Analysis Report QuotationOrder.pdf.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: NanoCore |
---|
{"Version": "1.2.2.0", "Mutex": "7d9d1b37-9225-4679-a6f4-60db74de", "Group": "TBOSS1", "Domain1": "194.5.98.19", "Domain2": "tboss1.ddns.net", "Port": 53795, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Disable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Disable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Click to see the 6 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Click to see the 3 entries |
Sigma Overview |
---|
AV Detection: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
E-Banking Fraud: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
System Summary: |
---|
Sigma detected: Possible Applocker Bypass | Show sources |
Source: | Author: juju4: |
Stealing of Sensitive Information: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Remote Access Functionality: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_018199D8 | |
Source: | Code function: | 0_2_03264918 | |
Source: | Code function: | 0_2_032641D0 | |
Source: | Code function: | 0_2_032660CD | |
Source: | Code function: | 0_2_03267717 | |
Source: | Code function: | 0_2_03264FD0 | |
Source: | Code function: | 0_2_03263E28 | |
Source: | Code function: | 0_2_03265E78 | |
Source: | Code function: | 0_2_03265A61 | |
Source: | Code function: | 0_2_03265A70 | |
Source: | Code function: | 0_2_03266134 | |
Source: | Code function: | 0_2_03264908 | |
Source: | Code function: | 0_2_032641C2 | |
Source: | Code function: | 0_2_03260006 | |
Source: | Code function: | 0_2_03267843 | |
Source: | Code function: | 0_2_03260040 | |
Source: | Code function: | 0_2_03264FC0 | |
Source: | Code function: | 0_2_03263E18 | |
Source: | Code function: | 0_2_03265E68 | |
Source: | Code function: | 0_2_03263C50 | |
Source: | Code function: | 0_2_0588DAB0 | |
Source: | Code function: | 0_2_0588B760 | |
Source: | Code function: | 0_2_0588B770 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_03263388 | |
Source: | Code function: | 0_2_03263924 | |
Source: | Code function: | 0_2_0326391A |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules | Show sources |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection: |
---|
Uses an obfuscated file name to hide its real file extension (double extension) | Show sources |
Source: | Static PE information: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM3 | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File opened / queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior |
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Detected Nanocore Rat | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation1 | Scheduled Task/Job1 | Process Injection311 | Masquerading11 | Input Capture1 | Query Registry1 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Command and Scripting Interpreter2 | Boot or Logon Initialization Scripts | Scheduled Task/Job1 | Disable or Modify Tools1 | LSASS Memory | Security Software Discovery221 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Scheduled Task/Job1 | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion31 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Remote Access Software1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection311 | NTDS | Virtualization/Sandbox Evasion31 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol11 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information12 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Software Packing2 | Cached Domain Credentials | File and Directory Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery12 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | ReversingLabs | Win32.Trojan.Wacatac | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
13% | ReversingLabs | Win32.Trojan.Wacatac |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
194.5.98.19 | unknown | Netherlands | 208476 | DANILENKODE | true |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 412361 |
Start date: | 12.05.2021 |
Start time: | 16:37:08 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | QuotationOrder.pdf.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 30 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@6/8@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
16:37:58 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
194.5.98.19 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DANILENKODE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\QuotationOrder.pdf.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1314 |
Entropy (8bit): | 5.350128552078965 |
Encrypted: | false |
SSDEEP: | 24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR |
MD5: | 1DC1A2DCC9EFAA84EABF4F6D6066565B |
SHA1: | B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9 |
SHA-256: | 28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF |
SHA-512: | 95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\QuotationOrder.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1658 |
Entropy (8bit): | 5.172758791574188 |
Encrypted: | false |
SSDEEP: | 24:2dH4+SEqC/dp7hdMlNMFpdU/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBIItn:cbhH7MlNQ8/rydbz9I3YODOLNdq3Cu |
MD5: | B79D81932ABEC23FDC88F5174005E22B |
SHA1: | 8AD532699EFB3ABDB0C9C8CE6AB813D3A8E61A43 |
SHA-256: | AAD7A31CC58EE7586719F33F84442BC343F68268E17B57F9925819FE2C5C954D |
SHA-512: | 2D5FEB2DFB7A5F739781017063E37FC36FC1FA1B9CD0938B5207D7A4D2621F9DD14D2EC9A1EDB6FE106CC7309075621133C8DB4A49A8AA4B2E4497D61FD6C5EA |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 232 |
Entropy (8bit): | 7.024371743172393 |
Encrypted: | false |
SSDEEP: | 6:X4LDAnybgCFcpJSQwP4d7ZrqJgTFwoaw+9XU4:X4LEnybgCFCtvd7ZrCgpwoaw+Z9 |
MD5: | 32D0AAE13696FF7F8AF33B2D22451028 |
SHA1: | EF80C4E0DB2AE8EF288027C9D3518E6950B583A4 |
SHA-256: | 5347661365E7AD2C1ACC27AB0D150FFA097D9246BB3626FCA06989E976E8DD29 |
SHA-512: | 1D77FC13512C0DBC4EFD7A66ACB502481E4EFA0FB73D0C7D0942448A72B9B05BA1EA78DDF0BE966363C2E3122E0B631DB7630D044D08C1E1D32B9FB025C356A5 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:f:f |
MD5: | 98FFEE1BE6A389DA995E26874A8902A7 |
SHA1: | 6A9A6943232179F45B37AB51E3424DAB9F229281 |
SHA-256: | 0D6B2577E2F9D323C9632D28ED41AC91DBBE5FC476A0FAAADEA9BDA4685EF368 |
SHA-512: | 8ED324A779482DD98B6D35C4873D0C2421E034BC53A6E8AC7301ED35C27A3A49D6E5DCFF65EE966300E29F29FA55B1A778C44D6D2BE0F3388E308390EF5CF753 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40 |
Entropy (8bit): | 5.153055907333276 |
Encrypted: | false |
SSDEEP: | 3:9bzY6oRDT6P2bfVn1:RzWDT621 |
MD5: | 4E5E92E2369688041CC82EF9650EDED2 |
SHA1: | 15E44F2F3194EE232B44E9684163B6F66472C862 |
SHA-256: | F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48 |
SHA-512: | 1B368018907A3BC30421FDA2C935B39DC9073B9B1248881E70AD48EDB6CAA256070C1A90B97B0F64BBE61E316DBB8D5B2EC8DBABCD0B0B2999AB50B933671ECB |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 327432 |
Entropy (8bit): | 7.99938831605763 |
Encrypted: | true |
SSDEEP: | 6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm |
MD5: | 7E8F4A764B981D5B82D1CC49D341E9C6 |
SHA1: | D9F0685A028FB219E1A6286AEFB7D6FCFC778B85 |
SHA-256: | 0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480 |
SHA-512: | 880E46504FCFB4B15B86B9D8087BA88E6C4950E433616EBB637799F42B081ABF6F07508943ECB1F786B2A89E751F5AE62D750BDCFFDDF535D600CF66EC44E926 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\QuotationOrder.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 850944 |
Entropy (8bit): | 7.33046471356557 |
Encrypted: | false |
SSDEEP: | 24576:CHqaISNYHhszddtBr+8qqbGdxP9rm0JU0:2vZuAddtyi8P/ |
MD5: | 14E431BCB3FDB77CD13912A5CBEF9E40 |
SHA1: | 717C23D8BD639B9E22E2DE994EF8EF87F575B48C |
SHA-256: | 378932D5FC866BFE3AE59ABE125E21DA19AE9FD819976FD1FDD73F8FCE110B7E |
SHA-512: | 2E8A8B5117F1680C30A3F8234BA2944BE4543F94EA7753720087C839F45901296ACD2072A3EBBC18292882015ABF8790B86B000FEAECAFB3452E074713927671 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\QuotationOrder.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.33046471356557 |
TrID: |
|
File name: | QuotationOrder.pdf.exe |
File size: | 850944 |
MD5: | 14e431bcb3fdb77cd13912a5cbef9e40 |
SHA1: | 717c23d8bd639b9e22e2de994ef8ef87f575b48c |
SHA256: | 378932d5fc866bfe3ae59abe125e21da19ae9fd819976fd1fdd73f8fce110b7e |
SHA512: | 2e8a8b5117f1680c30a3f8234ba2944be4543f94ea7753720087c839f45901296acd2072a3ebbc18292882015abf8790b86b000feaecafb3452e074713927671 |
SSDEEP: | 24576:CHqaISNYHhszddtBr+8qqbGdxP9rm0JU0:2vZuAddtyi8P/ |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............P..L...........k... ........@.. .......................`............@................................ |
File Icon |
---|
Icon Hash: | cc92316d713396e8 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4b6bda |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x609BD296 [Wed May 12 13:05:26 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xb6b88 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xb8000 | 0x1ab3c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xd4000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xb4be0 | 0xb4c00 | False | 0.811643650588 | data | 7.65733353837 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xb8000 | 0x1ab3c | 0x1ac00 | False | 0.145973276869 | data | 3.15479172029 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xd4000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xb8220 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0xb8688 | 0x162a | PNG image data, 256 x 256, 8-bit colormap, non-interlaced | ||
RT_ICON | 0xb9cb4 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xbc25c | 0x10a8 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xbd304 | 0x10828 | dBase III DBT, version number 0, next free block index 40 | ||
RT_ICON | 0xcdb2c | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 | ||
RT_GROUP_ICON | 0xd1d54 | 0x5a | data | ||
RT_VERSION | 0xd1db0 | 0x35c | data | ||
RT_MANIFEST | 0xd210c | 0xa2e | XML 1.0 document, UTF-8 Unicode (with BOM) text |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2020 |
Assembly Version | 1.0.0.0 |
InternalName | WaitHandle.exe |
FileVersion | 1.0.0.0 |
CompanyName | |
LegalTrademarks | |
Comments | |
ProductName | LibraryManagementSystem |
ProductVersion | 1.0.0.0 |
FileDescription | LibraryManagementSystem |
OriginalFilename | WaitHandle.exe |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 12, 2021 16:37:49.402602911 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.402625084 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.402640104 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.402653933 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.402666092 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.402678967 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.402692080 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.402704954 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.402720928 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.402798891 CEST | 49683 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.406750917 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.406775951 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.437081099 CEST | 49683 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.437128067 CEST | 49683 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.446013927 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.484226942 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.484262943 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.558038950 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.558084965 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.558279991 CEST | 49686 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.572079897 CEST | 49686 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.572144985 CEST | 49686 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.626034021 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.628714085 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.637880087 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.637937069 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.637986898 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.638031960 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.638073921 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.638114929 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.638154030 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.638170004 CEST | 49683 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.638189077 CEST | 49683 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.638194084 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.638233900 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.638350010 CEST | 49683 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.638359070 CEST | 49683 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.793132067 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.793154955 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.793168068 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.793185949 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.793205976 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.793225050 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.793241024 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.793256998 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.793276072 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.793291092 CEST | 49686 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.793385983 CEST | 49686 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.859034061 CEST | 49683 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.859078884 CEST | 49683 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.860367060 CEST | 49686 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.860460043 CEST | 49686 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:49.906537056 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.906565905 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.913742065 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.913774014 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:49.948044062 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.065779924 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.065824986 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.065845013 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.065871000 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.065895081 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.065918922 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.065943003 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.065967083 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.065989971 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.066137075 CEST | 49683 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:50.066188097 CEST | 49683 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:50.069802999 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.069839001 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.069864988 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.069890022 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.069915056 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.069942951 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.069960117 CEST | 49686 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:50.069969893 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.069998026 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.070005894 CEST | 49686 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:50.070022106 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:37:50.070054054 CEST | 49686 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:37:50.125252962 CEST | 49686 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:38:04.338349104 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:04.625350952 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:04.626024008 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:04.663634062 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:05.025593996 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:05.025703907 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:05.673342943 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:05.673434973 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:06.131752968 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:06.208240986 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:06.847779989 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:06.854868889 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:06.857724905 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:07.400722980 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:07.450665951 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:07.450900078 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:07.463649035 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:07.492629051 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:07.493413925 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:07.739763021 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:07.751951933 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:07.752135992 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:07.755971909 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:07.764638901 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:07.764889002 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:08.097527981 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:08.128065109 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:08.128221035 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:08.129622936 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:08.145663977 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:08.145872116 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:08.171880960 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:08.171936989 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:08.172235966 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:08.176664114 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:08.220508099 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:08.232836962 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:08.242656946 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:08.243248940 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:08.251808882 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:08.279628992 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:08.280376911 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:08.292975903 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:08.423888922 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:09.006711960 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:09.011135101 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:09.372493029 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:09.407705069 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:09.408442020 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:09.433595896 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:09.436594009 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:09.436672926 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:09.595778942 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:09.609738111 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:09.609894037 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:09.619626045 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:09.650665045 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:09.650835037 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:09.706665039 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:09.973604918 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:09.973706007 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:09.980196953 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:09.980330944 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.014605045 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.016738892 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.039973974 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.040117979 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.046617031 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.047018051 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.055536032 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.055716991 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.074594975 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.074723005 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.076564074 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.076661110 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.081573009 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.081691027 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.098867893 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.099073887 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.100615025 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.101222992 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.120569944 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.121418953 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.132615089 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.132822990 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.150716066 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.150945902 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.163585901 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.163851023 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.172589064 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.172816038 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.178622007 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.178843975 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.207676888 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.207767963 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.251513004 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.256606102 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.256685019 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.295640945 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.309611082 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.309683084 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.327541113 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.332545042 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.332614899 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.436672926 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.450756073 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.450958967 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.741102934 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.776336908 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.776591063 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.786755085 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.802808046 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.803085089 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.842688084 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.856663942 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.856735945 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.861567974 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.871627092 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.872004032 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.894612074 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.900692940 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.900871992 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.979115009 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.979147911 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:10.979583025 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:10.984095097 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.013638020 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.013988972 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.025639057 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.035691023 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.035923958 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.041553974 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.053637028 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.053792000 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.080732107 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.100615978 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.100737095 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.119860888 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.133194923 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.133352041 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.146325111 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.166665077 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.166814089 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.181699991 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.193701982 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.194067001 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.202632904 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.209023952 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.213419914 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.218075991 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.249540091 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.250489950 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.259670973 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.267808914 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.268197060 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.269575119 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.285049915 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.285211086 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.291554928 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.298882961 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.299113035 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.343622923 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.351377010 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.351763964 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.359811068 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.369476080 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.369544029 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.375993967 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.417715073 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.422369003 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.431654930 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.437644958 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.437764883 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.586565971 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.590687990 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.594636917 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.601759911 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.606967926 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.610591888 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.655680895 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.663146973 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.663208008 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.663259029 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.672672987 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.672743082 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.676774025 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.691030025 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.691092014 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.694617033 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.705123901 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.705517054 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.724613905 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.743019104 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.743043900 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.743110895 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.754661083 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.754793882 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.757519960 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.771531105 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.772175074 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.776948929 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.802593946 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.802674055 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.811579943 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.829694033 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.829719067 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.829830885 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.839771032 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.839986086 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.845757008 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.852734089 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.853085995 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.865679979 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.888951063 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.889044046 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.913197041 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.914764881 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.914866924 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.923505068 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.936691999 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.936845064 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.969038010 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.974811077 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.978499889 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.988651991 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.992690086 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:11.996710062 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:11.999617100 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.088689089 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.088828087 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.122699976 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.137614012 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.137738943 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.141798973 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.163109064 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.163186073 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.166626930 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.171634912 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.171747923 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.196770906 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.241681099 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.241755009 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.257770061 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.280780077 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.280905962 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.312726974 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.316740990 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.316849947 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.478684902 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.491632938 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.491750956 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.505001068 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.525680065 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.525772095 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.542629957 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.542665005 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.542709112 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.555732965 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.562658072 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.562741041 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.583820105 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.583878994 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.583992958 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.610594034 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.613792896 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.613920927 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.632647991 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.637991905 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.638112068 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.652704000 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.680798054 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.680960894 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.691591978 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.710690022 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.710728884 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.710844040 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.715617895 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.715687037 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.715734959 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.729587078 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.729713917 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.735755920 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.768687963 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.768781900 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.773917913 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.784729004 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.784792900 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.785953045 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.791517973 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.791649103 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.805674076 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.807971954 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.808094978 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.820615053 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.847552061 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.847692013 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.851644993 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.864664078 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.864777088 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.875657082 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.876568079 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.876703024 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.890696049 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.917743921 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.917898893 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.931793928 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.935805082 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.935921907 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.954691887 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.958662987 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.958795071 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:12.961955070 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.973828077 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:12.973982096 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.090270042 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.090707064 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.090799093 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.103852987 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.109622955 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.109704971 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.123642921 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.127593040 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.127857924 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.283752918 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.294858932 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.294971943 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.325651884 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.338660002 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.338746071 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.343643904 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.354726076 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.354835987 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.359752893 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.373084068 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.373171091 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.379837990 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.399616003 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.399724007 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.413583994 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.413608074 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.413676977 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.433866978 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.433907032 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.434048891 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.445769072 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.456106901 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.456134081 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.456199884 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.481019020 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.481112957 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.491758108 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.540715933 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.541639090 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.571610928 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.576576948 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.576661110 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.588797092 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.602708101 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.602799892 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.606673956 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.615675926 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.615760088 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.657303095 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.657329082 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.657437086 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.673166037 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.682965040 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.683113098 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.697312117 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.720880985 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.721014023 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.745939016 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.759016037 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.759133101 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.759160042 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.771719933 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.771888018 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.773698092 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.807638884 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.807715893 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.811821938 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.813612938 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.813682079 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.819772959 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.830723047 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.830801010 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.837641001 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.850955009 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.851111889 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.904652119 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.905010939 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.905113935 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.916804075 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.916851997 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.916985989 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.922853947 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.932256937 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.932432890 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.974764109 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.981705904 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.981798887 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:13.985629082 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.997589111 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:13.997775078 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:14.003582001 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.007739067 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.007899046 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:14.017694950 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.040873051 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.041038036 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:14.053625107 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.059063911 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.059257030 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:14.064678907 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.070688963 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.070852995 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:14.076594114 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.093620062 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.093652010 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.093820095 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:14.103110075 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.103267908 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:14.107352018 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.131546021 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.131664038 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:14.133881092 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.138600111 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.138708115 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:14.155576944 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.161971092 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.162070036 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:14.169728994 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.173657894 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.173803091 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:14.265741110 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.266835928 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:14.266952991 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:14.899512053 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:15.112088919 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:15.218045950 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:15.759660959 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:15.759782076 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:16.096093893 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:16.096241951 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:16.582626104 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:16.582720041 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:16.865730047 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:16.868232012 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:17.353594065 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:17.358441114 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:17.825570107 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:17.826158047 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:18.641361952 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:19.892663002 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:20.112103939 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:21.461183071 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:21.925512075 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:23.120809078 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:23.221704960 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:24.887510061 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:25.112499952 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:26.457568884 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:26.931703091 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:29.887470007 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:30.114451885 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:31.174500942 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:31.238009930 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:31.768466949 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:32.241482973 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:34.887865067 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:35.113310099 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:37.676609993 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:38.133563995 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:39.289515972 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:39.426191092 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:39.885560989 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:39.926248074 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:43.676994085 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:44.133172989 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:44.881907940 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:44.926567078 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:46.371431112 CEST | 80 | 49680 | 93.184.220.29 | 192.168.2.7 |
May 12, 2021 16:38:46.375610113 CEST | 49680 | 80 | 192.168.2.7 | 93.184.220.29 |
May 12, 2021 16:38:46.600255966 CEST | 80 | 49681 | 93.184.220.29 | 192.168.2.7 |
May 12, 2021 16:38:46.600369930 CEST | 49681 | 80 | 192.168.2.7 | 93.184.220.29 |
May 12, 2021 16:38:47.415544987 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:47.614342928 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:49.693450928 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:49.889486074 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:50.114552021 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:50.145490885 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:54.885474920 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:54.927406073 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:55.514658928 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:55.568082094 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:55.678380966 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:38:56.139796019 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:59.885540962 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:38:59.927906990 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:01.701428890 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:02.196454048 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:03.643691063 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:03.772361994 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:04.885782003 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:04.928244114 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:06.772947073 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:07.236229897 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:09.885519028 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:09.944257021 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:11.739381075 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:11.788131952 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:11.804467916 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:12.285423994 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:14.885327101 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:14.928997040 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:16.960710049 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:17.413247108 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:19.851270914 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:19.898145914 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:20.151813030 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:20.195105076 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:22.870280981 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:23.339566946 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:24.885313988 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:24.929783106 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:27.967246056 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:28.023785114 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:28.888118982 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:29.345407009 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:29.895376921 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:29.945848942 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:34.884068012 CEST | 49680 | 80 | 192.168.2.7 | 93.184.220.29 |
May 12, 2021 16:39:34.884202957 CEST | 49677 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:39:34.895396948 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:34.919384956 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:34.924813986 CEST | 80 | 49680 | 93.184.220.29 | 192.168.2.7 |
May 12, 2021 16:39:34.924958944 CEST | 49680 | 80 | 192.168.2.7 | 93.184.220.29 |
May 12, 2021 16:39:34.931226969 CEST | 443 | 49677 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:39:34.933553934 CEST | 49677 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:39:34.961900949 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:35.355298996 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:35.759865999 CEST | 49683 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:39:35.759968996 CEST | 49686 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:39:35.806931973 CEST | 443 | 49683 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:39:35.807039976 CEST | 49683 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:39:35.813493013 CEST | 443 | 49686 | 20.190.160.8 | 192.168.2.7 |
May 12, 2021 16:39:35.813740015 CEST | 49686 | 443 | 192.168.2.7 | 20.190.160.8 |
May 12, 2021 16:39:36.066642046 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:36.118362904 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:39.869149923 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:39.891330004 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:39.946768999 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:40.359427929 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:44.205333948 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:44.259659052 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:44.893661976 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:44.947021961 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:45.885221958 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:46.357187986 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:48.039977074 CEST | 80 | 49681 | 93.184.220.29 | 192.168.2.7 |
May 12, 2021 16:39:48.040072918 CEST | 49681 | 80 | 192.168.2.7 | 93.184.220.29 |
May 12, 2021 16:39:49.891261101 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:49.931780100 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:50.962851048 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:51.420116901 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:52.309222937 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:52.353910923 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:54.891500950 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:54.932302952 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:56.276943922 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:39:56.756548882 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:59.899682999 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:39:59.948277950 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:40:00.413475990 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:40:00.463999033 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:40:00.464238882 CEST | 80 | 49681 | 93.184.220.29 | 192.168.2.7 |
May 12, 2021 16:40:00.464397907 CEST | 49681 | 80 | 192.168.2.7 | 93.184.220.29 |
May 12, 2021 16:40:01.277403116 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:40:01.753525019 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:40:04.888725042 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:40:04.933907986 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:40:06.292942047 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:40:06.756129026 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:40:08.525197983 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:40:08.574040890 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:40:09.885150909 CEST | 53795 | 49705 | 194.5.98.19 | 192.168.2.7 |
May 12, 2021 16:40:09.933422089 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
May 12, 2021 16:40:11.748584986 CEST | 49705 | 53795 | 192.168.2.7 | 194.5.98.19 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 12, 2021 16:37:50.136571884 CEST | 57820 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:37:50.197191000 CEST | 53 | 57820 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:37:50.305509090 CEST | 50848 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:37:50.364871979 CEST | 53 | 50848 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:37:50.436470032 CEST | 61242 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:37:50.496620893 CEST | 53 | 61242 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:37:51.380249977 CEST | 58562 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:37:51.430921078 CEST | 53 | 58562 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:37:52.520164967 CEST | 56590 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:37:52.578984022 CEST | 53 | 56590 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:37:53.069900036 CEST | 60501 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:37:53.121454954 CEST | 53 | 60501 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:37:55.749366999 CEST | 53775 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:37:55.802941084 CEST | 53 | 53775 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:37:56.546875954 CEST | 51837 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:37:56.598454952 CEST | 53 | 51837 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:37:57.524034977 CEST | 55411 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:37:57.572818995 CEST | 53 | 55411 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:37:59.112962961 CEST | 63668 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:37:59.161858082 CEST | 53 | 63668 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:00.298413992 CEST | 54640 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:00.347196102 CEST | 53 | 54640 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:01.534859896 CEST | 58739 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:01.586709976 CEST | 53 | 58739 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:02.570036888 CEST | 60338 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:02.620176077 CEST | 53 | 60338 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:03.501022100 CEST | 58717 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:03.550889015 CEST | 53 | 58717 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:04.529175997 CEST | 59762 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:04.580795050 CEST | 53 | 59762 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:05.407155037 CEST | 54329 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:05.456099987 CEST | 53 | 54329 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:06.186273098 CEST | 58052 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:06.237843037 CEST | 53 | 58052 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:07.044519901 CEST | 54008 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:07.093291998 CEST | 53 | 54008 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:07.847956896 CEST | 59451 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:07.896676064 CEST | 53 | 59451 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:08.874038935 CEST | 52914 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:08.923909903 CEST | 53 | 52914 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:09.832998991 CEST | 64569 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:09.881685972 CEST | 53 | 64569 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:10.754215002 CEST | 52816 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:10.803047895 CEST | 53 | 52816 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:13.429421902 CEST | 50781 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:13.478338003 CEST | 53 | 50781 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:15.326056004 CEST | 54230 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:15.375394106 CEST | 53 | 54230 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:15.911966085 CEST | 54911 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:15.971407890 CEST | 53 | 54911 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:34.968208075 CEST | 49958 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:35.025798082 CEST | 53 | 49958 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:46.392949104 CEST | 50860 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:46.450272083 CEST | 53 | 50860 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:38:46.549272060 CEST | 50452 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:38:46.606832027 CEST | 53 | 50452 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:01.538760900 CEST | 59730 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:01.595906973 CEST | 53 | 59730 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:02.271943092 CEST | 59310 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:02.332194090 CEST | 53 | 59310 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:02.778215885 CEST | 51919 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:02.851145029 CEST | 53 | 51919 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:02.960926056 CEST | 64296 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:03.020271063 CEST | 53 | 64296 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:03.496707916 CEST | 56680 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:03.546567917 CEST | 53 | 56680 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:04.136363029 CEST | 58820 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:04.196341991 CEST | 53 | 58820 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:05.036043882 CEST | 60983 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:05.084620953 CEST | 53 | 60983 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:05.593821049 CEST | 49247 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:05.642579079 CEST | 53 | 49247 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:06.537549973 CEST | 52286 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:06.597774029 CEST | 53 | 52286 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:07.591264963 CEST | 56064 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:07.644853115 CEST | 53 | 56064 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:08.113748074 CEST | 63744 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:08.174438953 CEST | 53 | 63744 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:19.232753038 CEST | 61457 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:19.293617964 CEST | 53 | 61457 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:47.435106039 CEST | 58367 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:47.515708923 CEST | 53 | 58367 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 16:39:48.874694109 CEST | 60599 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 16:39:48.931833029 CEST | 53 | 60599 | 8.8.8.8 | 192.168.2.7 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 16:37:56 |
Start date: | 12/05/2021 |
Path: | C:\Users\user\Desktop\QuotationOrder.pdf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf20000 |
File size: | 850944 bytes |
MD5 hash: | 14E431BCB3FDB77CD13912A5CBEF9E40 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 16:38:00 |
Start date: | 12/05/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xef0000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:38:00 |
Start date: | 12/05/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff774ee0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:38:01 |
Start date: | 12/05/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd20000 |
File size: | 261728 bytes |
MD5 hash: | D621FD77BD585874F9686D3A76462EF1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | moderate |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 0588DAB0, Relevance: 4.6, Strings: 3, Instructions: 895COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03267717, Relevance: 2.7, Strings: 2, Instructions: 245COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032641C2, Relevance: 2.7, Strings: 2, Instructions: 153COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032641D0, Relevance: 2.7, Strings: 2, Instructions: 152COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03263E28, Relevance: 1.4, Strings: 1, Instructions: 111COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03263E18, Relevance: 1.4, Strings: 1, Instructions: 110COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03264908, Relevance: .3, Instructions: 309COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03264918, Relevance: .3, Instructions: 305COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03265E78, Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03265E68, Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03264FC0, Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03264FD0, Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032660CD, Relevance: .2, Instructions: 166COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03266134, Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0181BBB8, Relevance: 1.7, APIs: 1, Instructions: 202COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0181DC6D, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0181DC78, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01816D49, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01816DB8, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03262A50, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03262A58, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01816DC0, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032628A1, Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032628A8, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03262720, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03262718, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0181BDA8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032681B8, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0181DEC0, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0181DEB9, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017AD4D8, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017BD01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017AD4D3, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017BD017, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017AD749, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017AD748, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 03267843, Relevance: 2.6, Strings: 2, Instructions: 125COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03265A70, Relevance: 1.5, Strings: 1, Instructions: 222COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03265A61, Relevance: 1.5, Strings: 1, Instructions: 212COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0588B760, Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 018199D8, Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0588B770, Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03260006, Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03260040, Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03263C50, Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |