: | 0_2_01AADBE1 | |
Source: | Code function: | 8_2_030BD4C1 | |
Source: | Code function: | 8_2_030BDBE1 | |
Source: | Code function: | 8_2_057F4219 | |
Source: | Code function: | 8_2_057F4161 | |
Source: | Code function: | 8_2_057FFF6C | |
Source: | Code function: | 18_2_053F69F9 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules | Show sources |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Uses an obfuscated file name to hide its real file extension (double extension) | Show sources |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | File opened / queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation1 | Scheduled Task/Job1 | Process Injection11 | Masquerading11 | OS Credential Dumping | Security Software Discovery21 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job1 | Boot or Logon Initialization Scripts | Scheduled Task/Job1 | Virtualization/Sandbox Evasion3 | LSASS Memory | Virtualization/Sandbox Evasion3 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Disable or Modify Tools1 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection11 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol11 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Deobfuscate/Decode Files or Information1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Hidden Files and Directories1 | Cached Domain Credentials | System Information Discovery12 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Obfuscated Files or Information12 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Software Packing13 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
9% | ReversingLabs | ByteCode-MSIL.Backdoor.NanoBot | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
9% | ReversingLabs | ByteCode-MSIL.Backdoor.NanoBot |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1110362 | Download File | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
shahzad73.casacam.net | 91.212.153.84 | true | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
91.212.153.84 | unknown | unknown | 24961 | MYLOC-ASIPBackboneofmyLocmanagedITAGDE | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 355200 |
Start date: | 19.02.2021 |
Start time: | 08:27:44 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 11m 4s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@15/11@17/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
08:28:39 | API Interceptor | |
08:29:00 | Task Scheduler |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
91.212.153.84 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
shahzad73.casacam.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
MYLOC-ASIPBackboneofmyLocmanagedITAGDE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1216 |
Entropy (8bit): | 5.355304211458859 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr |
MD5: | FED34146BF2F2FA59DCF8702FCC8232E |
SHA1: | B03BFEA175989D989850CF06FE5E7BBF56EAA00A |
SHA-256: | 123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C |
SHA-512: | 1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1640 |
Entropy (8bit): | 5.1929793820733705 |
Encrypted: | false |
SSDEEP: | 24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBrrtn:cbh47TlNQ//rydbz9I3YODOLNdq3lp |
MD5: | 777992096A9A67A264806BC484673046 |
SHA1: | B3ABDCA7929B2F4177810B5DCB140B168B9C0F88 |
SHA-256: | 83AB2C79DD7FDD193DA964ADD86534E8EC7D0EC73485107B44DE9453D15A6974 |
SHA-512: | 04754FFEFF30AA98F34EF3E0CDBE2B1BE5FF484365F95438350D7F2FB24CF7287F22AA85F6411F8902A84325BA0B5A64643D9C76CECD9B9C38E5DC51F454B0DC |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 5.143109702372082 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0mw4mrYxtn:cbk4oL600QydbQxIYODOLedq3sxrYj |
MD5: | DB01E81FC21BAD2017D4CB7505FF46F7 |
SHA1: | B5B5BF431C4C0E36EBA26B235FA9A7632F3CAE94 |
SHA-256: | 442D9A3AD817160E10905025C72E9DD9810B7179ADC27884B7AFF86A1B1905C5 |
SHA-512: | 3982F415F065F84C243A5444F5CF9D51DC715B8B5DD2781A0E048E1CBC808846CE3FA1795A282DF452BCD024A4664CBC63DDF0C0A7C5F7608E176CDEC9B91ACE |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1640 |
Entropy (8bit): | 5.1929793820733705 |
Encrypted: | false |
SSDEEP: | 24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBrrtn:cbh47TlNQ//rydbz9I3YODOLNdq3lp |
MD5: | 777992096A9A67A264806BC484673046 |
SHA1: | B3ABDCA7929B2F4177810B5DCB140B168B9C0F88 |
SHA-256: | 83AB2C79DD7FDD193DA964ADD86534E8EC7D0EC73485107B44DE9453D15A6974 |
SHA-512: | 04754FFEFF30AA98F34EF3E0CDBE2B1BE5FF484365F95438350D7F2FB24CF7287F22AA85F6411F8902A84325BA0B5A64643D9C76CECD9B9C38E5DC51F454B0DC |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1856 |
Entropy (8bit): | 7.089541637477408 |
Encrypted: | false |
SSDEEP: | 48:IknjhUknjhUknjhUknjhUknjhUknjhUknjhUknjhL:HjhDjhDjhDjhDjhDjhDjhDjhL |
MD5: | 30D23CC577A89146961915B57F408623 |
SHA1: | 9B5709D6081D8E0A570511E6E0AAE96FA041964F |
SHA-256: | E2130A72E55193D402B5F43F7F3584ECF6B423F8EC4B1B1B69AD693C7E0E5A9E |
SHA-512: | 2D5C5747FD04F8326C2CC1FB313925070BC01D3352AFA6C36C167B72757A15F58B6263D96BD606338DA055812E69DDB628A6E18D64DD59697C2F42D1C58CC687 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:gPn:gPn |
MD5: | 4E39023B090D611298C362113E4E31DE |
SHA1: | 511F5BCEF4D04F53C758ECA4F218A86D89955189 |
SHA-256: | 98426645A5E77C9AF58584E1DD9B61C57E84A477F4E4C75CB58B89725A66D943 |
SHA-512: | 3D658E57F46E31C55EF1CDDB85E4451045424677C8110A1B771B653B3CD00B95C52B9E824CCD944DD7243A2C69D1640C489BB443F6654451E97C063453B0F342 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 4.501629167387823 |
Encrypted: | false |
SSDEEP: | 3:9bzY6oRDIvYk:RzWDI3 |
MD5: | ACD3FB4310417DC77FE06F15B0E353E6 |
SHA1: | 80E7002E655EB5765FDEB21114295CB96AD9D5EB |
SHA-256: | DC3AE604991C9BB8FF8BC4502AE3D0DB8A3317512C0F432490B103B89C1A4368 |
SHA-512: | DA46A917DB6276CD4528CFE4AD113292D873CA2EBE53414730F442B83502E5FAF3D1AE87BFA295ADF01E3B44FDBCE239E21A318BFB2CCD1F4753846CB21F6F97 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 5.320159765557392 |
Encrypted: | false |
SSDEEP: | 3:9bzY6oRDIvYVsRLY6oRDT6P2bfVn1:RzWDIfRWDT621 |
MD5: | BB0F9B9992809E733EFFF8B0E562CFD6 |
SHA1: | F0BAB3CF73A04F5A689E6AFC764FEE9276992742 |
SHA-256: | C48F04FE7525AA3A3F9540889883F649726233DE021724823720A59B4F37CEAC |
SHA-512: | AE4280AA460DC1C0301D458A3A443F6884A0BE37481737B2ADAFD72C33C55F09BED88ED239C91FE6F19CA137AC3CD7C9B8454C21D3F8E759687F701C8B3C7A16 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 327768 |
Entropy (8bit): | 7.999367066417797 |
Encrypted: | true |
SSDEEP: | 6144:oX44S90aTiB66x3PlZmqze1d1wI8lkWmtjJ/3Exi:LkjbU7LjGxi |
MD5: | 2E52F446105FBF828E63CF808B721F9C |
SHA1: | 5330E54F238F46DC04C1AC62B051DB4FCD7416FB |
SHA-256: | 2F7479AA2661BD259747BC89106031C11B3A3F79F12190E7F19F5DF65B7C15C8 |
SHA-512: | C08BA0E3315E2314ECBEF38722DF834C2CB8412446A9A310F41A8F83B4AC5984FCC1B26A1D8B0D58A730FDBDD885714854BDFD04DCDF7F582FC125F552D5C3CA |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65 |
Entropy (8bit): | 4.801074305563008 |
Encrypted: | false |
SSDEEP: | 3:oNWXp5v1qgkFKqEqrFOXxghog2TJ:oNWXpFggKEQ4xgrOJ |
MD5: | 31C782D11864C78B5699327A3EABC56E |
SHA1: | 1970AECA390F142254BB6293D88A496593995289 |
SHA-256: | CA168D61590B2EBD98CEDA22CE747CF805691B00F312CFE7A9A4F77655634D0B |
SHA-512: | 9B7211D30F16FA10C951DEACE071734194930E1B926DB96610680F03FC33CB90491F0F207809F2D8EFF656CF9B325B7B0508C048256E216CFE69338509F2F9DA |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 737280 |
Entropy (8bit): | 7.456420940298375 |
Encrypted: | false |
SSDEEP: | 12288:2X9kXkXenHgjxJNmtOjaMohwWGVYMdyE2oApCJWX0HSx59B:CzfvaMomDVYMduXp8WX0yxV |
MD5: | AFCC0C7F6FADF41949E66C9325B9F843 |
SHA1: | C1562634E7D393B54606731BECAD8D4D11FCBA39 |
SHA-256: | 7DC65CB43A6491E7DA09935A8E8D20C33873FC75E370B9A701AEA0A660E85B80 |
SHA-512: | E80CB56E77D3A9532A6174A11ADC476CFEE7246D86AA47A9BF7A86DDFB23C8DCFE8C5CD580E998AEA4F1E8B324B55A9205091FEE89B1EFCCC37DD8E1829E22AA |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.456420940298375 |
TrID: |
|
File name: | POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
File size: | 737280 |
MD5: | afcc0c7f6fadf41949e66c9325b9f843 |
SHA1: | c1562634e7d393b54606731becad8d4d11fcba39 |
SHA256: | 7dc65cb43a6491e7da09935a8e8d20c33873fc75e370b9a701aea0a660e85b80 |
SHA512: | e80cb56e77d3a9532a6174a11adc476cfee7246d86aa47a9bf7a86ddfb23c8dcfe8c5cd580e998aea4f1e8b324b55a9205091fee89b1efccc37dd8e1829e22aa |
SSDEEP: | 12288:2X9kXkXenHgjxJNmtOjaMohwWGVYMdyE2oApCJWX0HSx59B:CzfvaMomDVYMduXp8WX0yxV |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R]/`..............0..2..........NQ... ...`....@.. ....................................@................................ |
File Icon |
---|
Icon Hash: | 60c8ada8f2f0f8b1 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x48514e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x602F5D52 [Fri Feb 19 06:40:18 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x850fc | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x86000 | 0x30954 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xb8000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x83154 | 0x83200 | False | 0.759942504766 | data | 7.55881445378 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x86000 | 0x30954 | 0x30a00 | False | 0.759715416131 | data | 6.98866635189 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xb8000 | 0xc | 0x200 | False | 0.044921875 | data | 0.0980041756627 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x861c0 | 0x172f0 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x9d4c0 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xadcf8 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 65535, next used block 4294901760 | ||
RT_ICON | 0xb1f30 | 0x25a8 | data | ||
RT_ICON | 0xb44e8 | 0x10a8 | data | ||
RT_ICON | 0xb55a0 | 0x988 | data | ||
RT_ICON | 0xb5f38 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0xb63b0 | 0x68 | data | ||
RT_VERSION | 0xb6428 | 0x32c | data | ||
RT_MANIFEST | 0xb6764 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | 2017-2021 |
Assembly Version | 4.4.2.0 |
InternalName | gWyum.exe |
FileVersion | 4.3.0.0 |
CompanyName | |
LegalTrademarks | |
Comments | |
ProductName | |
ProductVersion | 4.3.0.0 |
FileDescription | |
OriginalFilename | gWyum.exe |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
02/19/21-08:29:02.061101 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:29:10.080046 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:29:16.963290 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:29:22.141016 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:29:29.045681 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49709 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:29:35.289931 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49710 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:29:41.351260 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49711 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:29:46.711502 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49712 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:29:53.506531 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:30:00.348934 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
02/19/21-08:30:00.409002 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49714 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:30:06.563861 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:30:13.530474 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:30:20.851223 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49717 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:30:26.882120 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:30:33.073518 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:30:40.144853 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49720 | 9036 | 192.168.2.3 | 91.212.153.84 |
02/19/21-08:30:45.115632 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49721 | 9036 | 192.168.2.3 | 91.212.153.84 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 19, 2021 08:29:01.919277906 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:01.973613024 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:01.973773003 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.061100960 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.131288052 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.143557072 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.200113058 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.223546028 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.313024044 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.330741882 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.330770016 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.330789089 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.330801964 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.330866098 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.330903053 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.385577917 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.385646105 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.385723114 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.385737896 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.385773897 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.385821104 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.385822058 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.385863066 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.385905027 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.385941029 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.385945082 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.385991096 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.405123949 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.440217018 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440247059 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440263987 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440284967 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440310001 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440325975 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.440336943 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440351009 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.440361023 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440382004 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440397024 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440406084 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.440417051 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.440419912 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440443039 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.440447092 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440473080 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440473080 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.440494061 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440509081 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440521955 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440536022 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.440546036 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.440589905 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.440613985 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.487221003 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.496881008 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.496916056 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.496939898 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.496963024 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.496989965 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497013092 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497013092 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.497037888 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497039080 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.497061014 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497080088 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497100115 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497121096 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497147083 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497168064 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.497172117 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497196913 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.497216940 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497239113 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497263908 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497288942 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497293949 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.497309923 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497319937 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.497338057 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497363091 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.497364044 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497409105 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497438908 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497462034 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497487068 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497512102 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497535944 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.497536898 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497562885 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497570992 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.497591972 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497592926 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.497618914 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497642994 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497667074 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497690916 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.497693062 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.497736931 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.497757912 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.555321932 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555382013 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555422068 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555457115 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555491924 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555526018 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555527925 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.555561066 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555592060 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555598974 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.555624962 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.555627108 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555648088 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.555660963 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555701017 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555736065 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555767059 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555779934 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.555789948 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.555799961 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555835009 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555866003 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555898905 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555910110 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.555929899 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.555943966 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.555972099 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556008101 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556009054 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556044102 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556062937 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556076050 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556107998 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556138039 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556138992 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556173086 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556206942 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556237936 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556246042 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556262016 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556281090 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556310892 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556341887 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556365967 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556372881 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556405067 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556416035 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556436062 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556466103 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556503057 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556504011 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556539059 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556569099 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556569099 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556601048 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556602001 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556634903 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556649923 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556664944 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556696892 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556719065 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556726933 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556765079 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556799889 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556828976 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556850910 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556859970 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556891918 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.556891918 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556925058 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.556936026 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.557022095 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.613015890 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613070965 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613110065 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613140106 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613178015 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613229036 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613261938 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613262892 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.613301992 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.613301992 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613306999 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.613343954 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613401890 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613426924 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.613456011 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613498926 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613538027 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613573074 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613610983 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613648891 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613677025 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613697052 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.613715887 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.613717079 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613720894 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.613730907 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.613755941 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613796949 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613816023 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.613835096 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613874912 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613894939 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.613914013 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613954067 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.613962889 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.613992929 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614013910 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.614025116 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614058018 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614087105 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614105940 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.614126921 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614151955 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.614164114 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614201069 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614234924 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614260912 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.614284039 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614324093 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614329100 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.614363909 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614379883 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.614396095 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614423990 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614454031 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614489079 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614490032 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.614506006 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.614530087 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614566088 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614604950 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614634991 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614640951 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.614671946 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614677906 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.614702940 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614733934 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.614742041 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614780903 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614810944 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.614810944 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.614871025 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.669569016 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.669642925 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.669703007 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.669753075 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.669760942 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.669821024 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.669864893 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.669894934 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.669912100 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.669919014 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.669970989 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670012951 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670027971 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.670053959 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670104980 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670145988 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670159101 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.670186996 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670191050 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.670243025 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670293093 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670336008 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670350075 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.670383930 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.670389891 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670434952 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670474052 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670523882 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670526981 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.670567989 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670572042 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.670608044 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670667887 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670732021 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670775890 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670792103 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.670835018 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670881987 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670886040 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.670923948 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.670950890 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.670978069 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671005964 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.671040058 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671093941 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.671106100 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671152115 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671188116 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671241045 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.671241999 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671288013 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671292067 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.671341896 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671389103 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671427011 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671439886 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.671483040 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.671487093 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671534061 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671571970 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671622992 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671631098 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.671675920 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.671678066 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671722889 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671762943 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671794891 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.671813011 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671868086 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.671869040 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.671930075 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.672024012 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726038933 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726070881 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726092100 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726110935 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726133108 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726145983 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726161003 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726174116 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726188898 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726211071 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726228952 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726248980 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726268053 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726284027 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726306915 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726325989 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726339102 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726355076 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726380110 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726402998 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726419926 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726437092 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726454973 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726454020 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726469994 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726491928 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726510048 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726527929 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726550102 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726555109 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726562977 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726564884 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726583004 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726588964 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726594925 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726607084 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726619959 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726625919 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726634979 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726639032 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726644039 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726645947 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726648092 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726653099 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726658106 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726663113 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726663113 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726667881 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726686954 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726707935 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726717949 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726726055 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726749897 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726767063 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726778030 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726783991 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726797104 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726810932 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726810932 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726828098 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726846933 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726855993 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726864100 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726869106 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726886988 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726905107 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726924896 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726926088 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726943016 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726960897 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.726962090 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726978064 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.726985931 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727004051 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727020979 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727040052 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.727041006 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727058887 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727076054 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727076054 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.727096081 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.727097988 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727116108 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727118969 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.727137089 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727158070 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727160931 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.727174997 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727196932 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727210045 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.727217913 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727240086 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:02.727258921 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:02.727297068 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:03.459528923 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:03.536926031 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:04.120488882 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:04.207180023 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:04.307820082 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:04.372729063 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:04.378571987 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:04.423396111 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:04.426840067 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:04.426948071 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:04.463267088 CET | 9036 | 49704 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:04.464560032 CET | 49704 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:09.983340025 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:10.037822962 CET | 9036 | 49706 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:10.037929058 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:10.080045938 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:10.140798092 CET | 9036 | 49706 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:10.141163111 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:10.195467949 CET | 9036 | 49706 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:10.198400974 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:10.270468950 CET | 9036 | 49706 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:10.410238028 CET | 9036 | 49706 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:10.411487103 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:10.467789888 CET | 9036 | 49706 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:10.495366096 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:10.551038027 CET | 9036 | 49706 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:10.551120996 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:10.607606888 CET | 9036 | 49706 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:10.685795069 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:10.883754015 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:10.980906963 CET | 9036 | 49706 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:11.103023052 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:11.198040962 CET | 9036 | 49706 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:11.201463938 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:11.298957109 CET | 9036 | 49706 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:11.957849979 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:12.050900936 CET | 9036 | 49706 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:12.603955030 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:12.691653013 CET | 9036 | 49706 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:12.779802084 CET | 49706 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:16.906140089 CET | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:16.962603092 CET | 9036 | 49707 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:16.962744951 CET | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:16.963289976 CET | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:17.022942066 CET | 9036 | 49707 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:17.186368942 CET | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:17.240576029 CET | 9036 | 49707 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:17.240881920 CET | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:17.295422077 CET | 9036 | 49707 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:17.296964884 CET | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:17.379730940 CET | 9036 | 49707 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:17.473331928 CET | 9036 | 49707 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:17.474281073 CET | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:17.528547049 CET | 9036 | 49707 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:17.529699087 CET | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:17.585433960 CET | 9036 | 49707 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:17.585505962 CET | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:17.640983105 CET | 9036 | 49707 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:17.686350107 CET | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:17.697675943 CET | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:17.750855923 CET | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:17.777306080 CET | 9036 | 49707 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:17.777369976 CET | 49707 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:22.086282969 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:22.140275955 CET | 9036 | 49708 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:22.140356064 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:22.141016006 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:22.203185081 CET | 9036 | 49708 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:22.203480959 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:22.257822990 CET | 9036 | 49708 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:22.259327888 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:22.336553097 CET | 9036 | 49708 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:22.450515985 CET | 9036 | 49708 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:22.453397036 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:22.512238026 CET | 9036 | 49708 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:22.529211044 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:22.583591938 CET | 9036 | 49708 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:22.583846092 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:22.638509989 CET | 9036 | 49708 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:22.686856985 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:22.817106962 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:22.904234886 CET | 9036 | 49708 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:22.904390097 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:22.997972965 CET | 9036 | 49708 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:23.078603029 CET | 9036 | 49708 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:23.187093973 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:23.780462980 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:23.877902031 CET | 9036 | 49708 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:24.751085997 CET | 49708 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:28.988178968 CET | 49709 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:29.043334961 CET | 9036 | 49709 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:29.045228958 CET | 49709 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:29.045681000 CET | 49709 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:29.121815920 CET | 9036 | 49709 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:29.122287989 CET | 49709 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:29.177778006 CET | 9036 | 49709 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:29.180635929 CET | 49709 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:29.254679918 CET | 9036 | 49709 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:29.256506920 CET | 49709 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:29.346630096 CET | 9036 | 49709 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:29.440572023 CET | 9036 | 49709 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:29.442734003 CET | 49709 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:29.498430014 CET | 9036 | 49709 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:29.502846003 CET | 49709 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:29.565810919 CET | 9036 | 49709 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:29.566036940 CET | 49709 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:29.620239973 CET | 9036 | 49709 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:29.672293901 CET | 49709 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:30.110167980 CET | 49709 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:30.207003117 CET | 9036 | 49709 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:31.125804901 CET | 49709 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:35.234193087 CET | 49710 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:35.288551092 CET | 9036 | 49710 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:35.288729906 CET | 49710 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:35.289931059 CET | 49710 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:35.361320019 CET | 9036 | 49710 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:35.365355015 CET | 9036 | 49710 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:35.366579056 CET | 49710 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:35.420933008 CET | 9036 | 49710 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:35.444152117 CET | 49710 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:35.524966955 CET | 9036 | 49710 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:35.628592968 CET | 9036 | 49710 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:35.630726099 CET | 49710 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:35.684889078 CET | 9036 | 49710 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:35.698045015 CET | 49710 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:35.752517939 CET | 9036 | 49710 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:35.752731085 CET | 49710 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:35.806997061 CET | 9036 | 49710 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:35.859824896 CET | 49710 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:36.157757044 CET | 49710 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:36.244776964 CET | 9036 | 49710 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:37.187477112 CET | 49710 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:41.295594931 CET | 49711 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:41.350023031 CET | 9036 | 49711 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:41.350168943 CET | 49711 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:41.351259947 CET | 49711 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:41.409332991 CET | 9036 | 49711 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:41.454019070 CET | 49711 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:41.508172035 CET | 9036 | 49711 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:41.508841038 CET | 49711 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:41.566473961 CET | 9036 | 49711 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:41.608371019 CET | 49711 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:41.699371099 CET | 9036 | 49711 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:41.817068100 CET | 9036 | 49711 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:41.818321943 CET | 49711 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:41.887336016 CET | 9036 | 49711 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:41.938371897 CET | 49711 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:41.994708061 CET | 9036 | 49711 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:42.017719984 CET | 49711 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:42.072182894 CET | 9036 | 49711 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:42.072269917 CET | 49711 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:42.126876116 CET | 9036 | 49711 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:42.159650087 CET | 49711 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:42.173271894 CET | 49711 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:46.655400038 CET | 49712 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:46.709943056 CET | 9036 | 49712 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:46.710107088 CET | 49712 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:46.711502075 CET | 49712 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:46.774528980 CET | 9036 | 49712 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:46.775291920 CET | 49712 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:46.830620050 CET | 9036 | 49712 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:46.831718922 CET | 49712 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:46.902890921 CET | 9036 | 49712 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:47.051919937 CET | 9036 | 49712 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:47.078015089 CET | 49712 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:47.132360935 CET | 9036 | 49712 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:47.159820080 CET | 49712 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:47.214473009 CET | 9036 | 49712 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:47.214668989 CET | 49712 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:47.270693064 CET | 9036 | 49712 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:47.313854933 CET | 49712 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:47.481493950 CET | 9036 | 49712 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:47.532675028 CET | 49712 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:48.188287973 CET | 49712 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:48.286338091 CET | 9036 | 49712 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:49.158428907 CET | 49712 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:53.450308084 CET | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:53.505347967 CET | 9036 | 49713 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:53.505631924 CET | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:53.506531000 CET | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:53.579271078 CET | 9036 | 49713 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:53.579624891 CET | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:53.638353109 CET | 9036 | 49713 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:53.639800072 CET | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:53.711540937 CET | 9036 | 49713 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:53.831491947 CET | 9036 | 49713 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:53.833489895 CET | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:53.887712955 CET | 9036 | 49713 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:53.889739990 CET | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:53.944190979 CET | 9036 | 49713 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:53.944365025 CET | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:53.998743057 CET | 9036 | 49713 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:54.048758030 CET | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:54.205585957 CET | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:54.288120985 CET | 9036 | 49713 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:55.222194910 CET | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:55.320055962 CET | 9036 | 49713 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:55.571888924 CET | 9036 | 49713 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:29:55.627115011 CET | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:29:56.257805109 CET | 49713 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:00.350213051 CET | 49714 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:00.407711029 CET | 9036 | 49714 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:00.407855034 CET | 49714 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:00.409002066 CET | 49714 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:00.474877119 CET | 9036 | 49714 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:00.478048086 CET | 49714 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:00.542347908 CET | 9036 | 49714 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:00.544090033 CET | 49714 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:00.617326975 CET | 9036 | 49714 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:00.742816925 CET | 9036 | 49714 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:00.765690088 CET | 49714 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:00.819868088 CET | 9036 | 49714 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:00.861912012 CET | 49714 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:00.871886015 CET | 49714 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:00.927814007 CET | 9036 | 49714 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:00.927922010 CET | 49714 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:00.982182026 CET | 9036 | 49714 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:01.011130095 CET | 49714 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:01.114062071 CET | 9036 | 49714 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:01.280473948 CET | 49714 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:01.364028931 CET | 9036 | 49714 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:02.253366947 CET | 49714 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:06.508393049 CET | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:06.562874079 CET | 9036 | 49715 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:06.563002110 CET | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:06.563860893 CET | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:06.636379004 CET | 9036 | 49715 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:06.637870073 CET | 9036 | 49715 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:06.638183117 CET | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:06.692543983 CET | 9036 | 49715 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:06.736643076 CET | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:06.826955080 CET | 9036 | 49715 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:06.942708969 CET | 9036 | 49715 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:06.987587929 CET | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:07.021440029 CET | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:07.041939020 CET | 9036 | 49715 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:07.096839905 CET | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:07.116028070 CET | 9036 | 49715 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:07.116206884 CET | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:07.170761108 CET | 9036 | 49715 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:07.221885920 CET | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:07.278076887 CET | 9036 | 49715 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:07.316808939 CET | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:07.398226976 CET | 9036 | 49715 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:08.316610098 CET | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:08.402199984 CET | 9036 | 49715 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:09.332954884 CET | 49715 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:13.470944881 CET | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:13.527017117 CET | 9036 | 49716 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:13.529468060 CET | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:13.530473948 CET | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:13.601816893 CET | 9036 | 49716 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:13.604125023 CET | 9036 | 49716 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:13.604530096 CET | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:13.658970118 CET | 9036 | 49716 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:13.662111044 CET | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:13.744421959 CET | 9036 | 49716 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:13.877537012 CET | 9036 | 49716 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:13.879626036 CET | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:13.934021950 CET | 9036 | 49716 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:13.938426971 CET | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:13.993226051 CET | 9036 | 49716 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:13.993377924 CET | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:14.047821999 CET | 9036 | 49716 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:14.097384930 CET | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:14.241306067 CET | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:14.331809044 CET | 9036 | 49716 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:14.331947088 CET | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:14.426105022 CET | 9036 | 49716 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:15.375168085 CET | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:15.473364115 CET | 9036 | 49716 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:16.663664103 CET | 49716 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:20.796267033 CET | 49717 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:20.850440979 CET | 9036 | 49717 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:20.850553989 CET | 49717 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:20.851222992 CET | 49717 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:20.921191931 CET | 9036 | 49717 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:20.930078030 CET | 9036 | 49717 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:20.961602926 CET | 49717 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:21.016196966 CET | 9036 | 49717 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:21.024096966 CET | 49717 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:21.098071098 CET | 9036 | 49717 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:21.231129885 CET | 9036 | 49717 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:21.232012033 CET | 49717 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:21.289043903 CET | 9036 | 49717 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:21.291157961 CET | 49717 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:21.345628023 CET | 9036 | 49717 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:21.345840931 CET | 49717 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:21.400249004 CET | 9036 | 49717 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:21.441721916 CET | 49717 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:21.661473989 CET | 49717 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:21.754029989 CET | 9036 | 49717 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:22.707932949 CET | 49717 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:26.821206093 CET | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:26.875552893 CET | 9036 | 49718 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:26.875663996 CET | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:26.882119894 CET | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:26.950611115 CET | 9036 | 49718 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:26.950908899 CET | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:27.007299900 CET | 9036 | 49718 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:27.009886980 CET | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:27.083904982 CET | 9036 | 49718 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:27.220484972 CET | 9036 | 49718 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:27.222851038 CET | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:27.297024965 CET | 9036 | 49718 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:27.303738117 CET | 9036 | 49718 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:27.348588943 CET | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:27.402784109 CET | 9036 | 49718 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:27.403553963 CET | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:27.458117008 CET | 9036 | 49718 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:27.458323956 CET | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:27.517541885 CET | 9036 | 49718 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:27.567332029 CET | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:27.755779028 CET | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:27.843029976 CET | 9036 | 49718 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:27.860480070 CET | 9036 | 49718 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:27.911093950 CET | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:28.773684978 CET | 49718 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:33.017607927 CET | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:33.072047949 CET | 9036 | 49719 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:33.072227001 CET | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:33.073518038 CET | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:33.138605118 CET | 9036 | 49719 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:33.139023066 CET | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:33.193941116 CET | 9036 | 49719 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:33.235979080 CET | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:33.309504032 CET | 9036 | 49719 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:33.451356888 CET | 9036 | 49719 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:33.453211069 CET | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:33.508040905 CET | 9036 | 49719 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:33.509128094 CET | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:33.563451052 CET | 9036 | 49719 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:33.563690901 CET | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:33.618247032 CET | 9036 | 49719 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:33.661622047 CET | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:33.846024036 CET | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:33.936283112 CET | 9036 | 49719 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:34.880917072 CET | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:34.971702099 CET | 9036 | 49719 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:35.912259102 CET | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:35.926022053 CET | 9036 | 49719 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:35.927366972 CET | 49719 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:40.089308023 CET | 49720 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:40.144212008 CET | 9036 | 49720 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:40.144330978 CET | 49720 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:40.144853115 CET | 49720 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:40.201514959 CET | 9036 | 49720 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:40.255769014 CET | 49720 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:40.311836958 CET | 9036 | 49720 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:40.312196970 CET | 49720 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:40.368104935 CET | 9036 | 49720 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:40.369309902 CET | 49720 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:40.441756010 CET | 9036 | 49720 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:40.569037914 CET | 9036 | 49720 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:40.569875956 CET | 49720 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:40.625216007 CET | 9036 | 49720 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:40.627347946 CET | 49720 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:40.681691885 CET | 9036 | 49720 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:40.681776047 CET | 49720 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:40.737848997 CET | 9036 | 49720 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:40.787059069 CET | 49720 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:40.940174103 CET | 49720 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:45.057050943 CET | 49721 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:45.114389896 CET | 9036 | 49721 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:45.114506006 CET | 49721 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:45.115632057 CET | 49721 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:45.180963993 CET | 9036 | 49721 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:45.181346893 CET | 49721 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:45.236012936 CET | 9036 | 49721 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:45.238490105 CET | 49721 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:45.309725046 CET | 9036 | 49721 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:45.438605070 CET | 9036 | 49721 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:45.444413900 CET | 49721 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:45.499042988 CET | 9036 | 49721 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:45.501333952 CET | 49721 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:45.556688070 CET | 9036 | 49721 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:45.556907892 CET | 49721 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:45.612320900 CET | 9036 | 49721 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:45.662524939 CET | 49721 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:45.913337946 CET | 49721 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:46.004260063 CET | 9036 | 49721 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:50.172724962 CET | 9036 | 49721 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:50.225444078 CET | 49721 | 9036 | 192.168.2.3 | 91.212.153.84 |
Feb 19, 2021 08:30:52.099715948 CET | 9036 | 49721 | 91.212.153.84 | 192.168.2.3 |
Feb 19, 2021 08:30:52.150736094 CET | 49721 | 9036 | 192.168.2.3 | 91.212.153.84 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 19, 2021 08:28:27.224858999 CET | 54130 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:27.273535967 CET | 53 | 54130 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:27.997459888 CET | 56961 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:28.048942089 CET | 53 | 56961 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:28.863488913 CET | 59353 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:28.912303925 CET | 53 | 59353 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:29.780390024 CET | 52238 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:29.829252005 CET | 53 | 52238 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:30.740947962 CET | 49873 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:30.798202038 CET | 53 | 49873 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:31.648437977 CET | 53196 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:31.705548048 CET | 53 | 53196 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:32.460208893 CET | 56777 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:32.509670973 CET | 53 | 56777 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:33.398242950 CET | 58643 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:33.447192907 CET | 53 | 58643 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:34.237569094 CET | 60985 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:34.286365986 CET | 53 | 60985 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:35.094224930 CET | 50200 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:35.142950058 CET | 53 | 50200 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:36.064620972 CET | 51281 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:36.116375923 CET | 53 | 51281 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:36.900111914 CET | 49199 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:36.951569080 CET | 53 | 49199 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:37.739857912 CET | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:37.788585901 CET | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:38.581501961 CET | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:38.634124994 CET | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:39.479787111 CET | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:39.532752037 CET | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:40.411381960 CET | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:40.460160017 CET | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:41.224673986 CET | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:41.276295900 CET | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:28:42.049659967 CET | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:28:42.098371983 CET | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:29:01.675496101 CET | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:29:01.887367964 CET | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:29:02.817702055 CET | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:29:02.878144026 CET | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:29:09.924968958 CET | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:29:09.982163906 CET | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:29:16.821532965 CET | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:29:16.878875017 CET | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:29:21.874450922 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:29:22.083720922 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:29:28.810173988 CET | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:29:28.986932993 CET | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:29:35.175757885 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:29:35.232852936 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:29:41.236505985 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:29:41.293612957 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:29:46.592783928 CET | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:29:46.654160023 CET | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:29:53.388196945 CET | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:29:53.447899103 CET | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:30:00.291894913 CET | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:30:00.348933935 CET | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:30:06.291666031 CET | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:30:06.506647110 CET | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:30:13.401871920 CET | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:30:13.452063084 CET | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:30:20.736202002 CET | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:30:20.793597937 CET | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:30:26.761276007 CET | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:30:26.818576097 CET | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:30:32.958008051 CET | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:30:33.015305996 CET | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:30:39.961554050 CET | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:30:40.018662930 CET | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Feb 19, 2021 08:30:45.000926971 CET | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 19, 2021 08:30:45.054364920 CET | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 19, 2021 08:29:01.675496101 CET | 192.168.2.3 | 8.8.8.8 | 0x727b | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:29:09.924968958 CET | 192.168.2.3 | 8.8.8.8 | 0x190f | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:29:16.821532965 CET | 192.168.2.3 | 8.8.8.8 | 0x9f6d | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:29:21.874450922 CET | 192.168.2.3 | 8.8.8.8 | 0x23c4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:29:28.810173988 CET | 192.168.2.3 | 8.8.8.8 | 0x394b | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:29:35.175757885 CET | 192.168.2.3 | 8.8.8.8 | 0x8e9b | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:29:41.236505985 CET | 192.168.2.3 | 8.8.8.8 | 0xa15a | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:29:46.592783928 CET | 192.168.2.3 | 8.8.8.8 | 0xb63b | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:29:53.388196945 CET | 192.168.2.3 | 8.8.8.8 | 0x5312 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:30:00.291894913 CET | 192.168.2.3 | 8.8.8.8 | 0x8a94 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:30:06.291666031 CET | 192.168.2.3 | 8.8.8.8 | 0x7d5e | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:30:13.401871920 CET | 192.168.2.3 | 8.8.8.8 | 0xc0d7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:30:20.736202002 CET | 192.168.2.3 | 8.8.8.8 | 0x7b91 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:30:26.761276007 CET | 192.168.2.3 | 8.8.8.8 | 0x12a4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:30:32.958008051 CET | 192.168.2.3 | 8.8.8.8 | 0x8845 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:30:39.961554050 CET | 192.168.2.3 | 8.8.8.8 | 0x8c6e | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 19, 2021 08:30:45.000926971 CET | 192.168.2.3 | 8.8.8.8 | 0x8ae | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 19, 2021 08:29:01.887367964 CET | 8.8.8.8 | 192.168.2.3 | 0x727b | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:29:09.982163906 CET | 8.8.8.8 | 192.168.2.3 | 0x190f | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:29:16.878875017 CET | 8.8.8.8 | 192.168.2.3 | 0x9f6d | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:29:22.083720922 CET | 8.8.8.8 | 192.168.2.3 | 0x23c4 | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:29:28.986932993 CET | 8.8.8.8 | 192.168.2.3 | 0x394b | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:29:35.232852936 CET | 8.8.8.8 | 192.168.2.3 | 0x8e9b | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:29:41.293612957 CET | 8.8.8.8 | 192.168.2.3 | 0xa15a | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:29:46.654160023 CET | 8.8.8.8 | 192.168.2.3 | 0xb63b | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:29:53.447899103 CET | 8.8.8.8 | 192.168.2.3 | 0x5312 | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:30:00.348933935 CET | 8.8.8.8 | 192.168.2.3 | 0x8a94 | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:30:06.506647110 CET | 8.8.8.8 | 192.168.2.3 | 0x7d5e | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:30:13.452063084 CET | 8.8.8.8 | 192.168.2.3 | 0xc0d7 | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:30:20.793597937 CET | 8.8.8.8 | 192.168.2.3 | 0x7b91 | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:30:26.818576097 CET | 8.8.8.8 | 192.168.2.3 | 0x12a4 | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:30:33.015305996 CET | 8.8.8.8 | 192.168.2.3 | 0x8845 | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:30:40.018662930 CET | 8.8.8.8 | 192.168.2.3 | 0x8c6e | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) | ||
Feb 19, 2021 08:30:45.054364920 CET | 8.8.8.8 | 192.168.2.3 | 0x8ae | No error (0) | 91.212.153.84 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 08:28:32 |
Start date: | 19/02/2021 |
Path: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf70000 |
File size: | 737280 bytes |
MD5 hash: | AFCC0C7F6FADF41949E66C9325B9F843 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 08:28:55 |
Start date: | 19/02/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xba0000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 08:28:55 |
Start date: | 19/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 08:28:56 |
Start date: | 19/02/2021 |
Path: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7f0000 |
File size: | 737280 bytes |
MD5 hash: | AFCC0C7F6FADF41949E66C9325B9F843 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 08:28:59 |
Start date: | 19/02/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf00000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 08:28:59 |
Start date: | 19/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 08:29:00 |
Start date: | 19/02/2021 |
Path: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7ff7ca4e0000 |
File size: | 737280 bytes |
MD5 hash: | AFCC0C7F6FADF41949E66C9325B9F843 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 08:29:20 |
Start date: | 19/02/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8f0000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 08:29:20 |
Start date: | 19/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 08:29:21 |
Start date: | 19/02/2021 |
Path: | C:\Users\user\Desktop\POEA ADVISORY ON DELISTED AGENCIES.pdf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8d0000 |
File size: | 737280 bytes |
MD5 hash: | AFCC0C7F6FADF41949E66C9325B9F843 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AA9D50, Relevance: 1.7, APIs: 1, Instructions: 191COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AA5364, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AA3E58, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AAC270, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AAC268, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AA9F30, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0172D3D8, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0173D1D4, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0173D01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0172D3D3, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0173D017, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0173D1CF, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0172D745, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0172D744, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00F72050, Relevance: 1.4, Instructions: 1409COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AAEB30, Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AACBBC, Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AAEB20, Relevance: .2, Instructions: 223COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 030B9D50, Relevance: 1.7, APIs: 1, Instructions: 195COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030B5364, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030B3E58, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057FD178, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057FD180, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030BB44C, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030BC268, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057FA658, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057FA660, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030B9F30, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0171D3D8, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CD01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CD1D4, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CD006, Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0171D3D3, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CD1CF, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0171D745, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0171D744, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 052993E8, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0529FB61, Relevance: 1.7, APIs: 1, Instructions: 160COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0529DA04, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053F45F4, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053F3474, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053F2470, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053FB898, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0529FE02, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0529A14C, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0529BCF9, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053FA504, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053FE6D8, Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053F32D8, Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053FD238, Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052995C8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0529DA3C, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053FA548, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053F1540, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053F50D4, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053FC3D0, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053FDC60, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053FF3D8, Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053FBC59, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0128D4A0, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0128D3B4, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0129D01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0128D3AF, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0128D49B, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0129D017, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|