Windows
Analysis Report
INVOICE.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- INVOICE.exe (PID: 3004 cmdline:
"C:\Users\ user\Deskt op\INVOICE .exe" MD5: 9D58123708F80D79654D981A8B6D9924) - INVOICE.exe (PID: 3488 cmdline:
C:\Users\u ser\Deskto p\INVOICE. exe MD5: 9D58123708F80D79654D981A8B6D9924)
- cleanup
{"Version": "1.2.2.0", "Mutex": "fe56abb4-cb76-44f1-89b4-7bb11730", "Group": "Default", "Domain1": "deranano2.ddns.net", "Port": 1187, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | ||
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
MALWARE_Win_zgRAT | Detects zgRAT | ditekSHen |
| |
Click to see the 20 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen |
| |
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Click to see the 47 entries |
AV Detection |
---|
Source: | Author: Joe Security: |
E-Banking Fraud |
---|
Source: | Author: Joe Security: |
Stealing of Sensitive Information |
---|
Source: | Author: Joe Security: |
Remote Access Functionality |
---|
Source: | Author: Joe Security: |
Timestamp: | 192.168.2.5212.193.30.2044981511872816766 05/17/22-20:31:37.145576 |
SID: | 2816766 |
Source Port: | 49815 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044979411872816766 05/17/22-20:30:47.656373 |
SID: | 2816766 |
Source Port: | 49794 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 212.193.30.204192.168.2.51187498182841753 05/17/22-20:31:48.726428 |
SID: | 2841753 |
Source Port: | 1187 |
Destination Port: | 49818 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 212.193.30.204192.168.2.51187498192841753 05/17/22-20:31:53.756641 |
SID: | 2841753 |
Source Port: | 1187 |
Destination Port: | 49819 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044982211872816766 05/17/22-20:31:58.715420 |
SID: | 2816766 |
Source Port: | 49822 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044980611872816766 05/17/22-20:31:10.821016 |
SID: | 2816766 |
Source Port: | 49806 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044980311872025019 05/17/22-20:31:00.853122 |
SID: | 2025019 |
Source Port: | 49803 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044979711872025019 05/17/22-20:30:54.580308 |
SID: | 2025019 |
Source Port: | 49797 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044980311872816718 05/17/22-20:31:01.197924 |
SID: | 2816718 |
Source Port: | 49803 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044978711872816766 05/17/22-20:30:40.618852 |
SID: | 2816766 |
Source Port: | 49787 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 212.193.30.204192.168.2.51187498222841753 05/17/22-20:32:03.661713 |
SID: | 2841753 |
Source Port: | 1187 |
Destination Port: | 49822 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044979711872816766 05/17/22-20:30:55.725499 |
SID: | 2816766 |
Source Port: | 49797 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044978711872025019 05/17/22-20:30:38.957783 |
SID: | 2025019 |
Source Port: | 49787 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044981611872025019 05/17/22-20:31:42.303773 |
SID: | 2025019 |
Source Port: | 49816 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 212.193.30.204192.168.2.51187498122841753 05/17/22-20:31:22.376109 |
SID: | 2841753 |
Source Port: | 1187 |
Destination Port: | 49812 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044980611872025019 05/17/22-20:31:07.938867 |
SID: | 2025019 |
Source Port: | 49806 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044980911872816766 05/17/22-20:31:17.197289 |
SID: | 2816766 |
Source Port: | 49809 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044978111872025019 05/17/22-20:30:31.001024 |
SID: | 2025019 |
Source Port: | 49781 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044980911872025019 05/17/22-20:31:15.942780 |
SID: | 2025019 |
Source Port: | 49809 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044981211872025019 05/17/22-20:31:22.345784 |
SID: | 2025019 |
Source Port: | 49812 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044981911872025019 05/17/22-20:31:53.726213 |
SID: | 2025019 |
Source Port: | 49819 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044982211872025019 05/17/22-20:31:58.625380 |
SID: | 2025019 |
Source Port: | 49822 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044979411872025019 05/17/22-20:30:46.018194 |
SID: | 2025019 |
Source Port: | 49794 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044981511872025019 05/17/22-20:31:36.233314 |
SID: | 2025019 |
Source Port: | 49815 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044981611872816766 05/17/22-20:31:43.265162 |
SID: | 2816766 |
Source Port: | 49816 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044977211872816766 05/17/22-20:30:24.595254 |
SID: | 2816766 |
Source Port: | 49772 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044981311872025019 05/17/22-20:31:29.263030 |
SID: | 2025019 |
Source Port: | 49813 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044981811872025019 05/17/22-20:31:48.698744 |
SID: | 2025019 |
Source Port: | 49818 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044981311872816766 05/17/22-20:31:31.058415 |
SID: | 2816766 |
Source Port: | 49813 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044977211872025019 05/17/22-20:30:22.925084 |
SID: | 2025019 |
Source Port: | 49772 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044978111872816766 05/17/22-20:30:33.613252 |
SID: | 2816766 |
Source Port: | 49781 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 212.193.30.204192.168.2.51187497942810290 05/17/22-20:30:47.256191 |
SID: | 2810290 |
Source Port: | 1187 |
Destination Port: | 49794 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5212.193.30.2044980311872816766 05/17/22-20:31:02.293623 |
SID: | 2816766 |
Source Port: | 49803 |
Destination Port: | 1187 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Avira URL Cloud: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: |
Source: | DNS query: |
Source: | ASN Name: |
Source: | IP Address: |
Source: | TCP traffic: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | Binary or memory string: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_009AE6F0 | |
Source: | Code function: | 0_2_009AC2C4 | |
Source: | Code function: | 0_2_009AE6E0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_009A7B7D |
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Windows Management Instrumentation | Path Interception | 111 Process Injection | 1 Masquerading | 1 Input Capture | 1 Query Registry | Remote Services | 1 Input Capture | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 111 Security Software Discovery | Remote Desktop Protocol | 11 Archive Collected Data | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 21 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Remote Access Software | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 111 Process Injection | NTDS | 21 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Data Transfer Size Limits | 21 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Hidden Files and Directories | Cached Domain Credentials | 12 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 2 Obfuscated Files or Information | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 23 Software Packing | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
27% | ReversingLabs | ByteCode-MSIL.Trojan.AgentTesla | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
deranano2.ddns.net | 212.193.30.204 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| low | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
212.193.30.204 | deranano2.ddns.net | Russian Federation | 57844 | SPD-NETTR | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 628640 |
Start date and time: 17/05/202220:28:39 | 2022-05-17 20:28:39 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | INVOICE.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@3/5@15/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.223.24.244
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- VT rate limit hit for: INVOICE.exe
Time | Type | Description |
---|---|---|
20:30:06 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
212.193.30.204 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
deranano2.ddns.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
SPD-NETTR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1308 |
Entropy (8bit): | 5.345811588615766 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4FsXE8:MIHK5HKXE1qHxviYHKhQnoPtHoxHhAHJ |
MD5: | EA78C102145ED608EF0E407B978AF339 |
SHA1: | 66C9179ED9675B9271A97AB1FC878077E09AB731 |
SHA-256: | 8BF01E0C445BD07C0B4EDC7199B7E17DAF1CA55CA52D4A6EAC4EF211C2B1A73E |
SHA-512: | 8C04139A1FC3C3BDACB680EC443615A43EB18E73B5A0CFCA644CB4A5E71746B275B3E238DD1A5A205405313E457BB75F9BBB93277C67AFA5D78DCFA30E5DA02B |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 232 |
Entropy (8bit): | 7.024371743172393 |
Encrypted: | false |
SSDEEP: | 6:X4LDAnybgCFcpJSQwP4d7ZrqJgTFwoaw+9XU4:X4LEnybgCFCtvd7ZrCgpwoaw+Z9 |
MD5: | 32D0AAE13696FF7F8AF33B2D22451028 |
SHA1: | EF80C4E0DB2AE8EF288027C9D3518E6950B583A4 |
SHA-256: | 5347661365E7AD2C1ACC27AB0D150FFA097D9246BB3626FCA06989E976E8DD29 |
SHA-512: | 1D77FC13512C0DBC4EFD7A66ACB502481E4EFA0FB73D0C7D0942448A72B9B05BA1EA78DDF0BE966363C2E3122E0B631DB7630D044D08C1E1D32B9FB025C356A5 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:q8l9tn:q8Fn |
MD5: | A8BADF4E8D986108589909B1AE02C207 |
SHA1: | 80D375744D4B880EE40956B61AB5E7E3B6C696FE |
SHA-256: | B9FE1CD4CAEDEADEAE92F8C70EDA0B0DA99FDCC0DC788157D7B28AE6799AA06F |
SHA-512: | 5F1C1FB140D9BA7FF5FD373742A116237C8665ED483FE4950D41F5AB729711162223CAF840879E52E03B51949DB7608039C839EE77FD0A8DD10C2723F0406336 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40 |
Entropy (8bit): | 5.153055907333276 |
Encrypted: | false |
SSDEEP: | 3:9bzY6oRDT6P2bfVn1:RzWDT621 |
MD5: | 4E5E92E2369688041CC82EF9650EDED2 |
SHA1: | 15E44F2F3194EE232B44E9684163B6F66472C862 |
SHA-256: | F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48 |
SHA-512: | 1B368018907A3BC30421FDA2C935B39DC9073B9B1248881E70AD48EDB6CAA256070C1A90B97B0F64BBE61E316DBB8D5B2EC8DBABCD0B0B2999AB50B933671ECB |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 327432 |
Entropy (8bit): | 7.99938831605763 |
Encrypted: | true |
SSDEEP: | 6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm |
MD5: | 7E8F4A764B981D5B82D1CC49D341E9C6 |
SHA1: | D9F0685A028FB219E1A6286AEFB7D6FCFC778B85 |
SHA-256: | 0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480 |
SHA-512: | 880E46504FCFB4B15B86B9D8087BA88E6C4950E433616EBB637799F42B081ABF6F07508943ECB1F786B2A89E751F5AE62D750BDCFFDDF535D600CF66EC44E926 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.935606119244415 |
TrID: |
|
File name: | INVOICE.exe |
File size: | 656896 |
MD5: | 9d58123708f80d79654d981a8b6d9924 |
SHA1: | 27317b8dbf347408865b071cd40f8c97d1522482 |
SHA256: | b9066fabc2944828b98d6f22985038c59a5f6cfb1ae09b2f6b5c89bf87a43c44 |
SHA512: | f6b5cfbe894549644337e605513e3d8d517c16a167141eb693033d95ff5c9b95f6a8a72090605dd9817827a5453abc828d7a1ec4088afe019151cbddeed8a2b8 |
SSDEEP: | 12288:nsWyvNVQClWSEqOPhn/qu09/c3OwKjGes84ChuNtrzMnrj3NcMs0Tve:nsWI7WSEv/ql/mOjZsiuN5z6sQ |
TLSH: | 29D4120A709EEB3BC97CB7F95441525013B1B22B3457E32C9ECAE0C75A9BF406685B17 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...og.b..............0......@......V.... ........@.. .......................`............@................................ |
Icon Hash: | 64e4d2eeacd6d819 |
Entrypoint: | 0x49e356 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x6283676F [Tue May 17 09:14:23 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add dword ptr [eax], eax |
add byte ptr [eax], al |
add al, byte ptr [eax] |
add byte ptr [eax], al |
add eax, dword ptr [eax] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
pop ds |
add byte ptr [eax], al |
add bh, bh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x9e304 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xa0000 | 0x3c74 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xa4000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x9e1cc | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x9c39c | 0x9c400 | False | 0.9418953125 | data | 7.94289795658 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xa0000 | 0x3c74 | 0x3e00 | False | 0.92244203629 | data | 7.6910187968 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xa4000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xa00c8 | 0x3832 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_GROUP_ICON | 0xa390c | 0x14 | data | ||
RT_VERSION | 0xa3930 | 0x340 | data |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Chandler's 2022 (C) |
Assembly Version | 1.1.0.0 |
InternalName | IObjectRefere.exe |
FileVersion | 1.1.0.0 |
CompanyName | Chandler's |
LegalTrademarks | |
Comments | |
ProductName | TemporalToolkit |
ProductVersion | 1.1.0.0 |
FileDescription | |
OriginalFilename | IObjectRefere.exe |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.5212.193.30.2044981511872816766 05/17/22-20:31:37.145576 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044979411872816766 05/17/22-20:30:47.656373 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
212.193.30.204192.168.2.51187498182841753 05/17/22-20:31:48.726428 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 1187 | 49818 | 212.193.30.204 | 192.168.2.5 |
212.193.30.204192.168.2.51187498192841753 05/17/22-20:31:53.756641 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 1187 | 49819 | 212.193.30.204 | 192.168.2.5 |
192.168.2.5212.193.30.2044982211872816766 05/17/22-20:31:58.715420 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044980611872816766 05/17/22-20:31:10.821016 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044980311872025019 05/17/22-20:31:00.853122 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044979711872025019 05/17/22-20:30:54.580308 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044980311872816718 05/17/22-20:31:01.197924 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044978711872816766 05/17/22-20:30:40.618852 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
212.193.30.204192.168.2.51187498222841753 05/17/22-20:32:03.661713 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 1187 | 49822 | 212.193.30.204 | 192.168.2.5 |
192.168.2.5212.193.30.2044979711872816766 05/17/22-20:30:55.725499 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044978711872025019 05/17/22-20:30:38.957783 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044981611872025019 05/17/22-20:31:42.303773 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
212.193.30.204192.168.2.51187498122841753 05/17/22-20:31:22.376109 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 1187 | 49812 | 212.193.30.204 | 192.168.2.5 |
192.168.2.5212.193.30.2044980611872025019 05/17/22-20:31:07.938867 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044980911872816766 05/17/22-20:31:17.197289 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044978111872025019 05/17/22-20:30:31.001024 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044980911872025019 05/17/22-20:31:15.942780 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044981211872025019 05/17/22-20:31:22.345784 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49812 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044981911872025019 05/17/22-20:31:53.726213 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49819 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044982211872025019 05/17/22-20:31:58.625380 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044979411872025019 05/17/22-20:30:46.018194 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044981511872025019 05/17/22-20:31:36.233314 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044981611872816766 05/17/22-20:31:43.265162 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044977211872816766 05/17/22-20:30:24.595254 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044981311872025019 05/17/22-20:31:29.263030 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044981811872025019 05/17/22-20:31:48.698744 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49818 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044981311872816766 05/17/22-20:31:31.058415 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044977211872025019 05/17/22-20:30:22.925084 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
192.168.2.5212.193.30.2044978111872816766 05/17/22-20:30:33.613252 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
212.193.30.204192.168.2.51187497942810290 05/17/22-20:30:47.256191 | TCP | 2810290 | ETPRO TROJAN NanoCore RAT Keepalive Response 1 | 1187 | 49794 | 212.193.30.204 | 192.168.2.5 |
192.168.2.5212.193.30.2044980311872816766 05/17/22-20:31:02.293623 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 17, 2022 20:30:22.785531044 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:22.812949896 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:22.813136101 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:22.925084114 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:22.968403101 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:22.978699923 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.006140947 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.148186922 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.257045984 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.332336903 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.373541117 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.373573065 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.373589993 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.373610973 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.373697042 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.400897980 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.400927067 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.400942087 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.400959015 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.400975943 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.400989056 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.400991917 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.401010990 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.401016951 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.401030064 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.401040077 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.401334047 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.427997112 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428025007 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428041935 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428057909 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428075075 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428091049 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428100109 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.428107977 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428128004 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428144932 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428148985 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.428163052 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428167105 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.428180933 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428198099 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428214073 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.428215027 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428234100 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428236008 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.428251982 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428272009 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.428286076 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.428317070 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.455166101 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455198050 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455214977 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455231905 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455249071 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455265045 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455281973 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455298901 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455317020 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455332994 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455348969 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455365896 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455383062 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455399036 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455415964 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455431938 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455450058 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455467939 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455485106 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455502033 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455518961 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455534935 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455550909 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455566883 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455584049 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455601931 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455617905 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455634117 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455650091 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455666065 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455682039 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455698967 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.455773115 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.455830097 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.483926058 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.483972073 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484000921 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484030008 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484041929 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484057903 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484086990 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484095097 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484117031 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484143019 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484144926 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484170914 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484198093 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484224081 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484225988 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484257936 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484287024 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484287977 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484306097 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484321117 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484349966 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484366894 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484380007 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484407902 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484435081 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484436989 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484464884 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484486103 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484515905 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484544039 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484560013 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484571934 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484600067 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484627008 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484652996 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484679937 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484687090 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484693050 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484707117 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484735966 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484752893 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484764099 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484790087 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484791994 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484817982 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484833002 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484847069 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484874010 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484900951 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484910965 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484930992 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484956980 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.484961033 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.484989882 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.485016108 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.485019922 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.485069036 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.513874054 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.513926029 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.513961077 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.513993025 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514003992 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514024973 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514039040 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514060974 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514098883 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514106989 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514134884 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514166117 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514183998 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514199018 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514230013 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514245033 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514262915 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514296055 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514307976 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514327049 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514358997 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514389992 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514401913 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514420986 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514431000 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514452934 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514482975 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514513969 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514527082 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514545918 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514554024 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514576912 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514607906 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514621019 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514638901 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514669895 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514699936 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514700890 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514733076 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514748096 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514766932 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514799118 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514827967 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514858961 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514859915 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514892101 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514897108 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514925957 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514955997 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.514956951 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.514988899 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515003920 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.515021086 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515053034 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515081882 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515099049 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.515113115 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515126944 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.515145063 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515175104 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515201092 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.515208960 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515240908 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515264034 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.515273094 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515305996 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515336037 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515356064 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.515367031 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515396118 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.515398979 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515424013 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.515487909 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.542787075 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.542829037 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.542855024 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.542881012 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.542907953 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.542910099 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.542937040 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.542963028 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.542989016 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543009043 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543018103 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543045998 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543045998 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543070078 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543072939 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543100119 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543122053 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543127060 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543154001 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543179989 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543183088 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543206930 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543236017 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543256044 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543263912 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543291092 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543293953 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543318987 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543330908 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543344975 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543365955 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543386936 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543412924 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543445110 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543472052 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543498039 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543504000 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543524027 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543543100 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543551922 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543579102 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543601036 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543606997 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543632030 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543656111 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543661118 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543684959 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543705940 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543711901 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543740034 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543765068 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543766975 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543796062 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543822050 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543843985 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543847084 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543874979 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543876886 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543900967 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543915033 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543930054 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543956041 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.543978930 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.543982983 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.544009924 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.544038057 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.544054031 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.544064999 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.544090033 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.544091940 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.544151068 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.557316065 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571146011 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571183920 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571211100 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571234941 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571259022 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571290970 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571306944 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571319103 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571338892 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571345091 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571368933 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571369886 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571398020 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571420908 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571424961 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571446896 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571470022 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571470976 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571495056 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571499109 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571523905 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571527958 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571548939 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571552992 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571576118 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571578026 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571600914 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571603060 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571623087 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571630955 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571650028 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571657896 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571672916 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571683884 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571707010 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571712971 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571734905 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571741104 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571758986 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571767092 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571779013 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571793079 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571804047 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571818113 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571842909 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571866035 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571866035 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571891069 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571913958 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571914911 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571938038 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571943998 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571968079 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571974039 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.571991920 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.571995974 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572016954 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572021008 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572041035 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572043896 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572066069 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572066069 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572091103 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572091103 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572110891 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572117090 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572139978 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572141886 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572160959 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572168112 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572191000 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572196007 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572211981 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572222948 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572246075 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572247982 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572268009 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572274923 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572293997 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572302103 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572318077 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572329044 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572341919 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572355986 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572380066 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572386980 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572405100 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572424889 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572428942 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572455883 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572469950 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572498083 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572509050 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572525024 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572546959 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572547913 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572575092 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572581053 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572602034 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572604895 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572627068 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572627068 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572652102 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572653055 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572676897 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572676897 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572700977 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572704077 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572729111 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572730064 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572752953 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572756052 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572773933 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572782040 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572805882 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572808027 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572830915 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572833061 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572855949 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572859049 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572876930 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572885036 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572910070 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572912931 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572930098 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572936058 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572961092 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572962046 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.572984934 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.572988987 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.573010921 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.573015928 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:23.573035002 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.576066971 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:23.648452997 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:24.595253944 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:24.675786972 CEST | 1187 | 49772 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:25.702549934 CEST | 49772 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:30.973472118 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:31.000322104 CEST | 1187 | 49781 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:31.000425100 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:31.001024008 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:31.040369034 CEST | 1187 | 49781 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:31.087677956 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:31.115322113 CEST | 1187 | 49781 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:31.242628098 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:32.705895901 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:32.785065889 CEST | 1187 | 49781 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:33.033183098 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:33.114512920 CEST | 1187 | 49781 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:33.210207939 CEST | 1187 | 49781 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:33.344780922 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:33.374140024 CEST | 1187 | 49781 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:33.445895910 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:33.524709940 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:33.613169909 CEST | 1187 | 49781 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:33.613251925 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:33.640496969 CEST | 1187 | 49781 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:33.640676975 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:33.667660952 CEST | 1187 | 49781 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:33.724343061 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:33.807662010 CEST | 1187 | 49781 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:33.900346041 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:33.988603115 CEST | 1187 | 49781 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:34.853998899 CEST | 49781 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:38.928461075 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:38.955382109 CEST | 1187 | 49787 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:38.955519915 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:38.957782984 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:39.031105995 CEST | 1187 | 49787 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:39.031416893 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:39.058638096 CEST | 1187 | 49787 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:39.243350029 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:39.364984035 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:39.446218967 CEST | 1187 | 49787 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:39.537947893 CEST | 1187 | 49787 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:39.539191961 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:39.566519976 CEST | 1187 | 49787 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:39.568675041 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:39.596421003 CEST | 1187 | 49787 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:39.596554041 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:39.624238968 CEST | 1187 | 49787 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:39.627079964 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:39.707190037 CEST | 1187 | 49787 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:39.707294941 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:39.785178900 CEST | 1187 | 49787 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:40.618851900 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:40.707083941 CEST | 1187 | 49787 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:40.740156889 CEST | 1187 | 49787 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:40.852777004 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:41.627728939 CEST | 49787 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:45.989602089 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:46.017559052 CEST | 1187 | 49794 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:46.017664909 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:46.018193960 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:46.062951088 CEST | 1187 | 49794 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:46.063246965 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:46.092794895 CEST | 1187 | 49794 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:46.243869066 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:46.669089079 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:46.753997087 CEST | 1187 | 49794 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:46.940118074 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:47.019526005 CEST | 1187 | 49794 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:47.158186913 CEST | 1187 | 49794 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:47.173130989 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:47.200109959 CEST | 1187 | 49794 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:47.201477051 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:47.228888035 CEST | 1187 | 49794 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:47.228993893 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:47.256191015 CEST | 1187 | 49794 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:47.353363037 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:47.448056936 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:47.537444115 CEST | 1187 | 49794 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:47.656373024 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:47.738461018 CEST | 1187 | 49794 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:48.867304087 CEST | 1187 | 49794 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:49.033351898 CEST | 49794 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:54.439984083 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:54.466758966 CEST | 1187 | 49797 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:54.466871023 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:54.580307961 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:54.623544931 CEST | 1187 | 49797 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:54.624237061 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:54.707056999 CEST | 1187 | 49797 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:54.713177919 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:54.740719080 CEST | 1187 | 49797 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:54.856982946 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:55.406984091 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:55.488275051 CEST | 1187 | 49797 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:55.609306097 CEST | 1187 | 49797 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:55.620387077 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:55.647325039 CEST | 1187 | 49797 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:55.725498915 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:55.800785065 CEST | 1187 | 49797 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:55.828900099 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:55.856297016 CEST | 1187 | 49797 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:55.856496096 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:55.883578062 CEST | 1187 | 49797 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:56.050003052 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:56.611305952 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:30:56.691374063 CEST | 1187 | 49797 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:30:56.762713909 CEST | 49797 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:00.825278044 CEST | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:00.852384090 CEST | 1187 | 49803 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:00.852520943 CEST | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:00.853121996 CEST | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:00.901124954 CEST | 1187 | 49803 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:00.939074039 CEST | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:00.966968060 CEST | 1187 | 49803 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:01.054677963 CEST | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:01.197923899 CEST | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:01.272089005 CEST | 1187 | 49803 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:02.293622971 CEST | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:02.379009962 CEST | 1187 | 49803 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:02.777918100 CEST | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:02.863513947 CEST | 1187 | 49803 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:02.966264963 CEST | 1187 | 49803 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:02.967183113 CEST | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:02.994442940 CEST | 1187 | 49803 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:02.995435953 CEST | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:03.026613951 CEST | 1187 | 49803 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:03.026741982 CEST | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:03.054507971 CEST | 1187 | 49803 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:03.098640919 CEST | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:03.176356077 CEST | 1187 | 49803 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:03.212582111 CEST | 49803 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:07.843995094 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:07.871366024 CEST | 1187 | 49806 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:07.871728897 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:07.938867092 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:07.996553898 CEST | 1187 | 49806 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:08.055217028 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:08.061367989 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:08.091280937 CEST | 1187 | 49806 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:08.149018049 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:08.673027039 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:08.753909111 CEST | 1187 | 49806 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:08.924242973 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:09.004443884 CEST | 1187 | 49806 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:09.120970964 CEST | 1187 | 49806 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:09.164736986 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:09.191673994 CEST | 1187 | 49806 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:09.258461952 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:10.084671974 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:10.160468102 CEST | 1187 | 49806 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:10.160722017 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:10.255526066 CEST | 1187 | 49806 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:10.255657911 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:10.288577080 CEST | 1187 | 49806 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:10.294486046 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:10.321489096 CEST | 1187 | 49806 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:10.461704969 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:10.821016073 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:10.910433054 CEST | 1187 | 49806 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:11.837671995 CEST | 49806 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:15.915348053 CEST | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:15.942078114 CEST | 1187 | 49809 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:15.942174911 CEST | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:15.942780018 CEST | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:15.987961054 CEST | 1187 | 49809 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:15.988236904 CEST | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:16.016691923 CEST | 1187 | 49809 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:16.180938959 CEST | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:16.213356972 CEST | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:16.285320997 CEST | 1187 | 49809 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:16.286289930 CEST | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:16.358405113 CEST | 1187 | 49809 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:16.482204914 CEST | 1187 | 49809 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:16.486344099 CEST | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:16.513977051 CEST | 1187 | 49809 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:16.534451962 CEST | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:16.562484980 CEST | 1187 | 49809 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:16.565464973 CEST | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:16.593081951 CEST | 1187 | 49809 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:16.593226910 CEST | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:16.675723076 CEST | 1187 | 49809 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:17.197288990 CEST | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:17.269531012 CEST | 1187 | 49809 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:18.213558912 CEST | 49809 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:22.316598892 CEST | 49812 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:22.344878912 CEST | 1187 | 49812 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:22.345087051 CEST | 49812 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:22.345783949 CEST | 49812 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:22.376108885 CEST | 1187 | 49812 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:22.540798903 CEST | 49812 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:22.567962885 CEST | 1187 | 49812 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:22.568779945 CEST | 49812 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:22.596875906 CEST | 1187 | 49812 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:22.728415012 CEST | 49812 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:23.169842005 CEST | 49812 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:23.199551105 CEST | 49812 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:29.235048056 CEST | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:29.262062073 CEST | 1187 | 49813 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:29.262247086 CEST | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:29.263030052 CEST | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:29.301495075 CEST | 1187 | 49813 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:29.301870108 CEST | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:29.329307079 CEST | 1187 | 49813 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:29.478946924 CEST | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:29.540433884 CEST | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:29.628966093 CEST | 1187 | 49813 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:29.760665894 CEST | 1187 | 49813 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:29.761626005 CEST | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:29.788693905 CEST | 1187 | 49813 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:29.789776087 CEST | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:29.817127943 CEST | 1187 | 49813 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:29.817326069 CEST | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:29.844662905 CEST | 1187 | 49813 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:29.844782114 CEST | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:29.925766945 CEST | 1187 | 49813 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:30.060101032 CEST | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:30.144824982 CEST | 1187 | 49813 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:31.058414936 CEST | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:31.144717932 CEST | 1187 | 49813 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:32.104521990 CEST | 49813 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:36.200284004 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:36.227314949 CEST | 1187 | 49815 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:36.227447033 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:36.233314037 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:36.281426907 CEST | 1187 | 49815 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:36.281765938 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:36.309005976 CEST | 1187 | 49815 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:36.354530096 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:36.519583941 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:36.614123106 CEST | 1187 | 49815 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:36.731735945 CEST | 1187 | 49815 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:36.776392937 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:36.776694059 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:36.803522110 CEST | 1187 | 49815 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:36.847160101 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:36.864373922 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:36.893294096 CEST | 1187 | 49815 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:36.893687963 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:36.921416044 CEST | 1187 | 49815 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:36.922624111 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:37.006705046 CEST | 1187 | 49815 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:37.145576000 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:37.225070953 CEST | 1187 | 49815 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:37.663141012 CEST | 1187 | 49815 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:37.714027882 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:38.167973042 CEST | 49815 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:42.267390013 CEST | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:42.302983999 CEST | 1187 | 49816 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:42.303093910 CEST | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:42.303772926 CEST | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:42.345303059 CEST | 1187 | 49816 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:42.353084087 CEST | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:42.380660057 CEST | 1187 | 49816 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:42.485896111 CEST | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:42.677195072 CEST | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:42.754911900 CEST | 1187 | 49816 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:42.892551899 CEST | 1187 | 49816 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:42.966373920 CEST | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:42.993793011 CEST | 1187 | 49816 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:43.063513041 CEST | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:43.091111898 CEST | 1187 | 49816 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:43.091265917 CEST | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:43.118614912 CEST | 1187 | 49816 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:43.249691010 CEST | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:43.265161991 CEST | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:43.354794979 CEST | 1187 | 49816 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:43.500284910 CEST | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:43.583009005 CEST | 1187 | 49816 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:44.379833937 CEST | 49816 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:48.668442011 CEST | 49818 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:48.697812080 CEST | 1187 | 49818 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:48.698007107 CEST | 49818 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:48.698744059 CEST | 49818 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:48.726428032 CEST | 1187 | 49818 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:48.793086052 CEST | 49818 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:48.820276976 CEST | 1187 | 49818 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:48.820792913 CEST | 49818 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:48.848088026 CEST | 1187 | 49818 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:48.980643988 CEST | 49818 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:49.290839911 CEST | 49818 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:49.379843950 CEST | 1187 | 49818 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:49.457415104 CEST | 49818 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:49.476788044 CEST | 1187 | 49818 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:49.476943970 CEST | 49818 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:53.698391914 CEST | 49819 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:53.725269079 CEST | 1187 | 49819 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:53.725383997 CEST | 49819 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:53.726212978 CEST | 49819 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:53.756640911 CEST | 1187 | 49819 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:53.871622086 CEST | 49819 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:53.899087906 CEST | 1187 | 49819 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:53.911351919 CEST | 49819 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:53.938688993 CEST | 1187 | 49819 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:54.074779034 CEST | 49819 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:54.128034115 CEST | 49819 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:54.207813025 CEST | 1187 | 49819 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:54.320280075 CEST | 1187 | 49819 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:54.321135998 CEST | 49819 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:54.347985029 CEST | 1187 | 49819 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:54.349366903 CEST | 49819 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:54.376615047 CEST | 1187 | 49819 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:54.378380060 CEST | 49819 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:54.405714989 CEST | 1187 | 49819 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:54.406624079 CEST | 49819 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:54.489118099 CEST | 1187 | 49819 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:54.528448105 CEST | 49819 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:58.597389936 CEST | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:58.624774933 CEST | 1187 | 49822 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:58.624867916 CEST | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:58.625380039 CEST | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:58.667870998 CEST | 1187 | 49822 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:58.676132917 CEST | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:58.704694033 CEST | 1187 | 49822 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:58.715420008 CEST | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:58.786161900 CEST | 1187 | 49822 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:58.904809952 CEST | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:58.989326954 CEST | 1187 | 49822 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:59.106679916 CEST | 1187 | 49822 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:59.106991053 CEST | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:59.136111021 CEST | 1187 | 49822 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:59.137528896 CEST | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:59.165231943 CEST | 1187 | 49822 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:59.165344954 CEST | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:59.192903042 CEST | 1187 | 49822 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:31:59.193013906 CEST | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:31:59.271174908 CEST | 1187 | 49822 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:32:02.036811113 CEST | 1187 | 49822 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:32:02.091619015 CEST | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
May 17, 2022 20:32:03.661712885 CEST | 1187 | 49822 | 212.193.30.204 | 192.168.2.5 |
May 17, 2022 20:32:03.795284033 CEST | 49822 | 1187 | 192.168.2.5 | 212.193.30.204 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 17, 2022 20:30:22.744570971 CEST | 54322 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:30:22.764415979 CEST | 53 | 54322 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:30:30.888555050 CEST | 63187 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:30:30.910044909 CEST | 53 | 63187 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:30:38.901221037 CEST | 61941 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:30:38.922380924 CEST | 53 | 61941 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:30:45.969238997 CEST | 63241 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:30:45.988259077 CEST | 53 | 63241 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:30:54.377773046 CEST | 57809 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:30:54.399000883 CEST | 53 | 57809 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:31:00.802875042 CEST | 62680 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:31:00.823893070 CEST | 53 | 62680 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:31:07.682859898 CEST | 49912 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:31:07.700628042 CEST | 53 | 49912 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:31:15.894793987 CEST | 57990 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:31:15.914181948 CEST | 53 | 57990 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:31:22.294926882 CEST | 54463 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:31:22.315357924 CEST | 53 | 54463 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:31:29.212796926 CEST | 63718 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:31:29.232027054 CEST | 53 | 63718 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:31:36.179580927 CEST | 61126 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:31:36.196830034 CEST | 53 | 61126 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:31:42.240658998 CEST | 54152 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:31:42.261655092 CEST | 53 | 54152 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:31:48.642363071 CEST | 53194 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:31:48.660270929 CEST | 53 | 53194 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:31:53.676034927 CEST | 50393 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:31:53.695802927 CEST | 53 | 50393 | 8.8.8.8 | 192.168.2.5 |
May 17, 2022 20:31:58.573787928 CEST | 61458 | 53 | 192.168.2.5 | 8.8.8.8 |
May 17, 2022 20:31:58.593518019 CEST | 53 | 61458 | 8.8.8.8 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 17, 2022 20:30:22.744570971 CEST | 192.168.2.5 | 8.8.8.8 | 0x262e | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:30:30.888555050 CEST | 192.168.2.5 | 8.8.8.8 | 0xff17 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:30:38.901221037 CEST | 192.168.2.5 | 8.8.8.8 | 0x2997 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:30:45.969238997 CEST | 192.168.2.5 | 8.8.8.8 | 0xb8ef | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:30:54.377773046 CEST | 192.168.2.5 | 8.8.8.8 | 0x40dd | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:31:00.802875042 CEST | 192.168.2.5 | 8.8.8.8 | 0xd7d7 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:31:07.682859898 CEST | 192.168.2.5 | 8.8.8.8 | 0xb849 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:31:15.894793987 CEST | 192.168.2.5 | 8.8.8.8 | 0x9ea0 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:31:22.294926882 CEST | 192.168.2.5 | 8.8.8.8 | 0xf974 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:31:29.212796926 CEST | 192.168.2.5 | 8.8.8.8 | 0xf8e0 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:31:36.179580927 CEST | 192.168.2.5 | 8.8.8.8 | 0xd91b | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:31:42.240658998 CEST | 192.168.2.5 | 8.8.8.8 | 0xf075 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:31:48.642363071 CEST | 192.168.2.5 | 8.8.8.8 | 0x4878 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:31:53.676034927 CEST | 192.168.2.5 | 8.8.8.8 | 0xa5d3 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 20:31:58.573787928 CEST | 192.168.2.5 | 8.8.8.8 | 0xe914 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 17, 2022 20:30:22.764415979 CEST | 8.8.8.8 | 192.168.2.5 | 0x262e | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:30:30.910044909 CEST | 8.8.8.8 | 192.168.2.5 | 0xff17 | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:30:38.922380924 CEST | 8.8.8.8 | 192.168.2.5 | 0x2997 | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:30:45.988259077 CEST | 8.8.8.8 | 192.168.2.5 | 0xb8ef | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:30:54.399000883 CEST | 8.8.8.8 | 192.168.2.5 | 0x40dd | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:31:00.823893070 CEST | 8.8.8.8 | 192.168.2.5 | 0xd7d7 | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:31:07.700628042 CEST | 8.8.8.8 | 192.168.2.5 | 0xb849 | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:31:15.914181948 CEST | 8.8.8.8 | 192.168.2.5 | 0x9ea0 | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:31:22.315357924 CEST | 8.8.8.8 | 192.168.2.5 | 0xf974 | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:31:29.232027054 CEST | 8.8.8.8 | 192.168.2.5 | 0xf8e0 | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:31:36.196830034 CEST | 8.8.8.8 | 192.168.2.5 | 0xd91b | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:31:42.261655092 CEST | 8.8.8.8 | 192.168.2.5 | 0xf075 | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:31:48.660270929 CEST | 8.8.8.8 | 192.168.2.5 | 0x4878 | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:31:53.695802927 CEST | 8.8.8.8 | 192.168.2.5 | 0xa5d3 | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) | ||
May 17, 2022 20:31:58.593518019 CEST | 8.8.8.8 | 192.168.2.5 | 0xe914 | No error (0) | 212.193.30.204 | A (IP address) | IN (0x0001) |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 20:29:53 |
Start date: | 17/05/2022 |
Path: | C:\Users\user\Desktop\INVOICE.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3d0000 |
File size: | 656896 bytes |
MD5 hash: | 9D58123708F80D79654D981A8B6D9924 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 3 |
Start time: | 20:30:14 |
Start date: | 17/05/2022 |
Path: | C:\Users\user\Desktop\INVOICE.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb40000 |
File size: | 656896 bytes |
MD5 hash: | 9D58123708F80D79654D981A8B6D9924 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Execution Graph
Execution Coverage: | 13.3% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 119 |
Total number of Limit Nodes: | 10 |
Graph
Function 009AE6F0 Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009AE6E0 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009A8858 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009A9988 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0094D4C4 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0095D1D4 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0095D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0095D005 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0094D4BF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0095D1CF Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0094D745 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0094D744 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009AC2C4 Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |