Analysis Report V33QokMrIv.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: NanoCore |
---|
{"Version": "1.2.2.0", "Mutex": "92421eeb-c456-44c2-ab8d-5a66d7e5ab97", "Group": "Company", "Domain1": "194.5.98.202", "Domain2": "", "Port": 4488, "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security | ||
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
|
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Click to see the 6 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Sigma detected: Scheduled temp file as task from temp location | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Compliance: |
---|
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Uses new MSVCR Dlls | Show sources |
Source: | File opened: | Jump to behavior |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: | ||
Source: | Process Stats: |
Source: | Code function: | 15_2_0100723F |
Source: | Code function: | 22_2_049101B7 | |
Source: | Code function: | 24_2_050101B7 | |
Source: | Code function: | 27_2_049A01C8 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 15_2_01007104 | |
Source: | Code function: | 15_2_01006108 | |
Source: | Code function: | 15_2_0100410C | |
Source: | Code function: | 15_2_0100310C | |
Source: | Code function: | 15_2_01007114 | |
Source: | Code function: | 15_2_01007128 | |
Source: | Code function: | 15_2_01006130 | |
Source: | Code function: | 15_2_01004138 | |
Source: | Code function: | 15_2_01007140 | |
Source: | Code function: | 15_2_01006144 | |
Source: | Code function: | 15_2_01006150 | |
Source: | Code function: | 15_2_0100615C | |
Source: | Code function: | 15_2_01007174 | |
Source: | Code function: | 15_2_01006178 | |
Source: | Code function: | 15_2_0100317C | |
Source: | Code function: | 15_2_01006188 | |
Source: | Code function: | 15_2_01007190 | |
Source: | Code function: | 15_2_0100619C | |
Source: | Code function: | 15_2_010061AC | |
Source: | Code function: | 15_2_010031B8 | |
Source: | Code function: | 15_2_010061B8 | |
Source: | Code function: | 15_2_010071B8 | |
Source: | Code function: | 15_2_010071D4 | |
Source: | Code function: | 15_2_010061D8 | |
Source: | Code function: | 15_2_010031E8 | |
Source: | Code function: | 15_2_010041F0 | |
Source: | Code function: | 15_2_010041F7 | |
Source: | Code function: | 15_2_010071F8 | |
Source: | Code function: | 15_2_01004200 | |
Source: | Code function: | 15_2_01006200 | |
Source: | Code function: | 15_2_01006004 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules | Show sources |
Source: | Process created: |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Detected RDTSC dummy instruction sequence (likely for instruction hammering) | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Code function: | 15_2_01002990 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 15_2_01002990 |
Source: | Code function: | 15_2_01004DA1 |
Source: | Code function: | 15_2_01006010 | |
Source: | Code function: | 15_2_010039D3 | |
Source: | Code function: | 15_2_010039F5 | |
Source: | Code function: | 15_2_01006B11 | |
Source: | Code function: | 15_2_01006B25 | |
Source: | Code function: | 15_2_01005A40 | |
Source: | Code function: | 15_2_01006AB7 | |
Source: | Code function: | 15_2_01006AC9 | |
Source: | Code function: | 15_2_01006AF1 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 15_2_010029AD |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Detected Nanocore Rat | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scheduled Task/Job1 | Scheduled Task/Job1 | Process Injection112 | Masquerading2 | Input Capture11 | Security Software Discovery521 | Remote Services | Input Capture11 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Registry Run Keys / Startup Folder1 | Scheduled Task/Job1 | Virtualization/Sandbox Evasion23 | LSASS Memory | Virtualization/Sandbox Evasion23 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | DLL Side-Loading1 | Registry Run Keys / Startup Folder1 | Disable or Modify Tools1 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Remote Access Software1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | DLL Side-Loading1 | Process Injection112 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Hidden Files and Directories1 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol11 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information1 | Cached Domain Credentials | System Information Discovery212 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | DLL Side-Loading1 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
9% | ReversingLabs | Win32.Trojan.Generic |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
9% | ReversingLabs | Win32.Trojan.Generic |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
onedrive.live.com | unknown | unknown | false | high | |
ibkebw.dm.files.1drv.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| low | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
194.5.98.202 | unknown | Netherlands | 208476 | DANILENKODE | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 357184 |
Start date: | 24.02.2021 |
Start time: | 09:23:21 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 11m 23s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | V33QokMrIv.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 30 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@19/12@2/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
09:26:25 | Autostart | |
09:26:29 | Task Scheduler | |
09:26:29 | API Interceptor | |
09:26:30 | Task Scheduler | |
09:26:33 | Autostart | |
09:26:41 | Autostart |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
194.5.98.202 | Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DANILENKODE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53248 |
Entropy (8bit): | 4.490095782293901 |
Encrypted: | false |
SSDEEP: | 768:0P2Bbv+VazyoD2z9TU//1mz1+M9GnLEu+2wTFRJS8Ulg:HJv46yoD2BTNz1+M9GLfOw8UO |
MD5: | 529695608EAFBED00ACA9E61EF333A7C |
SHA1: | 68CA8B6D8E74FA4F4EE603EB862E36F2A73BC1E5 |
SHA-256: | 44F129DE312409D8A2DF55F655695E1D48D0DB6F20C5C7803EB0032D8E6B53D0 |
SHA-512: | 8FE476E0185B2B0C66F34E51899B932CB35600C753D36FE102BDA5894CDAA58410044E0A30FDBEF76A285C2C75018D7C5A9BA0763D45EC605C2BBD1EBB9ED674 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20 |
Entropy (8bit): | 3.6841837197791887 |
Encrypted: | false |
SSDEEP: | 3:QHXMKas:Q3Las |
MD5: | B3AC9D09E3A47D5FD00C37E075A70ECB |
SHA1: | AD14E6D0E07B00BD10D77A06D68841B20675680B |
SHA-256: | 7A23C6E7CCD8811ECDF038D3A89D5C7D68ED37324BAE2D4954125D9128FA9432 |
SHA-512: | 09B609EE1061205AA45B3C954EFC6C1A03C8FD6B3011FF88CF2C060E19B1D7FD51EE0CB9D02A39310125F3A66AA0146261BDEE3D804F472034DF711BC942E316 |
Malicious: | true |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20 |
Entropy (8bit): | 3.6841837197791887 |
Encrypted: | false |
SSDEEP: | 3:QHXMKas:Q3Las |
MD5: | B3AC9D09E3A47D5FD00C37E075A70ECB |
SHA1: | AD14E6D0E07B00BD10D77A06D68841B20675680B |
SHA-256: | 7A23C6E7CCD8811ECDF038D3A89D5C7D68ED37324BAE2D4954125D9128FA9432 |
SHA-512: | 09B609EE1061205AA45B3C954EFC6C1A03C8FD6B3011FF88CF2C060E19B1D7FD51EE0CB9D02A39310125F3A66AA0146261BDEE3D804F472034DF711BC942E316 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1319 |
Entropy (8bit): | 5.133606110275315 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0mne5xtn:cbk4oL600QydbQxIYODOLedq3Ze5j |
MD5: | C6F0625BF4C1CDFB699980C9243D3B22 |
SHA1: | 43DE1FE580576935516327F17B5DA0C656C72851 |
SHA-256: | 8DFC4E937F0B2374E3CED25FCE344B0731CF44B8854625B318D50ECE2DA8F576 |
SHA-512: | 9EF2DBD4142AD0E1E6006929376ECB8011E7FFC801EE2101E906787D70325AD82752DF65839DE9972391FA52E1E5974EC1A5C7465A88AA56257633EBB7D70969 |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310 |
Entropy (8bit): | 5.109425792877704 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j |
MD5: | 5C2F41CFC6F988C859DA7D727AC2B62A |
SHA1: | 68999C85FC7E37BAB9216E0099836D40D4545C1C |
SHA-256: | 98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B |
SHA-512: | B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 928 |
Entropy (8bit): | 7.024371743172393 |
Encrypted: | false |
SSDEEP: | 24:IQnybgCUtvd7xCFhwUuQnybgCUtvd7xCFhwUuQnybgCUtvd7xCFhwUuQnybgCUtw:Ik/lCrwfk/lCrwfk/lCrwfk/lCrw8 |
MD5: | CCB690520E68EE385ACC0ACFE759AFFC |
SHA1: | 33F0DA3F55E5B3C5AC19B61D31471CB60BCD5C96 |
SHA-256: | 166154225DAB5FCB79C1CA97D371B159D37B83FBC0ADABCD8EBA98FA113A7A3B |
SHA-512: | AC4F3CF1F8F460745D37E6350861C2FBCDDCC1BBDE0A48FB361BFBF5B1EBF10A05F798A72CE413FCA073FF8108955353DDBCBD9D50CED6CDAE231C67A28FDDA3 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 2.75 |
Encrypted: | false |
SSDEEP: | 3:zTn:zTn |
MD5: | 92E49A758034CCCB53F7E0C2540D8D1F |
SHA1: | A110CF375A1151871163162E42572DB30665F4DD |
SHA-256: | C7CB3AE57F1E7A86EDD4CBBB313AB5E1BDF253C6205AB1B2188DD27F44C6D11C |
SHA-512: | 376B05470948B965687BD787F2FF2A81B62F2D3157FD9213DD2D885453FE05FBFB0E6B4EF3F71774B6CA1A9AEE215DA5756F3E679C075B89D112E9225D055128 |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 56 |
Entropy (8bit): | 4.787365359936823 |
Encrypted: | false |
SSDEEP: | 3:oMty8WbSXgL4A:oMLWuQL4A |
MD5: | EFD1636CFC3CC38FD7BABAE5CAC9EDE0 |
SHA1: | 4D7D378ABEB682EEFBD039930C0EA996FBF54178 |
SHA-256: | F827D5B11C1EB3902D601C3E0B59BA32FE11C0B573FBF22FB2AF86BFD4651BBA |
SHA-512: | 69B2B0AB1A6E13395EF52DCB903B8E17D842E6D0D44F801FF2659CFD5EC343C8CC57928B02961FC7099AD43FF05633BAF5AC39042A00C8676D4FA8F6F8C2A5D7 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 4.886067635976852 |
Encrypted: | false |
SSDEEP: | 1536:uWWTwV4fVhuoUaaAAwT4uv65YEWDTkIlmak5AEivuxVQwV4MjW:2wVUPOpUlviYEWnkIlmak5zivQqwV |
MD5: | E18DBE57194DD717D54A907BA8E6D3E1 |
SHA1: | 76BACC8C5FBBF675399C39C42565DFC3D77BE98B |
SHA-256: | B5D510179AB07F09C10CFA2EA9D95346FB696AFD3F642AF2882B3F4CD16D3FF5 |
SHA-512: | B5B4064FB475590E7EBFA51857117E5C8DAC0C98402809856CD17CF40EDBF455A28ECAB9BD4B431997C50AC1767AB7724F79ED356C33690AA9CB2DCDF38F7968 |
Malicious: | false |
Antivirus: |
|
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1010 |
Entropy (8bit): | 4.298581893109255 |
Encrypted: | false |
SSDEEP: | 24:zKTDwL/0XZd3Wo3opQ5ZKBQFYVgt7ovrNOYlK:zKTDwAXZxo4ABV+SrUYE |
MD5: | 367EEEC425FE7E80B723298C447E2F22 |
SHA1: | 3873DFC88AF504FF79231FE2BF0E3CD93CE45195 |
SHA-256: | 481A7A3CA0DD32DA4772718BA4C1EF3F01E8D184FE82CF6E9C5386FD343264BC |
SHA-512: | F7101541D87F045E9DBC45941CDC5A7F97F3EFC29AC0AF2710FC24FA64F0163F9463DE373A5D2BE1270126829DE81006FB8E764186374966E8D0E9BB35B7D7D6 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.886067635976852 |
TrID: |
|
File name: | V33QokMrIv.exe |
File size: | 131072 |
MD5: | e18dbe57194dd717d54a907ba8e6d3e1 |
SHA1: | 76bacc8c5fbbf675399c39c42565dfc3d77be98b |
SHA256: | b5d510179ab07f09c10cfa2ea9d95346fb696afd3f642af2882b3f4cd16d3ff5 |
SHA512: | b5b4064fb475590e7ebfa51857117e5c8dac0c98402809856cd17cf40edbf455a28ecab9bd4b431997c50ac1767ab7724f79ed356c33690aa9cb2dcdf38f7968 |
SSDEEP: | 1536:uWWTwV4fVhuoUaaAAwT4uv65YEWDTkIlmak5AEivuxVQwV4MjW:2wVUPOpUlviYEWnkIlmak5zivQqwV |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1...1...1.......0...~...0.......0...Rich1...........PE..L.....bW.................P...................`....@................ |
File Icon |
---|
Icon Hash: | 01d292796dda0080 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4013dc |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x57629AC2 [Thu Jun 16 12:25:38 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | cc882d101998a701353b40b0cd8c341a |
Entrypoint Preview |
---|
Instruction |
---|
push 00412778h |
call 00007FCC9CB3C453h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
cmp byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
cdq |
push edx |
movsd |
inc esp |
pop edi |
test al, 15h |
inc esp |
cdq |
das |
xchg eax, ecx |
mov al, byte ptr [1610F6ADh] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
xor cl, byte ptr [7061430Ah] |
push esi |
inc ecx |
push edx |
inc ebp |
push esp |
dec edi |
inc edi |
add byte ptr [eax], al |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
add al, 8Fh |
outsd |
mov edx, 7A63B091h |
inc edi |
sbb dword ptr [eax+2FFB4570h], FFFFFFC3h |
int 7Bh |
cdq |
adc ch, 00000022h |
xchg dword ptr [edx+4Fh], esi |
mov bl, 6Ch |
out dx, al |
xor byte ptr [ecx], al |
push es |
jle 00007FCC9CB3C3EDh |
cmp cl, byte ptr [edi-53h] |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
mov eax, dword ptr [A5000112h] |
jnle 00007FCC9CB3C462h |
add byte ptr [eax], al |
adc al, byte ptr [eax] |
push esp |
push ebp |
inc edx |
inc ebp |
push edx |
inc ebx |
push ebp |
dec esp |
inc ecx |
push esp |
dec edi |
push ebx |
push eax |
dec ecx |
dec esi |
dec edi |
push ebp |
push ebx |
add byte ptr [42000A01h], cl |
jne 00007FCC9CB3C4D0h |
add byte ptr fs:[eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x15974 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x17000 | 0x83f6 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0xe0 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x14da4 | 0x15000 | False | 0.404203869048 | data | 5.57673610906 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x16000 | 0xa18 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x17000 | 0x83f6 | 0x9000 | False | 0.340494791667 | data | 3.53320400461 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x1f2ce | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x1dca6 | 0x1628 | dBase IV DBT of \200.DBF, blocks size 0, block length 4608, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0x1bffe | 0x1ca8 | data | ||
RT_ICON | 0x1b356 | 0xca8 | data | ||
RT_ICON | 0x1afee | 0x368 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x18a46 | 0x25a8 | data | ||
RT_ICON | 0x1799e | 0x10a8 | data | ||
RT_ICON | 0x17536 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x174c0 | 0x76 | data | ||
RT_VERSION | 0x17240 | 0x280 | data |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaLateMemCall, __vbaVarDup, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
InternalName | KARAKTERISTIKONS |
FileVersion | 1.00 |
CompanyName | Sinth Radio |
ProductName | Sinth Radio |
ProductVersion | 1.00 |
FileDescription | Sinth Radio |
OriginalFilename | KARAKTERISTIKONS.exe |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
02/24/21-09:26:30.194652 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
02/24/21-09:26:36.466553 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
02/24/21-09:26:42.713931 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
02/24/21-09:26:49.051394 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 24, 2021 09:26:29.759485960 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:30.072976112 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:30.073151112 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:30.194652081 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:30.519912004 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:30.520106077 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:30.579900026 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:30.621732950 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:30.817673922 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:30.817770004 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:31.072177887 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:31.072329998 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:31.379748106 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:31.379842043 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:31.865875959 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:31.865948915 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:31.897878885 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:31.897898912 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:31.897965908 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:31.898910046 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:31.898935080 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:31.898964882 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:31.898991108 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:31.900007010 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:31.900026083 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:31.900054932 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:31.900068998 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:31.900100946 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:31.900779963 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:31.900842905 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:31.900964975 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:31.900985003 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:31.901024103 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:31.901043892 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.147021055 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.147356033 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.148334980 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.148435116 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.155035973 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.155081987 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.155155897 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.155174017 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.157094955 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.157135010 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.157166004 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.157191038 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.157259941 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.157358885 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.158186913 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.158226013 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.158242941 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.158289909 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.158941984 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.158981085 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.158999920 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.159012079 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.159029007 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.159085035 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.159105062 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.159154892 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.160456896 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.160502911 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.160518885 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.160587072 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.160630941 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.160686016 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.161052942 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.161092043 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.161123991 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.161134958 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.163206100 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.163245916 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.163291931 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.163326979 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.186757088 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.428322077 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.428378105 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.428481102 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.428503990 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.428936958 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.429208994 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.429279089 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.430398941 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.430552959 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.430603981 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.430718899 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.431397915 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.431442976 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.431495905 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.432112932 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.432153940 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.432179928 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.432225943 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.434156895 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.434190035 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.434241056 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.434262037 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.434284925 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.434326887 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.434345007 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.434783936 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.434894085 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.434957981 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.434973955 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.435019970 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.436042070 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.436083078 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.436156034 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.436162949 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.436197996 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.436201096 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.436235905 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.438071012 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.438114882 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.438160896 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.438199997 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.438222885 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.438232899 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.438235044 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.438280106 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.439985991 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.440027952 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.440047979 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.440083027 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.440124035 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.440979004 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.441240072 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.441309929 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:32.442059040 CET | 4488 | 49766 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:32.442799091 CET | 49766 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:36.201488018 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:36.447149992 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:36.448434114 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:36.466552973 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:36.779777050 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:36.781270027 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:36.831882000 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:36.887857914 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:37.080342054 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:37.080495119 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:37.315675974 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:37.315772057 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:37.613584042 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:37.613714933 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:37.903466940 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:37.903491020 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:37.903501987 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:37.903516054 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:37.903716087 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:37.913103104 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:37.913129091 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:37.913172007 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:37.914205074 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:37.914223909 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:37.914241076 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:37.914257050 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:37.914259911 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:37.914294004 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.143291950 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.143333912 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.144046068 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.144083977 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.144151926 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.144202948 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.145329952 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.145363092 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.145409107 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.145433903 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.145488024 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.145531893 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.146617889 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.147025108 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.147053003 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.147103071 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.147140026 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.147181988 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.147223949 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.148293972 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.149350882 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.149904966 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.149982929 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.150082111 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.150211096 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.150237083 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.150258064 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.150279999 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.151067972 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.151118994 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.153230906 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.153264999 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.153435946 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.378283024 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.378319025 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.379298925 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.379354954 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.379407883 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.381941080 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.381979942 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.382113934 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.382992983 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.383265972 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.383296013 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.383382082 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.384139061 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.384838104 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.384869099 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.384924889 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.384954929 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.384999990 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.385042906 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.385998964 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.386034966 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.386111021 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.386162996 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.388200998 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.388256073 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.388297081 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.388334990 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.388346910 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.388374090 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.388418913 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.389065027 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.389425039 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.389450073 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.389522076 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.390989065 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.391288996 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.391319036 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.391341925 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.391362906 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.391408920 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.391438007 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.392237902 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.392271042 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.392328978 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.392365932 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.393229961 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.393261909 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.393316031 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.393358946 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.394005060 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.394037008 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.394098043 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.394169092 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.395216942 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.395246983 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.395287991 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.395312071 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.397068024 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.397102118 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.397145033 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.397165060 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.397211075 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.397253036 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.397269964 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.403321981 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.471093893 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.618407011 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.618446112 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.618583918 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.619136095 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.619168043 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.619194984 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.619220018 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.619262934 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.619862080 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.619893074 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.620073080 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.620140076 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.620901108 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.621138096 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.622243881 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.622278929 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.622394085 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.622817993 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.622843981 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.622891903 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.622942924 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.624209881 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.624237061 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.624301910 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.624308109 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.624361038 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.624387026 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.624428034 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.634399891 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.634442091 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.634465933 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.634541035 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.634572029 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.634959936 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.634989977 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.635056019 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.636009932 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.636044025 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.636126041 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.636199951 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.636265039 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.637017965 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.637094975 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.637224913 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.637274027 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.637433052 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.637495041 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.637866974 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.637895107 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.637965918 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.637994051 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.638041973 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.638066053 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.638111115 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.638284922 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.638320923 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.638381004 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.640964985 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.641000986 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.641113997 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.641182899 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.641208887 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.641232014 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.641263962 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.641295910 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.641338110 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.641429901 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.641455889 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.641480923 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.641535997 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.649075031 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.649113894 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.649139881 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.649244070 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.649286032 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.649349928 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.649444103 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.649492979 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.649559975 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:38.653003931 CET | 4488 | 49767 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:38.655400038 CET | 49767 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:42.484137058 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:42.713157892 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:42.713798046 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:42.713931084 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:42.992846966 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:42.992947102 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:43.114825010 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:43.114923000 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:43.264942884 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:43.265072107 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:43.407872915 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:43.407979965 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:43.503271103 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:43.503575087 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:43.695806026 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:43.696070910 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:43.797987938 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:43.798080921 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.003273010 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.003452063 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.079848051 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.082793951 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.124043941 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.124074936 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.124322891 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.132165909 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.132205963 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.132230043 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.132312059 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.132337093 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.132365942 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.132390976 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.132493019 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.132527113 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.132550955 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.132625103 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.136224031 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.136643887 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.284903049 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.285182953 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.364018917 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.364062071 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.364326000 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.372378111 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.372421980 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.372442007 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.372462034 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.372550964 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.372598886 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.372639894 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.372667074 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.372668982 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.373411894 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.376996040 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.377036095 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.378132105 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.378170013 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.378191948 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.378907919 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.378937006 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.387217045 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.387262106 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.387285948 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.387394905 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.387417078 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.387868881 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.387903929 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.387973070 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.387981892 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.388093948 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.388307095 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.388540983 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.582878113 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.586194992 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.613164902 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.613192081 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.613204956 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.613317013 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.613452911 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.613483906 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.614033937 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.614211082 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.614228010 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.614269972 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.614425898 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.615075111 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.615113974 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.615596056 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.615837097 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.616070032 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.616105080 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.617685080 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.617789984 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.617979050 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.618005991 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.619151115 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.619169950 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.619183064 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.619277000 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.620850086 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.620994091 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.621877909 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.621958971 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.621977091 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.623043060 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.623061895 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.623153925 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.623188972 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.623214960 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.623219013 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.623311043 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.623353004 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.623914957 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.623950005 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.624625921 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.624644041 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.624649048 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.634946108 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.634967089 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.634983063 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.635147095 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.635159969 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.635205030 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.635247946 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.635260105 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.635984898 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.636079073 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.636239052 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.636909008 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.636928082 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.637840986 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.637881994 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.637908936 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.638067007 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.638086081 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.638154984 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.638178110 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.797708035 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.860968113 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.861005068 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.861643076 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.861855984 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.861999989 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.862052917 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.862195969 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.863071918 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.863099098 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.863864899 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.863888979 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.864044905 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.866240025 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.866270065 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.866287947 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.866444111 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.866462946 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.866470098 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.866559029 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.867230892 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.867377043 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.867402077 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.867475033 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.868429899 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.868453979 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.868519068 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.868537903 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.869060040 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.869082928 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.869173050 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.869184971 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.870238066 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.870379925 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.870938063 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.871115923 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.871814966 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.871839046 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.872241020 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.872265100 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.872396946 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.872448921 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.872618914 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.873833895 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.873897076 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.873917103 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.873934031 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.874021053 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.874032974 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.875128984 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.875155926 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.875758886 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.875921965 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.876023054 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.876120090 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.876220942 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.877846003 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.877873898 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.877890110 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.877906084 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.877988100 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.878005981 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.878593922 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.878995895 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.879087925 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.879853964 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.879873991 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.879944086 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.879957914 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.881264925 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.881290913 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.881402016 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.882004976 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.882030964 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.882200003 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.882215023 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.883223057 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.883246899 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.883327007 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.883976936 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.884037018 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.884072065 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.884155989 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.884881020 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.884993076 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.884991884 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.885138035 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.886980057 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.887048006 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.887101889 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.887118101 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:44.887294054 CET | 4488 | 49768 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:44.887516022 CET | 49768 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:48.813455105 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:49.049899101 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:49.050398111 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:49.051393986 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:49.349899054 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:49.350019932 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:49.412816048 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:49.412899017 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:49.637979984 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:49.638055086 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:49.699019909 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:49.699146032 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:49.892867088 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:49.892966032 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:49.995062113 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:49.995218039 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.180355072 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.183617115 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.297940969 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.300882101 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.302933931 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.303000927 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.303030014 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.303112984 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.304121971 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.304202080 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.304243088 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.304502964 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.304970026 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.305023909 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.305120945 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.305361986 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.305398941 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.305480957 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.305815935 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.305845022 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.305875063 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.305917025 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.306938887 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.307004929 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.485064983 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.485146046 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.550981998 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.551023960 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.551062107 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.551089048 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.553059101 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.553082943 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.553163052 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.553194046 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.553356886 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.553378105 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.553420067 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.553430080 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.553438902 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.553443909 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.553471088 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.553483009 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.553489923 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.553530931 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.553550959 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.553554058 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.555778980 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.555866003 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.555870056 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.555931091 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.556859016 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.556921959 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.556942940 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.556977034 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.557148933 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.557167053 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.557188988 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.557205915 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.557224035 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.557271957 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.557277918 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.557332993 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.557368994 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.557401896 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.557429075 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.778862953 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.784554958 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.799928904 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.800076962 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.800127029 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.800149918 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.800179958 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.800195932 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.800223112 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.800239086 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.800263882 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.801454067 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.809890985 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.809966087 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.810008049 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.810019970 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.810075045 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.810081005 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.810098886 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.810127974 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.810151100 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.810205936 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.812493086 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.812619925 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.812623024 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.812655926 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.812679052 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.812733889 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.812756062 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.812767029 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.812796116 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.812822104 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.812827110 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.812851906 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.812856913 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.812881947 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.812901020 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.812903881 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.813051939 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.813081980 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.813112020 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.813138962 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.813141108 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.813277006 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.813288927 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.814090014 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.814215899 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.814250946 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.814363956 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.815965891 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.816004038 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.816076994 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.816123962 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.818025112 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.818053961 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.818100929 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.818128109 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.818188906 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.818214893 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.818244934 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.818295956 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:50.818330050 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.818419933 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:50.984381914 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.043328047 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.043365955 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.043490887 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.044086933 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.044142008 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.044187069 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.044218063 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.044217110 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.044246912 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.044308901 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.046919107 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.046984911 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.047064066 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.048537016 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.048590899 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.048655033 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.050060034 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.050121069 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.050208092 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.051228046 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.051342010 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.051404953 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.051436901 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.052207947 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.052243948 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.052283049 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.052288055 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.052299976 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.052352905 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.054219007 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.054325104 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.054357052 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.054383993 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.054400921 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.054404974 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.054450035 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.056287050 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.056320906 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.056410074 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.056920052 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.057071924 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.057128906 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.057187080 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.057274103 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.057328939 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.057965994 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.058037996 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.058095932 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.059360027 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.059395075 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.059457064 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.060118914 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.060153961 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.060209036 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.062114000 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.062155008 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.062194109 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.062227964 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:51.062402010 CET | 4488 | 49769 | 194.5.98.202 | 192.168.2.4 |
Feb 24, 2021 09:26:51.067311049 CET | 49769 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:55.000211954 CET | 49770 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:26:58.014576912 CET | 49770 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:27:04.093281984 CET | 49770 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:27:17.808957100 CET | 49771 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:27:20.891541004 CET | 49771 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:27:26.892064095 CET | 49771 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:27:42.912355900 CET | 49772 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:27:46.003035069 CET | 49772 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:27:52.003530025 CET | 49772 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:28:08.382661104 CET | 49773 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:28:11.397291899 CET | 49773 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:28:17.396344900 CET | 49773 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:28:33.445811033 CET | 49774 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:28:36.507263899 CET | 49774 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:28:42.507808924 CET | 49774 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:28:56.185740948 CET | 49775 | 4488 | 192.168.2.4 | 194.5.98.202 |
Feb 24, 2021 09:28:59.290426970 CET | 49775 | 4488 | 192.168.2.4 | 194.5.98.202 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 24, 2021 09:24:01.168829918 CET | 49714 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:01.217495918 CET | 53 | 49714 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:01.496834040 CET | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:01.545589924 CET | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:02.737222910 CET | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:02.789077044 CET | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:03.904197931 CET | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:03.954843998 CET | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:04.748075962 CET | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:04.799927950 CET | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:06.179506063 CET | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:06.228266954 CET | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:07.560776949 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:07.622188091 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:08.894939899 CET | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:08.949863911 CET | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:11.116444111 CET | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:11.166915894 CET | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:17.570039988 CET | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:17.618900061 CET | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:28.313499928 CET | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:28.365087986 CET | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:29.132186890 CET | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:29.184046984 CET | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:30.045975924 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:30.095005989 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:30.917124033 CET | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:30.967005968 CET | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:32.215751886 CET | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:32.267752886 CET | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:32.378673077 CET | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:32.427474976 CET | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:33.902875900 CET | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:33.951662064 CET | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:35.413022995 CET | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:35.465909004 CET | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:41.079289913 CET | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:41.127976894 CET | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:42.642734051 CET | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:42.692765951 CET | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:46.903964043 CET | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:46.955904961 CET | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:24:59.856170893 CET | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:24:59.931910038 CET | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:25:00.631495953 CET | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:25:00.732729912 CET | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:25:01.512803078 CET | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:25:01.581609964 CET | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:25:02.044190884 CET | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:25:02.101701021 CET | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:25:02.605772972 CET | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:25:02.663177967 CET | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:25:03.188625097 CET | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:25:03.251790047 CET | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:25:03.889224052 CET | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:25:03.937957048 CET | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:25:04.678129911 CET | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:25:04.744019032 CET | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:25:05.883210897 CET | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:25:05.946980000 CET | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:25:06.425657034 CET | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:25:06.499449968 CET | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:25:06.626337051 CET | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:25:06.692455053 CET | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:25:14.779095888 CET | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:25:14.838089943 CET | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:25:42.622454882 CET | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:25:42.673011065 CET | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:25:46.251863003 CET | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:25:46.320204020 CET | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:26:25.442338943 CET | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:26:25.502111912 CET | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:26:26.115159035 CET | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:26:26.206942081 CET | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:28:59.089103937 CET | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:28:59.142637968 CET | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Feb 24, 2021 09:29:00.463768959 CET | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 24, 2021 09:29:00.531222105 CET | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 24, 2021 09:26:25.442338943 CET | 192.168.2.4 | 8.8.8.8 | 0x20d9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 24, 2021 09:26:26.115159035 CET | 192.168.2.4 | 8.8.8.8 | 0x936 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 24, 2021 09:26:25.502111912 CET | 8.8.8.8 | 192.168.2.4 | 0x20d9 | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 24, 2021 09:26:26.206942081 CET | 8.8.8.8 | 192.168.2.4 | 0x936 | No error (0) | dm-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Feb 24, 2021 09:26:26.206942081 CET | 8.8.8.8 | 192.168.2.4 | 0x936 | No error (0) | odc-dm-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 24, 2021 09:28:59.142637968 CET | 8.8.8.8 | 192.168.2.4 | 0xf14e | No error (0) | www.tm.a.prd.aadg.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 09:24:09 |
Start date: | 24/02/2021 |
Path: | C:\Users\user\Desktop\V33QokMrIv.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 131072 bytes |
MD5 hash: | E18DBE57194DD717D54A907BA8E6D3E1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Reputation: | low |
General |
---|
Start time: | 09:24:47 |
Start date: | 24/02/2021 |
Path: | C:\Windows\System32\taskhostw.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff73c340000 |
File size: | 87904 bytes |
MD5 hash: | CE95E236FC9FE2D6F16C926C75B18BAF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 09:26:10 |
Start date: | 24/02/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc00000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 09:26:11 |
Start date: | 24/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:26:27 |
Start date: | 24/02/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x920000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:26:27 |
Start date: | 24/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:26:28 |
Start date: | 24/02/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x920000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:26:28 |
Start date: | 24/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:26:29 |
Start date: | 24/02/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 09:26:30 |
Start date: | 24/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:26:30 |
Start date: | 24/02/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x740000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Antivirus matches: |
|
Reputation: | high |
General |
---|
Start time: | 09:26:30 |
Start date: | 24/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:26:33 |
Start date: | 24/02/2021 |
Path: | C:\Users\user\subfolder1\filename1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 131072 bytes |
MD5 hash: | E18DBE57194DD717D54A907BA8E6D3E1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 09:26:41 |
Start date: | 24/02/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1f0000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 09:26:42 |
Start date: | 24/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 09:26:50 |
Start date: | 24/02/2021 |
Path: | C:\Users\user\subfolder1\filename1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 131072 bytes |
MD5 hash: | E18DBE57194DD717D54A907BA8E6D3E1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 01004DA1, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01002990, Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010029AD, Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0100723F, Relevance: 1.5, APIs: 1, Instructions: 15nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01003764, Relevance: 1.7, APIs: 1, Instructions: 239COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010077A5, Relevance: 1.6, APIs: 1, Instructions: 93threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5AF50, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010077D5, Relevance: 1.6, APIs: 1, Instructions: 86threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010077C5, Relevance: 1.6, APIs: 1, Instructions: 85threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010077F1, Relevance: 1.6, APIs: 1, Instructions: 80threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010058E9, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010029D5, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01007869, Relevance: 1.6, APIs: 1, Instructions: 59threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5BEB4, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01007889, Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5A75B, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5BED2, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010078E5, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5A78A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01007919, Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB5A372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01007909, Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01007935, Relevance: 1.5, APIs: 1, Instructions: 29threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01007951, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010055C1, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01007991, Relevance: 1.5, APIs: 1, Instructions: 16threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010055B3, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010040F5, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0100410D, Relevance: 1.5, APIs: 1, Instructions: 8fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0100560D, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB80845, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB8087C, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB6ACF0, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB805DC, Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB80938, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB805F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB6AD3F, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB523F4, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB523BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 01006AB7, Relevance: .6, Instructions: 645COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01006AC9, Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01006AF1, Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01006B11, Relevance: .2, Instructions: 168COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01006B25, Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01006010, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010039D3, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010039F5, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 049101B7, Relevance: 4.3, Strings: 3, Instructions: 572COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04910710, Relevance: 4.2, Strings: 3, Instructions: 444COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0085A6DF, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0085A4AA, Relevance: 1.6, APIs: 1, Instructions: 79fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0085A71A, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0085A4DE, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0085A1F4, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0085A587, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0085A73E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0085A5C2, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0085A23A, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04910E30, Relevance: .5, Instructions: 469COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049100B9, Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04910006, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04910D38, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005805D1, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04910CB0, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04910CC0, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049114E8, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04911540, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049114D9, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04910070, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005805F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04910D29, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008523F4, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008523BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049114B5, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 050101B7, Relevance: 4.3, Strings: 3, Instructions: 571COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05010710, Relevance: 4.2, Strings: 3, Instructions: 450COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05010E30, Relevance: .5, Instructions: 469COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050100B9, Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05010007, Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05010D38, Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B105CF, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05010CC0, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050114E8, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05011540, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050114D9, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05010070, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B105F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05010D29, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050114B5, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 049A01C8, Relevance: 5.8, Strings: 4, Instructions: 825COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049A01B7, Relevance: 1.4, Strings: 1, Instructions: 100COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049A00B9, Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049A00C8, Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049A0006, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049A0DA0, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049A0C28, Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009205CF, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049A0D19, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049A0D28, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049A0070, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009205F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049A0CC8, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049A0D90, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049A0CD8, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|