Windows Analysis Report wm4J5m8pIK.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: NanoCore |
---|
{"Version": "1.2.2.0", "Mutex": "6a1c2465-7ac5-4f1d-acc5-ef04fcf4", "Group": "Default", "Domain1": "hhjhtggfr.duckdns.org", "Domain2": "dertrefg.duckdns.org", "Port": 8234, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "hhjhtggfr.duckdns.org"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Click to see the 5 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Click to see the 14 entries |
Sigma Overview |
---|
AV Detection: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
E-Banking Fraud: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Stealing of Sensitive Information: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Remote Access Functionality: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for dropped file | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: |
Uses dynamic DNS services | Show sources |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | DNS traffic detected: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 20_2_02E0E480 | |
Source: | Code function: | 20_2_02E0E471 | |
Source: | Code function: | 20_2_02E0BBD4 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 19_2_003A4626 | |
Source: | Code function: | 20_2_00824626 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
.NET source code references suspicious native API functions | Show sources |
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Detected Nanocore Rat | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation1 | Path Interception | Process Injection11 | Masquerading2 | Input Capture11 | Query Registry1 | Remote Services | Input Capture11 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | Security Software Discovery11 | Remote Desktop Protocol | Archive Collected Data11 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion21 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Remote Access Software1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection11 | NTDS | Virtualization/Sandbox Evasion21 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Deobfuscate/Decode Files or Information1 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol21 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Hidden Files and Directories1 | Cached Domain Credentials | System Information Discovery12 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Obfuscated Files or Information2 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Software Packing13 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
18% | Virustotal | Browse |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
9% | Virustotal | Browse |
URLs |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
hhjhtggfr.duckdns.org | 203.159.80.186 | true | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 457788 |
Start date: | 02.08.2021 |
Start time: | 10:02:56 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | wm4J5m8pIK.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 27 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@8/8@17/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
10:04:09 | API Interceptor | |
10:04:15 | Autostart | |
10:04:53 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
203.159.80.186 | Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
hhjhtggfr.duckdns.org | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
LOVESERVERSGB | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\wm4J5m8pIK.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1378816 |
Entropy (8bit): | 7.548476087877472 |
Encrypted: | false |
SSDEEP: | 24576:26IBQ76DOifx8Dgyfx8Dgz06TbTZpq72pMNaDuDHQUl3uwDZzGL:OQ76f58Dgy58Dgz06n1pfWNdlJZa |
MD5: | 8FA8F52DFC55D341300EFF8E4C44BA33 |
SHA1: | 4FBDB8C39BBC48B159E1F795A2222D51077FDBE9 |
SHA-256: | 2C7DA7FF43C90AE620FD5135C2ED34C7E644A9A1098BFB69F1DC6B8AB6410C9A |
SHA-512: | A29B2B8FCDE4EF5917E6AAD29C547D2FCEF3E452B3ED502788BD5BF7CB2E107C46A12783EBBE8EB4AA896C56DFD3FD37C994B67EB5C8F5C9C32FBA75FE486205 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\wm4J5m8pIK.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1216 |
Entropy (8bit): | 5.355304211458859 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr |
MD5: | FED34146BF2F2FA59DCF8702FCC8232E |
SHA1: | B03BFEA175989D989850CF06FE5E7BBF56EAA00A |
SHA-256: | 123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C |
SHA-512: | 1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\wm4J5m8pIK.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1216 |
Entropy (8bit): | 5.355304211458859 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr |
MD5: | FED34146BF2F2FA59DCF8702FCC8232E |
SHA1: | B03BFEA175989D989850CF06FE5E7BBF56EAA00A |
SHA-256: | 123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C |
SHA-512: | 1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\wm4J5m8pIK.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1856 |
Entropy (8bit): | 7.024371743172393 |
Encrypted: | false |
SSDEEP: | 48:Ik/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrw8:flC0IlC0IlC0IlC0IlC0IlC0IlC0IlCr |
MD5: | 838CD9DBC78EA45A5406EAE23962086D |
SHA1: | C8273AACDEE03AC0CDCDDBAA83F51D04D6A4203C |
SHA-256: | 6E11A62511C5BBC0413128305069B780C448684B54FAA3E8DD0B4FD3DB8C9867 |
SHA-512: | F7D25EF1FA6F50667DD6785CC774E0AA6BC52A2231FE96E7C59D14EFDFDDA076F6399288CF6EAC8EFA8A75727893432AA155DA0E392F8CD1F26C5C5871EAC6B5 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\wm4J5m8pIK.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 2.75 |
Encrypted: | false |
SSDEEP: | 3:TF8t:m |
MD5: | E8983D699E232A5B7C1FA96E107D27D4 |
SHA1: | 79C8F3A4338622B7D46DFC878AB52B7AF814D850 |
SHA-256: | B1024BBCD30F38AB928B05E37771A0F4D2CFA740D301043F787C4C0A99E5F7E5 |
SHA-512: | 68485EFF1C0BDAE02C2F5DC10B18E3AEBA8271C13D2E82E81B5615BD29343CBB1BAB7F4B4E669F94A7FCF6A38D0178E1155D75DC615B560E64148270271A0423 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\wm4J5m8pIK.exe |
File Type: | |
Category: | modified |
Size (bytes): | 40 |
Entropy (8bit): | 5.153055907333276 |
Encrypted: | false |
SSDEEP: | 3:9bzY6oRDT6P2bfVn1:RzWDT621 |
MD5: | 4E5E92E2369688041CC82EF9650EDED2 |
SHA1: | 15E44F2F3194EE232B44E9684163B6F66472C862 |
SHA-256: | F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48 |
SHA-512: | 1B368018907A3BC30421FDA2C935B39DC9073B9B1248881E70AD48EDB6CAA256070C1A90B97B0F64BBE61E316DBB8D5B2EC8DBABCD0B0B2999AB50B933671ECB |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\wm4J5m8pIK.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 327432 |
Entropy (8bit): | 7.99938831605763 |
Encrypted: | true |
SSDEEP: | 6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm |
MD5: | 7E8F4A764B981D5B82D1CC49D341E9C6 |
SHA1: | D9F0685A028FB219E1A6286AEFB7D6FCFC778B85 |
SHA-256: | 0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480 |
SHA-512: | 880E46504FCFB4B15B86B9D8087BA88E6C4950E433616EBB637799F42B081ABF6F07508943ECB1F786B2A89E751F5AE62D750BDCFFDDF535D600CF66EC44E926 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.548476087877472 |
TrID: |
|
File name: | wm4J5m8pIK.exe |
File size: | 1378816 |
MD5: | 8fa8f52dfc55d341300eff8e4c44ba33 |
SHA1: | 4fbdb8c39bbc48b159e1f795a2222d51077fdbe9 |
SHA256: | 2c7da7ff43c90ae620fd5135c2ed34c7e644a9a1098bfb69f1dc6b8ab6410c9a |
SHA512: | a29b2b8fcde4ef5917e6aad29c547d2fcef3e452b3ed502788bd5bf7cb2e107c46a12783ebbe8eb4aa896c56dfd3fd37c994b67eb5c8f5c9c32fba75fe486205 |
SSDEEP: | 24576:26IBQ76DOifx8Dgyfx8Dgz06TbTZpq72pMNaDuDHQUl3uwDZzGL:OQ76f58Dgy58Dgz06n1pfWNdlJZa |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1..a..............P..............L... ...`....@.. .......................`............@................................ |
File Icon |
---|
Icon Hash: | b07968fcd4ec7090 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x544c06 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x61079B31 [Mon Aug 2 07:13:53 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x144bb4 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x146000 | 0xd620 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x154000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x142c0c | 0x142e00 | False | 0.72027136566 | data | 7.57991184815 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x146000 | 0xd620 | 0xd800 | False | 0.708405671296 | data | 6.5968021119 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x154000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x146200 | 0x2e8 | data | ||
RT_ICON | 0x1464f8 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x146630 | 0xea8 | data | ||
RT_ICON | 0x1474e8 | 0x8a8 | data | ||
RT_ICON | 0x147da0 | 0x568 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x148318 | 0x7228 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x14f550 | 0x25a8 | data | ||
RT_ICON | 0x151b08 | 0x10a8 | data | ||
RT_ICON | 0x152bc0 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x153038 | 0x84 | data | ||
RT_VERSION | 0x1530cc | 0x354 | data | ||
RT_MANIFEST | 0x153430 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright Casper College 2009 |
Assembly Version | 1.0.0.0 |
InternalName | SHA2.exe |
FileVersion | 1.0.0.0 |
CompanyName | Casper College |
LegalTrademarks | |
Comments | |
ProductName | pacman2008_01 |
ProductVersion | 1.0.0.0 |
FileDescription | pacman2008_01 |
OriginalFilename | SHA2.exe |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
08/02/21-10:04:14.771126 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:04:24.339627 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49714 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:04:29.237612 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49715 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:04:34.009201 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:04:46.937776 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49720 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:04:52.000559 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:04:59.132078 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49725 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:05:07.264035 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49726 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:05:12.208710 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:05:18.473782 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:05:27.044328 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49729 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:05:32.296396 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49733 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:05:36.939239 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:05:42.049631 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49735 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:05:48.052361 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
08/02/21-10:05:54.013288 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49737 | 8234 | 192.168.2.5 | 203.159.80.186 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 2, 2021 10:04:14.677799940 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:14.707200050 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:14.708043098 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:14.771126032 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:14.817156076 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:14.829607964 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:14.858860016 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:14.878441095 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:14.962662935 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.010819912 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.010889053 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.010931969 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.010972023 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.011039972 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.040220022 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.040280104 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.040319920 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.040359020 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.040396929 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.040425062 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.040445089 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.040467024 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.040489912 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.040491104 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.040529966 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.043745995 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.069274902 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.069331884 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.069370031 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.069408894 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.069446087 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.069483995 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.069508076 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.069525003 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.069564104 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.069576979 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.069607019 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.069612980 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.069657087 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.069695950 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.069710016 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.069735050 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.072321892 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.072369099 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.072407007 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.072446108 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.072458982 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.072532892 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.098803997 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.098862886 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.098915100 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.098958969 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.098963976 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.098995924 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099036932 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099062920 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.099076033 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099129915 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.099133968 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099199057 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099237919 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099272966 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.099273920 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099294901 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.099323034 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099364996 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099402905 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099416971 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.099442959 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099464893 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.099483013 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099519968 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099559069 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099570036 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.099597931 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.099607944 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.099653959 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.100158930 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.103069067 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.103136063 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.103190899 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.103236914 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.103239059 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.103281975 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.103286982 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.103319883 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.103358984 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.103398085 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.103411913 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.103435040 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.103445053 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.103475094 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.103513002 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.103565931 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.103568077 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.103611946 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.130489111 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130521059 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130542040 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130561113 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130578995 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130597115 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130614042 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130630970 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130649090 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130655050 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.130664110 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130683899 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130701065 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130716085 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130731106 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.130733013 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130752087 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130759001 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.130768061 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130784988 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130786896 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.130800962 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130820990 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130831003 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.130839109 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130855083 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130872011 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.130872011 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130886078 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130904913 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130906105 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.130923033 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130935907 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.130939007 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130956888 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130973101 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.130980968 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.130989075 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.131006002 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.131006956 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.131021976 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.131027937 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.131042004 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.131051064 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.131059885 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.131077051 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.131084919 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.131093025 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.131108999 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.131127119 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.131170988 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.134856939 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.134885073 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.134902000 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.134919882 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.134937048 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.134967089 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.135004997 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.135015965 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.135032892 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.135061026 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.135087967 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.135104895 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.135127068 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.135134935 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.135152102 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.135169029 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.135186911 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.135211945 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.161442041 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161480904 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161493063 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161505938 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161524057 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161540031 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161556959 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161572933 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161588907 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161604881 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161617041 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.161629915 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161648989 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161664963 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161674976 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.161684036 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161700964 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161715984 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161732912 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161735058 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.161751032 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161767006 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161783934 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161787987 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.161797047 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161811113 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161818027 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.161823988 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161835909 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.161837101 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161853075 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161871910 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.161871910 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161890984 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161895990 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.161906004 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161916971 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.161922932 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161938906 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161952972 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.161953926 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161969900 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161986113 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.161992073 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.162004948 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.162023067 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.162039995 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.162076950 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.162086010 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.165424109 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.165456057 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.165472984 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.165488005 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.165503979 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.165519953 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.165539980 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.165558100 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.165572882 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.165577888 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.165590048 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.165606022 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.165621996 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.165642023 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.165673018 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.193239927 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193270922 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193288088 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193304062 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193320036 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193340063 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193357944 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193373919 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193389893 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193409920 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193427086 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193439960 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193455935 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193469048 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193485022 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193491936 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.193505049 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193522930 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193535089 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.193541050 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193557024 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193573952 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193574905 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.193591118 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193607092 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193608999 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.193624020 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193635941 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.193644047 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193661928 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193672895 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.193677902 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193697929 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193715096 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193717957 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.193732023 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193747044 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193753958 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.193767071 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193783045 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193789005 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.193799973 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193815947 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193835974 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193852901 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.193866968 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.193922043 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.195652008 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.195682049 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.195698023 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.195718050 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.195735931 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.195751905 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.195769072 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.195785046 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.195801020 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.195804119 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.195817947 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.195835114 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.195843935 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.195854902 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.195874929 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.195921898 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.224246979 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224282980 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224296093 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224308968 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224328041 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224344969 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224361897 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224378109 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224399090 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224411964 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224425077 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224442005 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224455118 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224473000 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224486113 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224504948 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224520922 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224523067 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.224536896 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224553108 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224570990 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224589109 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224600077 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.224606037 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224623919 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224643946 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224658966 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.224661112 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224674940 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224678993 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.224693060 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224709034 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.224711895 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224730015 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224731922 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.224747896 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224769115 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224782944 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.224787951 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224806070 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224819899 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224828005 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.224837065 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224852085 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.224858046 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224879026 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224883080 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.224893093 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224910975 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224912882 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.224929094 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224948883 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224966049 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.224967957 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.224984884 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225003004 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225017071 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.225018978 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225035906 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225045919 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.225052118 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225070953 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225075006 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.225090981 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225110054 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225126982 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225143909 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225159883 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225162029 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.225177050 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225193977 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225209951 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225214005 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.225230932 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225248098 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.225249052 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225265980 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225281000 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.225284100 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225301981 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225315094 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.225318909 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225337029 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225347996 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.225354910 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:15.225378990 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.225406885 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:15.981106043 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:16.075891018 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:16.765758991 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:16.868922949 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:16.916002035 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:16.994898081 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:17.278908014 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:17.358207941 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:17.390499115 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:17.499490976 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:17.539453030 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:17.550297022 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:17.579629898 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:17.579755068 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:17.610424995 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:17.702610970 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:17.966125011 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:18.057049990 CEST | 8234 | 49713 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:18.209173918 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:18.212279081 CEST | 49713 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:24.309801102 CEST | 49714 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:24.338541985 CEST | 8234 | 49714 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:24.338737011 CEST | 49714 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:24.339627028 CEST | 49714 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:24.376122952 CEST | 8234 | 49714 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:24.500463009 CEST | 49714 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:24.528970957 CEST | 8234 | 49714 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:24.538469076 CEST | 49714 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:24.569215059 CEST | 8234 | 49714 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:24.639707088 CEST | 49714 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:29.029479027 CEST | 49715 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:29.061520100 CEST | 8234 | 49715 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:29.061709881 CEST | 49715 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:29.237612009 CEST | 49715 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:29.292576075 CEST | 8234 | 49715 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:29.391218901 CEST | 49715 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:29.422538042 CEST | 8234 | 49715 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:29.423022985 CEST | 49715 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:29.458734989 CEST | 8234 | 49715 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:29.500523090 CEST | 49715 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:29.531145096 CEST | 49715 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:29.618846893 CEST | 8234 | 49715 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:29.627044916 CEST | 49715 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:33.832998991 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:33.862891912 CEST | 8234 | 49717 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:33.863013029 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:34.009201050 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:34.065016031 CEST | 8234 | 49717 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:34.110312939 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:34.133290052 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:34.163106918 CEST | 8234 | 49717 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:34.204065084 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:34.350892067 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:34.431324005 CEST | 8234 | 49717 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:34.637032986 CEST | 8234 | 49717 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:34.688458920 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:34.717504978 CEST | 8234 | 49717 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:34.733406067 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:34.823466063 CEST | 8234 | 49717 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:34.823761940 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:34.865492105 CEST | 8234 | 49717 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:34.907248020 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:34.937433958 CEST | 8234 | 49717 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:34.987420082 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:35.767796040 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:35.853363037 CEST | 8234 | 49717 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:36.767606020 CEST | 49717 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:41.369059086 CEST | 49718 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:41.399440050 CEST | 8234 | 49718 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:41.399605989 CEST | 49718 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:42.641360044 CEST | 49718 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:42.674693108 CEST | 8234 | 49718 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:46.906338930 CEST | 49720 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:46.936733007 CEST | 8234 | 49720 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:46.936897993 CEST | 49720 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:46.937776089 CEST | 49720 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:47.001480103 CEST | 8234 | 49720 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:47.048955917 CEST | 49720 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:47.079061031 CEST | 8234 | 49720 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:47.109477997 CEST | 49720 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:47.144336939 CEST | 8234 | 49720 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:47.146275997 CEST | 49720 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:47.230397940 CEST | 8234 | 49720 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:47.471888065 CEST | 8234 | 49720 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:47.475508928 CEST | 49720 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:47.518882990 CEST | 8234 | 49720 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:47.564614058 CEST | 49720 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:47.593291044 CEST | 8234 | 49720 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:47.597026110 CEST | 49720 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:47.645651102 CEST | 8234 | 49720 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:47.645776987 CEST | 49720 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:47.675998926 CEST | 8234 | 49720 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:47.676337004 CEST | 49720 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:47.676363945 CEST | 49720 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:51.971096992 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:51.999974966 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:52.000094891 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:52.000559092 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:52.087611914 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:52.102283955 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:52.102691889 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:52.132906914 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:52.134217024 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:52.228282928 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:52.388647079 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:52.423785925 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:52.452476025 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:52.502497911 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:52.652256012 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:52.705806017 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:52.734656096 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:52.735184908 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:52.764641047 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:52.765039921 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:52.795691967 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:52.847166061 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:52.974893093 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:53.074217081 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:53.074404001 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:53.168041945 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:53.830363035 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:53.915982008 CEST | 8234 | 49723 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:54.769251108 CEST | 49723 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:59.101320028 CEST | 49725 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:59.129601955 CEST | 8234 | 49725 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:59.131618977 CEST | 49725 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:59.132077932 CEST | 49725 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:59.195318937 CEST | 8234 | 49725 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:59.195960045 CEST | 49725 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:59.226622105 CEST | 8234 | 49725 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:59.269058943 CEST | 49725 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:59.353188038 CEST | 8234 | 49725 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:59.780096054 CEST | 8234 | 49725 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:59.888453007 CEST | 49725 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:04:59.918872118 CEST | 8234 | 49725 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:04:59.919023991 CEST | 49725 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:00.006222963 CEST | 8234 | 49725 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:00.006311893 CEST | 49725 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:00.041920900 CEST | 8234 | 49725 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:00.125526905 CEST | 49725 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:00.153863907 CEST | 8234 | 49725 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:00.289239883 CEST | 49725 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:02.189436913 CEST | 49725 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:02.278286934 CEST | 8234 | 49725 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:02.922986984 CEST | 49725 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:07.232912064 CEST | 49726 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:07.262608051 CEST | 8234 | 49726 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:07.263041973 CEST | 49726 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:07.264034986 CEST | 49726 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:07.293256998 CEST | 8234 | 49726 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:07.357517958 CEST | 49726 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:07.387293100 CEST | 8234 | 49726 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:07.404175043 CEST | 49726 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:07.440243959 CEST | 8234 | 49726 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:07.450375080 CEST | 49726 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:07.526880026 CEST | 8234 | 49726 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:07.755609035 CEST | 8234 | 49726 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:07.771800995 CEST | 49726 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:07.801719904 CEST | 8234 | 49726 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:07.847524881 CEST | 49726 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:07.887597084 CEST | 8234 | 49726 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:07.941332102 CEST | 49726 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:07.970175982 CEST | 8234 | 49726 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:07.983778954 CEST | 49726 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:08.012291908 CEST | 8234 | 49726 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:08.037704945 CEST | 49726 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:08.071084976 CEST | 8234 | 49726 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:08.100308895 CEST | 49726 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:12.178978920 CEST | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:12.207714081 CEST | 8234 | 49727 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:12.207845926 CEST | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:12.208709955 CEST | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:12.264024019 CEST | 8234 | 49727 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:12.264400959 CEST | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:12.293603897 CEST | 8234 | 49727 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:12.310204029 CEST | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:12.384586096 CEST | 8234 | 49727 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:12.560311079 CEST | 8234 | 49727 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:12.563231945 CEST | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:12.592845917 CEST | 8234 | 49727 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:12.645293951 CEST | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:12.698734045 CEST | 8234 | 49727 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:12.745760918 CEST | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:12.775886059 CEST | 8234 | 49727 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:12.777487040 CEST | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:12.813709974 CEST | 8234 | 49727 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:12.813862085 CEST | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:12.844924927 CEST | 8234 | 49727 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:12.900001049 CEST | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:13.129883051 CEST | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:13.212682962 CEST | 8234 | 49727 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:14.152116060 CEST | 49727 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:18.443411112 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:18.472343922 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:18.472455025 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:18.473782063 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:18.522910118 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:18.523156881 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:18.552512884 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:18.558075905 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:18.634970903 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:18.855859041 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:18.895375967 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:18.932188034 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:18.973542929 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:19.012027979 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:19.067300081 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:19.087865114 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:19.097403049 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:19.145422935 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:19.165957928 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:19.166099072 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:19.197926998 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:19.239269018 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:19.274373055 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:19.288732052 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:19.369157076 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:20.201179028 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:20.255232096 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:20.980185986 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:21.072056055 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:21.927366972 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:22.009802103 CEST | 8234 | 49728 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:22.927666903 CEST | 49728 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:27.009016991 CEST | 49729 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:27.042931080 CEST | 8234 | 49729 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:27.043195963 CEST | 49729 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:27.044327974 CEST | 49729 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:27.077785015 CEST | 8234 | 49729 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:27.130511999 CEST | 49729 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:27.159272909 CEST | 8234 | 49729 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:27.171907902 CEST | 49729 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:27.201466084 CEST | 8234 | 49729 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:27.234016895 CEST | 49729 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:27.322192907 CEST | 8234 | 49729 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:27.512470961 CEST | 8234 | 49729 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:27.542074919 CEST | 49729 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:27.571261883 CEST | 8234 | 49729 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:27.572551012 CEST | 49729 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:27.650244951 CEST | 8234 | 49729 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:27.650320053 CEST | 49729 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:27.668241024 CEST | 8234 | 49729 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:27.708631039 CEST | 49729 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:27.738518953 CEST | 8234 | 49729 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:27.786762953 CEST | 49729 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:27.945509911 CEST | 49729 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:32.222626925 CEST | 49733 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:32.251235962 CEST | 8234 | 49733 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:32.251347065 CEST | 49733 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:32.296396017 CEST | 49733 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:32.355654001 CEST | 8234 | 49733 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:32.356054068 CEST | 49733 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:32.384423018 CEST | 8234 | 49733 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:32.428102016 CEST | 49733 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:32.456558943 CEST | 8234 | 49733 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:32.458614111 CEST | 49733 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:32.542578936 CEST | 8234 | 49733 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:32.655852079 CEST | 8234 | 49733 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:32.671869993 CEST | 49733 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:32.727711916 CEST | 8234 | 49733 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:32.771707058 CEST | 49733 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:32.788230896 CEST | 49733 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:36.899385929 CEST | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:36.938563108 CEST | 8234 | 49734 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:36.938703060 CEST | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:36.939239025 CEST | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:36.978092909 CEST | 8234 | 49734 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:37.021962881 CEST | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:37.054629087 CEST | 8234 | 49734 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:37.054955006 CEST | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:37.084080935 CEST | 8234 | 49734 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:37.086059093 CEST | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:37.166311026 CEST | 8234 | 49734 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:37.653145075 CEST | 8234 | 49734 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:37.655499935 CEST | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:37.684714079 CEST | 8234 | 49734 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:37.687083006 CEST | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:37.716984034 CEST | 8234 | 49734 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:37.717067957 CEST | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:37.771261930 CEST | 8234 | 49734 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:37.818898916 CEST | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:37.844820023 CEST | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:37.928884029 CEST | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:37.933011055 CEST | 8234 | 49734 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:37.933254957 CEST | 49734 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:42.015893936 CEST | 49735 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:42.048616886 CEST | 8234 | 49735 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:42.048871994 CEST | 49735 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:42.049631119 CEST | 49735 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:42.095436096 CEST | 8234 | 49735 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:42.106558084 CEST | 49735 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:42.135663033 CEST | 8234 | 49735 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:42.139437914 CEST | 49735 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:42.212677002 CEST | 8234 | 49735 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:42.444686890 CEST | 8234 | 49735 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:42.445686102 CEST | 49735 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:42.474739075 CEST | 8234 | 49735 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:42.522576094 CEST | 49735 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:42.550798893 CEST | 8234 | 49735 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:42.551350117 CEST | 49735 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:42.584923029 CEST | 8234 | 49735 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:42.587542057 CEST | 49735 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:42.616996050 CEST | 8234 | 49735 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:42.617542028 CEST | 49735 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:42.712574959 CEST | 8234 | 49735 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:42.929543972 CEST | 49735 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:43.118664980 CEST | 8234 | 49735 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:43.949887991 CEST | 49735 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:48.020539999 CEST | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:48.051482916 CEST | 8234 | 49736 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:48.051593065 CEST | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:48.052361012 CEST | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:48.102646112 CEST | 8234 | 49736 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:48.113589048 CEST | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:48.143724918 CEST | 8234 | 49736 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:48.145339966 CEST | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:48.228949070 CEST | 8234 | 49736 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:48.418983936 CEST | 8234 | 49736 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:48.421025991 CEST | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:48.449558973 CEST | 8234 | 49736 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:48.491933107 CEST | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:48.599641085 CEST | 8234 | 49736 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:48.634227037 CEST | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:48.728773117 CEST | 8234 | 49736 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:48.821278095 CEST | 8234 | 49736 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:48.821985006 CEST | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:48.900197983 CEST | 8234 | 49736 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:48.900350094 CEST | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:48.939846039 CEST | 8234 | 49736 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:48.940371990 CEST | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:48.983288050 CEST | 8234 | 49736 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:49.023081064 CEST | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:49.930919886 CEST | 49736 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:53.983831882 CEST | 49737 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:54.012654066 CEST | 8234 | 49737 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:54.013256073 CEST | 49737 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:54.013288021 CEST | 49737 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:54.213053942 CEST | 8234 | 49737 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:54.320287943 CEST | 8234 | 49737 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:54.321343899 CEST | 49737 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:54.350796938 CEST | 8234 | 49737 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:54.352025986 CEST | 49737 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:54.525289059 CEST | 8234 | 49737 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:54.580212116 CEST | 8234 | 49737 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:54.580631971 CEST | 49737 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:54.609194994 CEST | 8234 | 49737 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:54.665102959 CEST | 49737 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:54.744374037 CEST | 8234 | 49737 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:54.763035059 CEST | 49737 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:54.791444063 CEST | 8234 | 49737 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:54.791878939 CEST | 49737 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:54.821063042 CEST | 8234 | 49737 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:54.821193933 CEST | 49737 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:54.850066900 CEST | 8234 | 49737 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:54.898479939 CEST | 49737 | 8234 | 192.168.2.5 | 203.159.80.186 |
Aug 2, 2021 10:05:59.099045992 CEST | 8234 | 49737 | 203.159.80.186 | 192.168.2.5 |
Aug 2, 2021 10:05:59.148819923 CEST | 49737 | 8234 | 192.168.2.5 | 203.159.80.186 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 2, 2021 10:03:39.264986992 CEST | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:03:39.297377110 CEST | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:03:39.914453983 CEST | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:03:39.940572977 CEST | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:03:40.570497990 CEST | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:03:40.597969055 CEST | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:03:40.969286919 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:03:41.009179115 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:03:43.094080925 CEST | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:03:43.122375965 CEST | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:03:43.842588902 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:03:43.870548010 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:03:46.296399117 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:03:46.326467991 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:03:47.084573984 CEST | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:03:47.117432117 CEST | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:03:48.743884087 CEST | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:03:48.769618034 CEST | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:03:49.468190908 CEST | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:03:49.496596098 CEST | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:04.882872105 CEST | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:04.915708065 CEST | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:07.102639914 CEST | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:07.136981010 CEST | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:12.536665916 CEST | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:12.569021940 CEST | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:14.522439957 CEST | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:14.662118912 CEST | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:24.272156000 CEST | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:24.308578014 CEST | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:28.987812042 CEST | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:29.022208929 CEST | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:33.090459108 CEST | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:33.123682976 CEST | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:33.680172920 CEST | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:33.817778111 CEST | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:41.151750088 CEST | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:41.187736034 CEST | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:43.459480047 CEST | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:43.494144917 CEST | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:46.871819019 CEST | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:46.904643059 CEST | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:49.871419907 CEST | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:49.911501884 CEST | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:51.942584991 CEST | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:51.970065117 CEST | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:54.968739986 CEST | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:55.004445076 CEST | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:04:59.064100981 CEST | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:04:59.097481012 CEST | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:05:07.196168900 CEST | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:05:07.231401920 CEST | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:05:12.152043104 CEST | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:05:12.177535057 CEST | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:05:18.252171040 CEST | 59261 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:05:18.390911102 CEST | 53 | 59261 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:05:26.979337931 CEST | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:05:27.007220984 CEST | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:05:29.723864079 CEST | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:05:29.759546995 CEST | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:05:31.614351988 CEST | 60516 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:05:31.664489031 CEST | 53 | 60516 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:05:32.083272934 CEST | 51649 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:05:32.221256018 CEST | 53 | 51649 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:05:36.863857985 CEST | 65086 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:05:36.898267031 CEST | 53 | 65086 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:05:41.977792025 CEST | 56432 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:05:42.014321089 CEST | 53 | 56432 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:05:47.985821962 CEST | 52929 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:05:48.019078016 CEST | 53 | 52929 | 8.8.8.8 | 192.168.2.5 |
Aug 2, 2021 10:05:53.946765900 CEST | 64317 | 53 | 192.168.2.5 | 8.8.8.8 |
Aug 2, 2021 10:05:53.982575893 CEST | 53 | 64317 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 2, 2021 10:04:14.522439957 CEST | 192.168.2.5 | 8.8.8.8 | 0x5027 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:04:24.272156000 CEST | 192.168.2.5 | 8.8.8.8 | 0xe40b | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:04:28.987812042 CEST | 192.168.2.5 | 8.8.8.8 | 0x745d | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:04:33.680172920 CEST | 192.168.2.5 | 8.8.8.8 | 0xa0b2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:04:41.151750088 CEST | 192.168.2.5 | 8.8.8.8 | 0x167f | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:04:46.871819019 CEST | 192.168.2.5 | 8.8.8.8 | 0x74c0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:04:51.942584991 CEST | 192.168.2.5 | 8.8.8.8 | 0x92dd | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:04:59.064100981 CEST | 192.168.2.5 | 8.8.8.8 | 0x6414 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:05:07.196168900 CEST | 192.168.2.5 | 8.8.8.8 | 0x8f43 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:05:12.152043104 CEST | 192.168.2.5 | 8.8.8.8 | 0x1cca | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:05:18.252171040 CEST | 192.168.2.5 | 8.8.8.8 | 0x7699 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:05:26.979337931 CEST | 192.168.2.5 | 8.8.8.8 | 0x9fa5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:05:32.083272934 CEST | 192.168.2.5 | 8.8.8.8 | 0xf87d | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:05:36.863857985 CEST | 192.168.2.5 | 8.8.8.8 | 0xa636 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:05:41.977792025 CEST | 192.168.2.5 | 8.8.8.8 | 0xc297 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:05:47.985821962 CEST | 192.168.2.5 | 8.8.8.8 | 0x9f9f | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 2, 2021 10:05:53.946765900 CEST | 192.168.2.5 | 8.8.8.8 | 0x78f2 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 2, 2021 10:04:14.662118912 CEST | 8.8.8.8 | 192.168.2.5 | 0x5027 | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:04:24.308578014 CEST | 8.8.8.8 | 192.168.2.5 | 0xe40b | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:04:29.022208929 CEST | 8.8.8.8 | 192.168.2.5 | 0x745d | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:04:33.817778111 CEST | 8.8.8.8 | 192.168.2.5 | 0xa0b2 | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:04:41.187736034 CEST | 8.8.8.8 | 192.168.2.5 | 0x167f | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:04:46.904643059 CEST | 8.8.8.8 | 192.168.2.5 | 0x74c0 | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:04:51.970065117 CEST | 8.8.8.8 | 192.168.2.5 | 0x92dd | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:04:59.097481012 CEST | 8.8.8.8 | 192.168.2.5 | 0x6414 | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:05:07.231401920 CEST | 8.8.8.8 | 192.168.2.5 | 0x8f43 | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:05:12.177535057 CEST | 8.8.8.8 | 192.168.2.5 | 0x1cca | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:05:18.390911102 CEST | 8.8.8.8 | 192.168.2.5 | 0x7699 | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:05:27.007220984 CEST | 8.8.8.8 | 192.168.2.5 | 0x9fa5 | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:05:32.221256018 CEST | 8.8.8.8 | 192.168.2.5 | 0xf87d | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:05:36.898267031 CEST | 8.8.8.8 | 192.168.2.5 | 0xa636 | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:05:42.014321089 CEST | 8.8.8.8 | 192.168.2.5 | 0xc297 | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:05:48.019078016 CEST | 8.8.8.8 | 192.168.2.5 | 0x9f9f | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) | ||
Aug 2, 2021 10:05:53.982575893 CEST | 8.8.8.8 | 192.168.2.5 | 0x78f2 | No error (0) | 203.159.80.186 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 10:03:45 |
Start date: | 02/08/2021 |
Path: | C:\Users\user\Desktop\wm4J5m8pIK.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x660000 |
File size: | 1378816 bytes |
MD5 hash: | 8FA8F52DFC55D341300EFF8E4C44BA33 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | low |
General |
---|
Start time: | 10:04:10 |
Start date: | 02/08/2021 |
Path: | C:\Users\user\Desktop\wm4J5m8pIK.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x460000 |
File size: | 1378816 bytes |
MD5 hash: | 8FA8F52DFC55D341300EFF8E4C44BA33 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | low |
General |
---|
Start time: | 10:04:24 |
Start date: | 02/08/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa0000 |
File size: | 1378816 bytes |
MD5 hash: | 8FA8F52DFC55D341300EFF8E4C44BA33 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 10:04:54 |
Start date: | 02/08/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x3a0000 |
File size: | 1378816 bytes |
MD5 hash: | 8FA8F52DFC55D341300EFF8E4C44BA33 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 10:04:55 |
Start date: | 02/08/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x820000 |
File size: | 1378816 bytes |
MD5 hash: | 8FA8F52DFC55D341300EFF8E4C44BA33 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E0FAA0, Relevance: 1.8, APIs: 1, Instructions: 286COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E093E8, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E0FBF8, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E0BCF9, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E0BD00, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E095C8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E0FE38, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E0FE40, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 02E0E480, Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E0BBD4, Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E0E471, Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |