Analysis Report document.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Click to see the 2 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Click to see the 3 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Sigma detected: Scheduled temp file as task from temp location | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Compliance: |
---|
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Uses new MSVCR Dlls | Show sources |
Source: | File opened: | Jump to behavior |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking: |
---|
Uses dynamic DNS services | Show sources |
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Executable has a suspicious name (potential lure to open the executable) | Show sources |
Source: | Static file information: |
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: |
Source: | Process Stats: |
Source: | Code function: | 1_2_0028B200 | |
Source: | Code function: | 1_2_00287270 | |
Source: | Code function: | 1_2_00289CE0 | |
Source: | Code function: | 1_2_002844C0 | |
Source: | Code function: | 1_2_00288370 | |
Source: | Code function: | 27_2_024B01B7 | |
Source: | Code function: | 30_2_053301B7 | |
Source: | Code function: | 32_2_053E01B7 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 1_2_0028F8BB |
Source: | Code function: | 1_2_0028ED08 | |
Source: | Code function: | 30_2_02C3076A |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules | Show sources |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 1_2_0028FC26 |
Source: | Code function: | 1_2_0028F8BB |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_0028FC26 | |
Source: | Code function: | 1_2_0028F363 | |
Source: | Code function: | 1_2_0028DBBE |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_0028EE9F |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Detected Nanocore Rat | Show sources |
Source: | String found in binary or memory: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scheduled Task/Job1 | Scheduled Task/Job1 | Process Injection212 | Masquerading2 | Input Capture1 | System Time Discovery1 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | DLL Side-Loading1 | Scheduled Task/Job1 | Virtualization/Sandbox Evasion2 | LSASS Memory | Security Software Discovery11 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | DLL Side-Loading1 | Disable or Modify Tools1 | Security Account Manager | Virtualization/Sandbox Evasion2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Remote Access Software1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection212 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Hidden Files and Directories1 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol11 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information1 | Cached Domain Credentials | System Information Discovery3 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Software Packing1 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | DLL Side-Loading1 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
88% | ReversingLabs | Win32.Trojan.Azorult | ||
100% | Avira | HEUR/AGEN.1121608 | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1121608 | Download File | ||
100% | Avira | HEUR/AGEN.1121608 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
abdul2u.ddns.net | 79.134.225.122 | true | true | unknown |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356144 |
Start date: | 22.02.2021 |
Start time: | 16:35:06 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 14m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | document.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 40 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@15/10@38/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
16:37:38 | Autostart | |
16:37:39 | Task Scheduler | |
16:37:40 | API Interceptor | |
16:37:42 | Task Scheduler |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
79.134.225.110 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
79.134.225.122 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
abdul2u.ddns.net | Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
FINK-TELECOM-SERVICESCH | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
FINK-TELECOM-SERVICESCH | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53248 |
Entropy (8bit): | 4.490095782293901 |
Encrypted: | false |
SSDEEP: | 768:0P2Bbv+VazyoD2z9TU//1mz1+M9GnLEu+2wTFRJS8Ulg:HJv46yoD2BTNz1+M9GLfOw8UO |
MD5: | 529695608EAFBED00ACA9E61EF333A7C |
SHA1: | 68CA8B6D8E74FA4F4EE603EB862E36F2A73BC1E5 |
SHA-256: | 44F129DE312409D8A2DF55F655695E1D48D0DB6F20C5C7803EB0032D8E6B53D0 |
SHA-512: | 8FE476E0185B2B0C66F34E51899B932CB35600C753D36FE102BDA5894CDAA58410044E0A30FDBEF76A285C2C75018D7C5A9BA0763D45EC605C2BBD1EBB9ED674 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20 |
Entropy (8bit): | 3.6841837197791887 |
Encrypted: | false |
SSDEEP: | 3:QHXMKas:Q3Las |
MD5: | B3AC9D09E3A47D5FD00C37E075A70ECB |
SHA1: | AD14E6D0E07B00BD10D77A06D68841B20675680B |
SHA-256: | 7A23C6E7CCD8811ECDF038D3A89D5C7D68ED37324BAE2D4954125D9128FA9432 |
SHA-512: | 09B609EE1061205AA45B3C954EFC6C1A03C8FD6B3011FF88CF2C060E19B1D7FD51EE0CB9D02A39310125F3A66AA0146261BDEE3D804F472034DF711BC942E316 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20 |
Entropy (8bit): | 3.6841837197791887 |
Encrypted: | false |
SSDEEP: | 3:QHXMKas:Q3Las |
MD5: | B3AC9D09E3A47D5FD00C37E075A70ECB |
SHA1: | AD14E6D0E07B00BD10D77A06D68841B20675680B |
SHA-256: | 7A23C6E7CCD8811ECDF038D3A89D5C7D68ED37324BAE2D4954125D9128FA9432 |
SHA-512: | 09B609EE1061205AA45B3C954EFC6C1A03C8FD6B3011FF88CF2C060E19B1D7FD51EE0CB9D02A39310125F3A66AA0146261BDEE3D804F472034DF711BC942E316 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1319 |
Entropy (8bit): | 5.133606110275315 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0mne5xtn:cbk4oL600QydbQxIYODOLedq3Ze5j |
MD5: | C6F0625BF4C1CDFB699980C9243D3B22 |
SHA1: | 43DE1FE580576935516327F17B5DA0C656C72851 |
SHA-256: | 8DFC4E937F0B2374E3CED25FCE344B0731CF44B8854625B318D50ECE2DA8F576 |
SHA-512: | 9EF2DBD4142AD0E1E6006929376ECB8011E7FFC801EE2101E906787D70325AD82752DF65839DE9972391FA52E1E5974EC1A5C7465A88AA56257633EBB7D70969 |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310 |
Entropy (8bit): | 5.109425792877704 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j |
MD5: | 5C2F41CFC6F988C859DA7D727AC2B62A |
SHA1: | 68999C85FC7E37BAB9216E0099836D40D4545C1C |
SHA-256: | 98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B |
SHA-512: | B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:9in:w |
MD5: | 4404174C1B769670A5A19334FCA38266 |
SHA1: | DA1B0E55A4E8548AF5820DF6378DD4A9A44971D1 |
SHA-256: | 3A8A6467970123C36B0ACBE5659ADF0D9924C68BB565B64E973518A87C06C7E6 |
SHA-512: | 5AB62DEAF1D10E25378314F44C62170DED8AB14F16BB9450B58E156B2F290762B01984A80DFA54263D89D36643F747CB78B50DF6D64301701396072DB19E2CE3 |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 56 |
Entropy (8bit): | 4.787365359936823 |
Encrypted: | false |
SSDEEP: | 3:oMty8WbSXgL4A:oMLWuQL4A |
MD5: | EFD1636CFC3CC38FD7BABAE5CAC9EDE0 |
SHA1: | 4D7D378ABEB682EEFBD039930C0EA996FBF54178 |
SHA-256: | F827D5B11C1EB3902D601C3E0B59BA32FE11C0B573FBF22FB2AF86BFD4651BBA |
SHA-512: | 69B2B0AB1A6E13395EF52DCB903B8E17D842E6D0D44F801FF2659CFD5EC343C8CC57928B02961FC7099AD43FF05633BAF5AC39042A00C8676D4FA8F6F8C2A5D7 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1010 |
Entropy (8bit): | 4.298581893109255 |
Encrypted: | false |
SSDEEP: | 24:zKTDwL/0XZd3Wo3opQ5ZKBQFYVgt7ovrNOYlK:zKTDwAXZxo4ABV+SrUYE |
MD5: | 367EEEC425FE7E80B723298C447E2F22 |
SHA1: | 3873DFC88AF504FF79231FE2BF0E3CD93CE45195 |
SHA-256: | 481A7A3CA0DD32DA4772718BA4C1EF3F01E8D184FE82CF6E9C5386FD343264BC |
SHA-512: | F7101541D87F045E9DBC45941CDC5A7F97F3EFC29AC0AF2710FC24FA64F0163F9463DE373A5D2BE1270126829DE81006FB8E764186374966E8D0E9BB35B7D7D6 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.562048565874239 |
TrID: |
|
File name: | document.exe |
File size: | 320595 |
MD5: | a777ee74f09e40b1e32ff3007eb89d14 |
SHA1: | 1de57a7c6dc4821ce07a57d4963deadf3bb9b4ff |
SHA256: | b6afddd574a0d7a3686a9d40bed40387914f3d45f9dd2e6a8962fd9ceae8b755 |
SHA512: | 4ac57b62ae762565725e9ccc533c5221fc3ec165f265132da4bce75094bb74636946dbf9e56ea123a48b3800da9486bcea63285e58512f7b5a721f6b953cde81 |
SSDEEP: | 6144:793puKfSbitErTqTkmgcKq2e3B0sYE5P17s7TomYn70XaN5L+FYUdp:nuqtqSkmgcKqHBP5tSo7/KuUz |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(.k.I.8.I.8.I.8.?t8.I.8.?A8.I.8.1L8.I.8.I.8.I.8.?u8.I.8.?E8.I.8.?B8.I.8Rich.I.8........................PE..L......]........... |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x40db72 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE |
Time Stamp: | 0x5DB2FEEC [Fri Oct 25 13:55:56 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | ad727357155f2158504db1cb9482d9b1 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007F34EC36C40Dh |
jmp 00007F34EC36AF6Eh |
mov edi, edi |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
mov eax, dword ptr [eax] |
cmp dword ptr [eax], E06D7363h |
jne 00007F34EC36B10Ch |
cmp dword ptr [eax+10h], 03h |
jne 00007F34EC36B106h |
mov eax, dword ptr [eax+14h] |
cmp eax, 19930520h |
je 00007F34EC36B0F7h |
cmp eax, 19930521h |
je 00007F34EC36B0F0h |
cmp eax, 19930522h |
je 00007F34EC36B0E9h |
cmp eax, 01994000h |
jne 00007F34EC36B0E7h |
call 00007F34EC36C467h |
xor eax, eax |
pop ebp |
retn 0004h |
push 0040DB7Ch |
call dword ptr [00412098h] |
xor eax, eax |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
push 0041240Ch |
call dword ptr [004120A0h] |
test eax, eax |
je 00007F34EC36B0F7h |
push 004123FCh |
push eax |
call dword ptr [0041209Ch] |
test eax, eax |
je 00007F34EC36B0E7h |
push dword ptr [ebp+08h] |
call eax |
pop ebp |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
push dword ptr [ebp+08h] |
call 00007F34EC36B0ADh |
pop ecx |
push dword ptr [ebp+08h] |
call dword ptr [004120A4h] |
int3 |
push 00000008h |
call 00007F34EC36C5CDh |
pop ecx |
ret |
push 00000008h |
call 00007F34EC36C4EBh |
pop ecx |
ret |
mov edi, edi |
push esi |
call 00007F34EC36BCDAh |
mov esi, eax |
push esi |
call 00007F34EC36C9A2h |
push esi |
call 00007F34EC36C802h |
push esi |
call 00007F34EC36B0EDh |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x13cdc | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x18000 | 0x310 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x19000 | 0x14bc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x13ae0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x12000 | 0x168 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x10c42 | 0x10e00 | False | 0.49955150463 | data | 6.21379336576 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x12000 | 0x251a | 0x2600 | False | 0.343544407895 | data | 4.92885915543 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x15000 | 0x2400 | 0x1600 | False | 0.297940340909 | PGP\011Secret Sub-key - | 4.02678593401 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x18000 | 0x310 | 0x400 | False | 0.3740234375 | data | 2.65405558594 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x19000 | 0x169c | 0x1800 | False | 0.7255859375 | data | 6.32911431671 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x18060 | 0x2b0 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSACM32.dll | XRegThunkEntry, acmFormatTagDetailsA, acmStreamReset, acmStreamUnprepareHeader, acmDriverClose, acmFormatDetailsW, acmStreamConvert, acmGetVersion, acmStreamOpen, acmFormatEnumW, acmDriverEnum, acmStreamClose, acmFormatDetailsA, acmDriverID, acmFilterTagDetailsW, acmDriverRemove |
GLU32.dll | gluLookAt, gluBeginTrim, gluNewNurbsRenderer, gluTessBeginContour, gluBeginCurve, gluNurbsCurve, gluLoadSamplingMatrices, gluBuild2DMipmaps, gluPartialDisk, gluQuadricNormals, gluBeginPolygon, gluEndCurve, gluTessEndPolygon, gluQuadricOrientation, gluDeleteQuadric, gluGetTessProperty, gluTessNormal |
KERNEL32.dll | GetCurrentProcess, HeapFree, Sleep, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, RtlUnwind, WideCharToMultiByte, HeapSize, HeapAlloc, HeapReAlloc, IsProcessorFeaturePresent, LCMapStringW, MultiByteToWideChar, GetStringTypeW, SetHandleCount, GetCommandLineW, HeapSetInformation, GetStartupInfoW, SetUnhandledExceptionFilter, GetProcAddress, GetModuleHandleW, ExitProcess, DecodePointer, WriteFile, GetStdHandle, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, GetLastError, InterlockedDecrement, HeapCreate, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LeaveCriticalSection, EnterCriticalSection, LoadLibraryW, UnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright (C) Street 2019 |
InternalName | copastors.exe |
FileVersion | 8.5.5.2 |
CompanyName | amrit |
ProductName | vanes |
ProductVersion | 3.3.0.6 |
FileDescription | rocketlike |
OriginalFilename | pursuit's.exe |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2021 16:37:41.265849113 CET | 49737 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:41.351079941 CET | 6735 | 49737 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:41.861848116 CET | 49737 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:41.946278095 CET | 6735 | 49737 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:42.454593897 CET | 49737 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:42.537456036 CET | 6735 | 49737 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:46.675965071 CET | 49738 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:46.759013891 CET | 6735 | 49738 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:47.267448902 CET | 49738 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:47.351768970 CET | 6735 | 49738 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:47.861155033 CET | 49738 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:47.943890095 CET | 6735 | 49738 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:51.958003998 CET | 49739 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:52.040967941 CET | 6735 | 49739 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:52.549143076 CET | 49739 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:52.634360075 CET | 6735 | 49739 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:53.142852068 CET | 49739 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:53.227966070 CET | 6735 | 49739 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:57.823545933 CET | 49741 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:37:57.910815954 CET | 6735 | 49741 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:37:58.424524069 CET | 49741 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:37:58.510298014 CET | 6735 | 49741 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:37:59.018342972 CET | 49741 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:37:59.104568005 CET | 6735 | 49741 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:04.832668066 CET | 49743 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:04.915301085 CET | 6735 | 49743 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:05.425388098 CET | 49743 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:05.508040905 CET | 6735 | 49743 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:06.019125938 CET | 49743 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:06.103596926 CET | 6735 | 49743 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:10.680164099 CET | 49744 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:10.765731096 CET | 6735 | 49744 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:11.269349098 CET | 49744 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:11.356842041 CET | 6735 | 49744 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:11.863219976 CET | 49744 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:11.959744930 CET | 6735 | 49744 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:15.975316048 CET | 49745 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:16.061193943 CET | 6735 | 49745 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:16.566814899 CET | 49745 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:16.650237083 CET | 6735 | 49745 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:17.160432100 CET | 49745 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:17.243114948 CET | 6735 | 49745 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:21.257806063 CET | 49746 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:21.342331886 CET | 6735 | 49746 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:21.848464966 CET | 49746 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:21.931258917 CET | 6735 | 49746 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:22.442207098 CET | 49746 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:22.524801016 CET | 6735 | 49746 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:27.659423113 CET | 49747 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:27.744829893 CET | 6735 | 49747 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:28.255315065 CET | 49747 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:28.343302965 CET | 6735 | 49747 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:28.848983049 CET | 49747 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:28.933620930 CET | 6735 | 49747 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:33.255836010 CET | 49748 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:33.338984966 CET | 6735 | 49748 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:33.849450111 CET | 49748 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:33.943784952 CET | 6735 | 49748 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:34.458800077 CET | 49748 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:34.541537046 CET | 6735 | 49748 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:39.982991934 CET | 49751 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:40.065711021 CET | 6735 | 49751 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:40.569189072 CET | 49751 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:40.652091980 CET | 6735 | 49751 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:41.157509089 CET | 49751 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:41.240215063 CET | 6735 | 49751 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:45.705579996 CET | 49760 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:45.790061951 CET | 6735 | 49760 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:46.299804926 CET | 49760 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:46.384030104 CET | 6735 | 49760 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:46.893640041 CET | 49760 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:46.976705074 CET | 6735 | 49760 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:50.990186930 CET | 49761 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:51.077205896 CET | 6735 | 49761 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:51.582006931 CET | 49761 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:51.667587042 CET | 6735 | 49761 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:52.175306082 CET | 49761 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:52.262377977 CET | 6735 | 49761 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:56.272594929 CET | 49762 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:56.358114004 CET | 6735 | 49762 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:56.863210917 CET | 49762 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:56.953525066 CET | 6735 | 49762 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:57.457262039 CET | 49762 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:57.544751883 CET | 6735 | 49762 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:01.630726099 CET | 49763 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:01.713717937 CET | 6735 | 49763 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:02.219719887 CET | 49763 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:02.305814028 CET | 6735 | 49763 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:02.816864967 CET | 49763 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:02.899641991 CET | 6735 | 49763 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:07.174407005 CET | 49764 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:07.259198904 CET | 6735 | 49764 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:07.770442963 CET | 49764 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:07.856234074 CET | 6735 | 49764 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:08.364450932 CET | 49764 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:08.449368000 CET | 6735 | 49764 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:12.829657078 CET | 49765 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:12.914236069 CET | 6735 | 49765 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:13.427114964 CET | 49765 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:13.513720036 CET | 6735 | 49765 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:14.020910978 CET | 49765 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:14.105542898 CET | 6735 | 49765 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:18.788086891 CET | 49766 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:18.872082949 CET | 6735 | 49766 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:19.380703926 CET | 49766 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:19.465245008 CET | 6735 | 49766 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:19.974500895 CET | 49766 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:20.061059952 CET | 6735 | 49766 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:24.071616888 CET | 49767 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:24.154493093 CET | 6735 | 49767 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:24.662679911 CET | 49767 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:24.752763987 CET | 6735 | 49767 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:25.256222963 CET | 49767 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:25.340483904 CET | 6735 | 49767 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:29.399816036 CET | 49768 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:29.483690023 CET | 6735 | 49768 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:29.991556883 CET | 49768 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:30.074203968 CET | 6735 | 49768 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:30.584929943 CET | 49768 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:30.667433977 CET | 6735 | 49768 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:34.681330919 CET | 49769 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:34.765521049 CET | 6735 | 49769 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:35.272835970 CET | 49769 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:35.355391979 CET | 6735 | 49769 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:35.866728067 CET | 49769 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:35.951967001 CET | 6735 | 49769 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:40.363678932 CET | 49770 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:40.446398020 CET | 6735 | 49770 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:40.960766077 CET | 49770 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:41.046376944 CET | 6735 | 49770 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:41.554557085 CET | 49770 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:41.637079000 CET | 6735 | 49770 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:45.751378059 CET | 49771 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:45.833897114 CET | 6735 | 49771 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:46.336106062 CET | 49771 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:46.420419931 CET | 6735 | 49771 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:46.929883957 CET | 49771 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:47.013734102 CET | 6735 | 49771 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:51.180561066 CET | 49772 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:51.272497892 CET | 6735 | 49772 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:51.774059057 CET | 49772 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:51.859098911 CET | 6735 | 49772 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:52.367873907 CET | 49772 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:52.453677893 CET | 6735 | 49772 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:56.465352058 CET | 49773 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:56.552809954 CET | 6735 | 49773 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:57.055735111 CET | 49773 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:57.144337893 CET | 6735 | 49773 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:57.649617910 CET | 49773 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:57.736232042 CET | 6735 | 49773 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:01.745665073 CET | 49774 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:01.828164101 CET | 6735 | 49774 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:02.337620020 CET | 49774 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:02.422254086 CET | 6735 | 49774 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:02.931900978 CET | 49774 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:03.014691114 CET | 6735 | 49774 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:07.027165890 CET | 49775 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:07.111968040 CET | 6735 | 49775 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:07.619328022 CET | 49775 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:07.701865911 CET | 6735 | 49775 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:08.213143110 CET | 49775 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:08.296113968 CET | 6735 | 49775 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:12.464298010 CET | 49776 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:12.547127008 CET | 6735 | 49776 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:13.057357073 CET | 49776 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:13.142188072 CET | 6735 | 49776 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:13.651043892 CET | 49776 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:13.733855009 CET | 6735 | 49776 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:17.879625082 CET | 49777 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:17.962308884 CET | 6735 | 49777 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:18.463910103 CET | 49777 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:18.548459053 CET | 6735 | 49777 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:19.057672024 CET | 49777 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:19.142476082 CET | 6735 | 49777 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:23.286740065 CET | 49778 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:23.375710964 CET | 6735 | 49778 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:23.886178970 CET | 49778 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:23.971679926 CET | 6735 | 49778 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:24.480045080 CET | 49778 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:24.565500975 CET | 6735 | 49778 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:28.576493025 CET | 49779 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:28.662720919 CET | 6735 | 49779 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:29.167828083 CET | 49779 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:29.250236034 CET | 6735 | 49779 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:29.761688948 CET | 49779 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:29.847273111 CET | 6735 | 49779 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:33.857784033 CET | 49780 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:33.942672968 CET | 6735 | 49780 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:34.449579954 CET | 49780 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:34.533864021 CET | 6735 | 49780 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:35.043303967 CET | 49780 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:35.126971006 CET | 6735 | 49780 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:39.158191919 CET | 49786 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:39.243407011 CET | 6735 | 49786 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:39.746974945 CET | 49786 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:39.832365036 CET | 6735 | 49786 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:40.340676069 CET | 49786 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:40:42.252574921 CET | 6735 | 49786 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:40:46.394459963 CET | 49787 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:46.478682041 CET | 6735 | 49787 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:46.981901884 CET | 49787 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:47.065749884 CET | 6735 | 49787 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:47.575737953 CET | 49787 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:47.661545992 CET | 6735 | 49787 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:51.801398993 CET | 49788 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:51.891751051 CET | 6735 | 49788 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:52.404236078 CET | 49788 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:52.491836071 CET | 6735 | 49788 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:52.998105049 CET | 49788 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:53.085536003 CET | 6735 | 49788 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:57.210335970 CET | 49789 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:57.297274113 CET | 6735 | 49789 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:57.810966015 CET | 49789 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:57.896116018 CET | 6735 | 49789 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:40:58.397306919 CET | 49789 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:40:58.482759953 CET | 6735 | 49789 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:02.500359058 CET | 49790 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:02.584822893 CET | 6735 | 49790 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:03.092663050 CET | 49790 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:03.176239014 CET | 6735 | 49790 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:03.686414003 CET | 49790 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:03.771680117 CET | 6735 | 49790 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:07.781748056 CET | 49791 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:07.867499113 CET | 6735 | 49791 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:08.374341011 CET | 49791 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:08.460228920 CET | 6735 | 49791 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:08.968070030 CET | 49791 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:09.051665068 CET | 6735 | 49791 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:13.063797951 CET | 49792 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:13.150260925 CET | 6735 | 49792 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:13.656028986 CET | 49792 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:13.740535975 CET | 6735 | 49792 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:14.250330925 CET | 49792 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:14.335127115 CET | 6735 | 49792 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:18.468359947 CET | 49793 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:18.551918030 CET | 6735 | 49793 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:19.063266993 CET | 49793 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:19.145616055 CET | 6735 | 49793 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:19.656446934 CET | 49793 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:19.739213943 CET | 6735 | 49793 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:23.890239954 CET | 49794 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:23.972954035 CET | 6735 | 49794 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:24.485169888 CET | 49794 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:24.568448067 CET | 6735 | 49794 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:25.078785896 CET | 49794 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:25.161748886 CET | 6735 | 49794 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:29.289813995 CET | 49795 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:29.377227068 CET | 6735 | 49795 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:29.891704082 CET | 49795 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:29.977304935 CET | 6735 | 49795 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:30.485466003 CET | 49795 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:30.574641943 CET | 6735 | 49795 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:34.580969095 CET | 49796 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:34.666637897 CET | 6735 | 49796 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:35.173455954 CET | 49796 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:35.255948067 CET | 6735 | 49796 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:35.767302990 CET | 49796 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:35.850351095 CET | 6735 | 49796 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:39.863442898 CET | 49797 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:39.946221113 CET | 6735 | 49797 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:40.455075026 CET | 49797 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:40.538131952 CET | 6735 | 49797 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:41.049029112 CET | 49797 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:41.131576061 CET | 6735 | 49797 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:45.144648075 CET | 49798 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:45.229547977 CET | 6735 | 49798 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:45.736857891 CET | 49798 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:45.822379112 CET | 6735 | 49798 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:46.330662012 CET | 49798 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:41:46.413201094 CET | 6735 | 49798 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:41:50.550515890 CET | 49799 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:50.635427952 CET | 6735 | 49799 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:51.143465996 CET | 49799 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:51.225992918 CET | 6735 | 49799 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:51.737371922 CET | 49799 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:51.822271109 CET | 6735 | 49799 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:56.747231007 CET | 49800 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:56.830044031 CET | 6735 | 49800 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:57.331517935 CET | 49800 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:57.414783955 CET | 6735 | 49800 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:41:57.925441027 CET | 49800 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:41:58.008085966 CET | 6735 | 49800 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:02.161240101 CET | 49801 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:02.246711016 CET | 6735 | 49801 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:02.753798962 CET | 49801 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:02.838016033 CET | 6735 | 49801 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:03.347853899 CET | 49801 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:03.430543900 CET | 6735 | 49801 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:07.443870068 CET | 49802 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:07.526566982 CET | 6735 | 49802 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:08.035742998 CET | 49802 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:08.118216991 CET | 6735 | 49802 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:08.629396915 CET | 49802 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:08.715110064 CET | 6735 | 49802 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:12.725701094 CET | 49803 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:12.810347080 CET | 6735 | 49803 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:13.317225933 CET | 49803 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:13.403754950 CET | 6735 | 49803 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:13.911014080 CET | 49803 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:13.994980097 CET | 6735 | 49803 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:18.007433891 CET | 49804 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:21.020983934 CET | 49804 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:21.103629112 CET | 6735 | 49804 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:21.614962101 CET | 49804 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:21.697711945 CET | 6735 | 49804 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:25.820298910 CET | 49805 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:25.905709982 CET | 6735 | 49805 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:26.412050009 CET | 49805 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:26.497672081 CET | 6735 | 49805 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:27.005829096 CET | 49805 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:27.100511074 CET | 6735 | 49805 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:31.224142075 CET | 49806 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:31.309962034 CET | 6735 | 49806 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:31.818803072 CET | 49806 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:31.913810015 CET | 6735 | 49806 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:32.428270102 CET | 49806 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:32.515896082 CET | 6735 | 49806 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:36.655400038 CET | 49807 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:36.740386963 CET | 6735 | 49807 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:37.241194010 CET | 49807 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:37.323884010 CET | 6735 | 49807 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:37.835066080 CET | 49807 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:37.917867899 CET | 6735 | 49807 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:41.936211109 CET | 49808 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:42.022686958 CET | 6735 | 49808 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:42.522854090 CET | 49808 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:42.608274937 CET | 6735 | 49808 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:43.116770983 CET | 49808 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:43.204020977 CET | 6735 | 49808 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:47.212028980 CET | 49809 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:47.296271086 CET | 6735 | 49809 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:47.804517031 CET | 49809 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:47.887290001 CET | 6735 | 49809 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:48.398494959 CET | 49809 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:48.481472015 CET | 6735 | 49809 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:52.495285034 CET | 49810 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:52.578104973 CET | 6735 | 49810 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:53.086251020 CET | 49810 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:53.170449972 CET | 6735 | 49810 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:53.680154085 CET | 49810 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:42:53.762841940 CET | 6735 | 49810 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:42:57.890275955 CET | 49811 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:57.975069046 CET | 6735 | 49811 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:58.477241039 CET | 49811 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:58.561856031 CET | 6735 | 49811 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:42:59.071151972 CET | 49811 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:42:59.244839907 CET | 6735 | 49811 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:04.398864985 CET | 49812 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:04.481595039 CET | 6735 | 49812 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:04.993611097 CET | 49812 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:05.078454971 CET | 6735 | 49812 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:05.587372065 CET | 49812 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:05.672136068 CET | 6735 | 49812 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:09.799690008 CET | 49813 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:09.884185076 CET | 6735 | 49813 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:10.384538889 CET | 49813 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:10.468967915 CET | 6735 | 49813 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:10.978758097 CET | 49813 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:11.061350107 CET | 6735 | 49813 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:15.073987961 CET | 49814 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:15.158596992 CET | 6735 | 49814 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:15.666349888 CET | 49814 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:15.750287056 CET | 6735 | 49814 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:16.260075092 CET | 49814 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:16.342817068 CET | 6735 | 49814 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:20.357201099 CET | 49815 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:20.439913988 CET | 6735 | 49815 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:20.947887897 CET | 49815 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:21.030261040 CET | 6735 | 49815 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:21.541747093 CET | 49815 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:21.628309011 CET | 6735 | 49815 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:25.637546062 CET | 49816 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:25.722138882 CET | 6735 | 49816 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:26.229584932 CET | 49816 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:26.321644068 CET | 6735 | 49816 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:26.823518038 CET | 49816 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:26.906115055 CET | 6735 | 49816 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:31.023932934 CET | 49818 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:34.027110100 CET | 49818 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:34.111931086 CET | 6735 | 49818 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:34.621129990 CET | 49818 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:34.707328081 CET | 6735 | 49818 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:38.830506086 CET | 49819 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:38.917118073 CET | 6735 | 49819 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:39.418246984 CET | 49819 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:39.507075071 CET | 6735 | 49819 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:40.012003899 CET | 49819 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:40.108509064 CET | 6735 | 49819 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:44.250483036 CET | 49820 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:44.337832928 CET | 6735 | 49820 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:44.840517998 CET | 49820 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:44.926175117 CET | 6735 | 49820 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:45.434309006 CET | 49820 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:43:45.519597054 CET | 6735 | 49820 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:43:49.550520897 CET | 49821 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:49.636090040 CET | 6735 | 49821 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:50.138024092 CET | 49821 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:50.223572969 CET | 6735 | 49821 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:50.731656075 CET | 49821 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:50.824476004 CET | 6735 | 49821 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:54.829148054 CET | 49822 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:54.912941933 CET | 6735 | 49822 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:55.419704914 CET | 49822 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:55.504168034 CET | 6735 | 49822 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:43:56.013492107 CET | 49822 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:43:56.096296072 CET | 6735 | 49822 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:44:00.115221977 CET | 49824 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:44:00.197978020 CET | 6735 | 49824 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:44:00.701208115 CET | 49824 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:44:00.785846949 CET | 6735 | 49824 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:44:01.295101881 CET | 49824 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:44:01.381647110 CET | 6735 | 49824 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:44:05.494327068 CET | 49825 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:44:05.577300072 CET | 6735 | 49825 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:44:06.092360973 CET | 49825 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:44:06.178255081 CET | 6735 | 49825 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:44:06.686357975 CET | 49825 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:44:06.769035101 CET | 6735 | 49825 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:44:10.909105062 CET | 49826 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:44:10.991624117 CET | 6735 | 49826 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:44:11.499164104 CET | 49826 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:44:11.583204985 CET | 6735 | 49826 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:44:12.092958927 CET | 49826 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:44:12.177256107 CET | 6735 | 49826 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:44:16.248730898 CET | 49827 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:44:16.333668947 CET | 6735 | 49827 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:44:16.843425035 CET | 49827 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:44:16.930808067 CET | 6735 | 49827 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:44:17.437287092 CET | 49827 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:44:17.520648956 CET | 6735 | 49827 | 79.134.225.122 | 192.168.2.3 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2021 16:35:44.134577990 CET | 51281 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:44.194158077 CET | 53 | 51281 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:44.995738029 CET | 49199 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:45.057395935 CET | 53 | 49199 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:45.070014000 CET | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:45.121330023 CET | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:47.044949055 CET | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:47.098675966 CET | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:47.841288090 CET | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:47.893359900 CET | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:49.203057051 CET | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:49.260643005 CET | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:50.388456106 CET | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:50.440010071 CET | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:51.557723999 CET | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:51.606522083 CET | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:52.813244104 CET | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:52.866415977 CET | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:53.837300062 CET | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:53.885967970 CET | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:54.702124119 CET | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:54.750946999 CET | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:55.639770031 CET | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:55.691358089 CET | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:56.572483063 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:56.621201038 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:57.328089952 CET | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:57.376915932 CET | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:58.478420973 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:58.527216911 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:59.605261087 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:59.655752897 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:36:00.384371996 CET | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:36:00.436095953 CET | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:36:01.513987064 CET | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:36:01.565565109 CET | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:36:02.318938017 CET | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:36:02.370206118 CET | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:36:26.169513941 CET | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:36:26.229196072 CET | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:36:39.877182007 CET | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:36:39.928191900 CET | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:36:45.340117931 CET | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:36:45.390225887 CET | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:37:02.755458117 CET | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:37:02.813621044 CET | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:37:19.631803036 CET | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:37:19.705322981 CET | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:37:25.851689100 CET | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:37:25.915015936 CET | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:37:56.192703009 CET | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:37:56.244393110 CET | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:37:57.741082907 CET | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:37:57.800082922 CET | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:37:58.161919117 CET | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:37:58.236344099 CET | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:03.483975887 CET | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:04.472764969 CET | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:04.830853939 CET | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:10.613826036 CET | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:10.678647041 CET | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:33.188601017 CET | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:33.254252911 CET | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:38.848980904 CET | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:38.900855064 CET | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:39.357125044 CET | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:39.416624069 CET | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:39.923942089 CET | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:39.970954895 CET | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:39.981759071 CET | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:40.031236887 CET | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:40.407587051 CET | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:40.457740068 CET | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:40.837980986 CET | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:40.897216082 CET | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:41.366401911 CET | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:41.416395903 CET | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:41.864088058 CET | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:41.924083948 CET | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:42.492415905 CET | 56338 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:42.549807072 CET | 53 | 56338 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:43.205632925 CET | 59420 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:43.256567001 CET | 53 | 59420 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:43.648096085 CET | 58784 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:43.706830025 CET | 53 | 58784 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:45.641515017 CET | 63978 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:45.703701973 CET | 53 | 63978 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:39:07.114648104 CET | 62938 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:39:07.173084974 CET | 53 | 62938 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:39:12.765547991 CET | 55708 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:39:12.824115992 CET | 53 | 55708 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:39:18.728935957 CET | 56803 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:39:18.785767078 CET | 53 | 56803 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:39:40.300434113 CET | 57145 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:39:40.362126112 CET | 53 | 57145 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:39:45.689848900 CET | 55359 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:39:45.747180939 CET | 53 | 55359 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:39:51.113612890 CET | 58306 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:39:51.178608894 CET | 53 | 58306 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:12.389492035 CET | 64124 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:12.446680069 CET | 53 | 64124 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:17.814945936 CET | 49361 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:17.878400087 CET | 53 | 49361 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:23.220724106 CET | 63150 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:23.283564091 CET | 53 | 63150 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:36.408612013 CET | 53279 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:36.468389034 CET | 53 | 53279 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:36.919315100 CET | 56881 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:36.984726906 CET | 53 | 56881 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:37.783770084 CET | 53642 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:37.836837053 CET | 53 | 53642 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:38.307068110 CET | 55667 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:38.371927023 CET | 53 | 55667 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:38.660815954 CET | 54833 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:38.747956991 CET | 53 | 54833 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:46.330249071 CET | 62476 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:46.391926050 CET | 53 | 62476 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:51.740901947 CET | 49705 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:51.799696922 CET | 53 | 49705 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:57.151721001 CET | 61477 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:57.208571911 CET | 53 | 61477 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:41:18.408799887 CET | 61633 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:41:18.465759993 CET | 53 | 61633 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:41:23.823635101 CET | 55949 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:41:23.888911009 CET | 53 | 55949 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:41:29.228153944 CET | 57601 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:41:29.287206888 CET | 53 | 57601 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:41:50.490130901 CET | 49342 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:41:50.549242973 CET | 53 | 49342 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:41:56.674190044 CET | 56253 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:41:56.736052990 CET | 53 | 56253 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:42:02.100918055 CET | 49667 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:42:02.159964085 CET | 53 | 49667 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:42:25.759594917 CET | 55439 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:42:25.816840887 CET | 53 | 55439 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:42:31.159904003 CET | 57069 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:42:31.221770048 CET | 53 | 57069 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:42:36.591656923 CET | 57659 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:42:36.653882027 CET | 53 | 57659 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:42:57.825150967 CET | 54717 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:42:57.885962963 CET | 53 | 54717 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:03.303792000 CET | 63975 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:04.337645054 CET | 63975 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:04.396392107 CET | 53 | 63975 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:09.741367102 CET | 56639 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:09.798619986 CET | 53 | 56639 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:27.663825035 CET | 51856 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:27.717261076 CET | 53 | 51856 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:30.960230112 CET | 56546 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:31.021744967 CET | 53 | 56546 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:38.770631075 CET | 62152 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:38.829248905 CET | 53 | 62152 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:44.189871073 CET | 53470 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:44.248924017 CET | 53 | 53470 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:57.884694099 CET | 56446 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:57.952442884 CET | 53 | 56446 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:44:05.433654070 CET | 59631 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:44:05.492403984 CET | 53 | 59631 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:44:10.846462965 CET | 55515 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:44:10.898217916 CET | 53 | 55515 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:44:16.187978983 CET | 64547 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:44:16.248155117 CET | 53 | 64547 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 22, 2021 16:37:57.741082907 CET | 192.168.2.3 | 8.8.8.8 | 0x3ac6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:38:03.483975887 CET | 192.168.2.3 | 8.8.8.8 | 0x8c81 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:38:04.472764969 CET | 192.168.2.3 | 8.8.8.8 | 0x8c81 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:38:10.613826036 CET | 192.168.2.3 | 8.8.8.8 | 0x578 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:38:33.188601017 CET | 192.168.2.3 | 8.8.8.8 | 0x962a | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:38:39.923942089 CET | 192.168.2.3 | 8.8.8.8 | 0x2d71 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:38:45.641515017 CET | 192.168.2.3 | 8.8.8.8 | 0x9460 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:39:07.114648104 CET | 192.168.2.3 | 8.8.8.8 | 0x88ca | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:39:12.765547991 CET | 192.168.2.3 | 8.8.8.8 | 0x1299 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:39:18.728935957 CET | 192.168.2.3 | 8.8.8.8 | 0x9b5d | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:39:40.300434113 CET | 192.168.2.3 | 8.8.8.8 | 0x1f50 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:39:45.689848900 CET | 192.168.2.3 | 8.8.8.8 | 0x7479 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:39:51.113612890 CET | 192.168.2.3 | 8.8.8.8 | 0x36bf | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:40:12.389492035 CET | 192.168.2.3 | 8.8.8.8 | 0x9d5c | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:40:17.814945936 CET | 192.168.2.3 | 8.8.8.8 | 0x181a | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:40:23.220724106 CET | 192.168.2.3 | 8.8.8.8 | 0x8ae3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:40:46.330249071 CET | 192.168.2.3 | 8.8.8.8 | 0x302f | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:40:51.740901947 CET | 192.168.2.3 | 8.8.8.8 | 0x8df5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:40:57.151721001 CET | 192.168.2.3 | 8.8.8.8 | 0x83e9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:41:18.408799887 CET | 192.168.2.3 | 8.8.8.8 | 0x4d77 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:41:23.823635101 CET | 192.168.2.3 | 8.8.8.8 | 0x7e7c | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:41:29.228153944 CET | 192.168.2.3 | 8.8.8.8 | 0x965f | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:41:50.490130901 CET | 192.168.2.3 | 8.8.8.8 | 0x90ea | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:41:56.674190044 CET | 192.168.2.3 | 8.8.8.8 | 0x6374 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:42:02.100918055 CET | 192.168.2.3 | 8.8.8.8 | 0xff70 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:42:25.759594917 CET | 192.168.2.3 | 8.8.8.8 | 0x2b5c | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:42:31.159904003 CET | 192.168.2.3 | 8.8.8.8 | 0x8c0f | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:42:36.591656923 CET | 192.168.2.3 | 8.8.8.8 | 0x27eb | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:42:57.825150967 CET | 192.168.2.3 | 8.8.8.8 | 0xf454 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:43:03.303792000 CET | 192.168.2.3 | 8.8.8.8 | 0x6bb8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:43:04.337645054 CET | 192.168.2.3 | 8.8.8.8 | 0x6bb8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:43:09.741367102 CET | 192.168.2.3 | 8.8.8.8 | 0x7e7b | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:43:30.960230112 CET | 192.168.2.3 | 8.8.8.8 | 0xa7ff | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:43:38.770631075 CET | 192.168.2.3 | 8.8.8.8 | 0x96b7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:43:44.189871073 CET | 192.168.2.3 | 8.8.8.8 | 0x96e7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:44:05.433654070 CET | 192.168.2.3 | 8.8.8.8 | 0xf053 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:44:10.846462965 CET | 192.168.2.3 | 8.8.8.8 | 0xf92e | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:44:16.187978983 CET | 192.168.2.3 | 8.8.8.8 | 0x9a1e | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 22, 2021 16:37:57.800082922 CET | 8.8.8.8 | 192.168.2.3 | 0x3ac6 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:38:04.830853939 CET | 8.8.8.8 | 192.168.2.3 | 0x8c81 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:38:10.678647041 CET | 8.8.8.8 | 192.168.2.3 | 0x578 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:38:33.254252911 CET | 8.8.8.8 | 192.168.2.3 | 0x962a | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:38:39.981759071 CET | 8.8.8.8 | 192.168.2.3 | 0x2d71 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:38:45.703701973 CET | 8.8.8.8 | 192.168.2.3 | 0x9460 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:39:07.173084974 CET | 8.8.8.8 | 192.168.2.3 | 0x88ca | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:39:12.824115992 CET | 8.8.8.8 | 192.168.2.3 | 0x1299 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:39:18.785767078 CET | 8.8.8.8 | 192.168.2.3 | 0x9b5d | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:39:40.362126112 CET | 8.8.8.8 | 192.168.2.3 | 0x1f50 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:39:45.747180939 CET | 8.8.8.8 | 192.168.2.3 | 0x7479 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:39:51.178608894 CET | 8.8.8.8 | 192.168.2.3 | 0x36bf | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:40:12.446680069 CET | 8.8.8.8 | 192.168.2.3 | 0x9d5c | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:40:17.878400087 CET | 8.8.8.8 | 192.168.2.3 | 0x181a | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:40:23.283564091 CET | 8.8.8.8 | 192.168.2.3 | 0x8ae3 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:40:36.468389034 CET | 8.8.8.8 | 192.168.2.3 | 0x94c5 | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 16:40:46.391926050 CET | 8.8.8.8 | 192.168.2.3 | 0x302f | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:40:51.799696922 CET | 8.8.8.8 | 192.168.2.3 | 0x8df5 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:40:57.208571911 CET | 8.8.8.8 | 192.168.2.3 | 0x83e9 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:41:18.465759993 CET | 8.8.8.8 | 192.168.2.3 | 0x4d77 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:41:23.888911009 CET | 8.8.8.8 | 192.168.2.3 | 0x7e7c | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:41:29.287206888 CET | 8.8.8.8 | 192.168.2.3 | 0x965f | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:41:50.549242973 CET | 8.8.8.8 | 192.168.2.3 | 0x90ea | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:41:56.736052990 CET | 8.8.8.8 | 192.168.2.3 | 0x6374 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:42:02.159964085 CET | 8.8.8.8 | 192.168.2.3 | 0xff70 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:42:25.816840887 CET | 8.8.8.8 | 192.168.2.3 | 0x2b5c | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:42:31.221770048 CET | 8.8.8.8 | 192.168.2.3 | 0x8c0f | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:42:36.653882027 CET | 8.8.8.8 | 192.168.2.3 | 0x27eb | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:42:57.885962963 CET | 8.8.8.8 | 192.168.2.3 | 0xf454 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:43:04.396392107 CET | 8.8.8.8 | 192.168.2.3 | 0x6bb8 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:43:09.798619986 CET | 8.8.8.8 | 192.168.2.3 | 0x7e7b | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:43:31.021744967 CET | 8.8.8.8 | 192.168.2.3 | 0xa7ff | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:43:38.829248905 CET | 8.8.8.8 | 192.168.2.3 | 0x96b7 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:43:44.248924017 CET | 8.8.8.8 | 192.168.2.3 | 0x96e7 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:44:05.492403984 CET | 8.8.8.8 | 192.168.2.3 | 0xf053 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:44:10.898217916 CET | 8.8.8.8 | 192.168.2.3 | 0xf92e | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:44:16.248155117 CET | 8.8.8.8 | 192.168.2.3 | 0x9a1e | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 16:35:50 |
Start date: | 22/02/2021 |
Path: | C:\Users\user\Desktop\document.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x280000 |
File size: | 320595 bytes |
MD5 hash: | A777EE74F09E40B1E32FF3007EB89D14 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 16:37:35 |
Start date: | 22/02/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x850000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 16:37:38 |
Start date: | 22/02/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb40000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:37:39 |
Start date: | 22/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:37:39 |
Start date: | 22/02/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb40000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:37:39 |
Start date: | 22/02/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2e0000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 16:37:40 |
Start date: | 22/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:37:40 |
Start date: | 22/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:37:42 |
Start date: | 22/02/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa60000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Antivirus matches: |
|
Reputation: | high |
General |
---|
Start time: | 16:37:42 |
Start date: | 22/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:37:47 |
Start date: | 22/02/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9b0000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 16:37:47 |
Start date: | 22/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 0.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 3.9% |
Total number of Nodes: | 932 |
Total number of Limit Nodes: | 14 |
Graph
Executed Functions |
---|
Function 0028E535, Relevance: 6.0, APIs: 4, Instructions: 41COMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00290F60, Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
Control-flow Graph |
---|
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 86% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 75% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 85% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 90% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 90% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0028DBBE, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0028EB17, Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0028E8A1, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40COMMONLIBRARYCODE
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 29.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 44 |
Total number of Limit Nodes: | 2 |
Graph
Callgraph |
---|
Executed Functions |
---|
Function 024B01B7, Relevance: 5.6, Strings: 4, Instructions: 574COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B0710, Relevance: 4.2, Strings: 3, Instructions: 446COMMON
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2A6DF, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2A4AA, Relevance: 1.6, APIs: 1, Instructions: 79fileCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2A71A, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2A1F4, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2A4DE, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2A587, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2A73E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2A5C2, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2A23A, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B1540, Relevance: 1.3, Strings: 1, Instructions: 35COMMON
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B0E30, Relevance: .5, Instructions: 471COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B22477, Relevance: .2, Instructions: 184COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B0006, Relevance: .1, Instructions: 83COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B00B9, Relevance: .1, Instructions: 82COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B0D38, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B0CB0, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024C05D7, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B0CC0, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B14E8, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B14D9, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B0070, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024C05F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B0D29, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B223F4, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B223BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B14B5, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Execution Graph |
---|
Execution Coverage: | 27.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 44 |
Total number of Limit Nodes: | 2 |
Graph
Callgraph |
---|
Executed Functions |
---|
Function 053301B7, Relevance: 5.6, Strings: 4, Instructions: 574COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05330710, Relevance: 4.2, Strings: 3, Instructions: 441COMMON
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C2A6DF, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C2A4AA, Relevance: 1.6, APIs: 1, Instructions: 79fileCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C2A71A, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C2A1F4, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C2A4DE, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C2A587, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C2A73E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C2A5C2, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C2A23A, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05331540, Relevance: 1.3, Strings: 1, Instructions: 32COMMON
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05330E30, Relevance: .5, Instructions: 470COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053300B9, Relevance: .1, Instructions: 84COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05330006, Relevance: .1, Instructions: 67COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05330D38, Relevance: .1, Instructions: 51COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C305CF, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05330CC0, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053314E8, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053314D9, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05330070, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C305F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05330D29, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C223F4, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C223BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053314B5, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Execution Graph |
---|
Execution Coverage: | 27.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 28 |
Total number of Limit Nodes: | 2 |
Graph
Callgraph |
---|
Executed Functions |
---|
Function 053E01B7, Relevance: 5.6, Strings: 4, Instructions: 575COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E0710, Relevance: 6.7, Strings: 5, Instructions: 449COMMON
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CCA4AA, Relevance: 1.6, APIs: 1, Instructions: 79fileCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CCA336, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CCA1F4, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CCA4DE, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CCA36A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CCA23A, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D105CF, Relevance: .1, Instructions: 90COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E00B9, Relevance: .1, Instructions: 84COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E0006, Relevance: .1, Instructions: 66COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D10639, Relevance: .1, Instructions: 58COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E0DA0, Relevance: .1, Instructions: 53COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E0D19, Relevance: .0, Instructions: 42COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E0070, Relevance: .0, Instructions: 28COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E0CC8, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D105F6, Relevance: .0, Instructions: 27COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E0D90, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CC23F4, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CC23BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|