Play interactive tour
Edit tourWindows Analysis Report PREVIOUS CONVERSATION.pdf.exe
Overview
General Information
| Sample Name: | PREVIOUS CONVERSATION.pdf.exe |
| Analysis ID: | 534663 |
| MD5: | 28241aafe5b6018c984e310c33e9e48b |
| SHA1: | d126c0cf51a98d9f3bd38efa6e61d4091104c624 |
| SHA256: | 9e6563c2c5e8a869bfdbf4ff1336bf2abcd238695d87f79a01b308216acc9cb5 |
| Tags: | exe |
| Infos: | |
Most interesting Screenshot:  | |
Detection
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Classification
Process Tree |
|---|
|
Malware Configuration |
|---|
| No configs have been found |
|---|
Yara Overview |
|---|
Memory Dumps |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_WebMonitor | Yara detected WebMonitor RAT | Joe Security | ||
| JoeSecurity_WebMonitor | Yara detected WebMonitor RAT | Joe Security | ||
| JoeSecurity_WebMonitor | Yara detected WebMonitor RAT | Joe Security | ||
| JoeSecurity_WebMonitor | Yara detected WebMonitor RAT | Joe Security | ||
| JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | ||
| Click to see the 7 entries | ||||
Unpacked PEs |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_WebMonitor | Yara detected WebMonitor RAT | Joe Security | ||
| JoeSecurity_WebMonitor | Yara detected WebMonitor RAT | Joe Security | ||
| JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | ||
| JoeSecurity_WebMonitor | Yara detected WebMonitor RAT | Joe Security | ||
| JoeSecurity_WebMonitor | Yara detected WebMonitor RAT | Joe Security | ||
| Click to see the 13 entries | ||||
Sigma Overview |
|---|
System Summary: |   |
|---|
| Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments | Show sources | ||
| Source: | Author: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth, Christian Burkard: | ||
| Sigma detected: Suspicius Add Task From User AppData Temp | Show sources | ||
| Source: | Author: frack113: | ||
| Sigma detected: Powershell Defender Exclusion | Show sources | ||
| Source: | Author: Florian Roth: | ||
| Sigma detected: Possible Applocker Bypass | Show sources | ||
| Source: | Author: juju4: | ||
| Sigma detected: Non Interactive PowerShell | Show sources | ||
| Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): | ||
| Sigma detected: T1086 PowerShell Execution | Show sources | ||
| Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): | ||
Jbx Signature Overview |
|---|
Click to jump to signature section
AV Detection: | |
|---|
| Antivirus detection for URL or domain | Show sources | ||
| Source: | Avira URL Cloud: | ||
| Multi AV Scanner detection for submitted file | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Multi AV Scanner detection for domain / URL | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Multi AV Scanner detection for dropped file | Show sources | ||
| Source: | ReversingLabs: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
Networking: | |
|---|
| Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources | ||
| Source: | Snort IDS: | ||
| Source: | JA3 fingerprint: | ||
| Source: | ASN Name: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Key, Mouse, Clipboard, Microphone and Screen Capturing: | |
|---|
| Installs a global keyboard hook | Show sources | ||
| Source: | Windows user hook set: | Jump to behavior | ||
| Contains functionality to register a low level keyboard hook | Show sources | ||
| Source: | Code function: | 8_2_0043656A | |
| Source: | Binary or memory string: | ||
System Summary: | |
|---|
| Initial sample is a PE file and has a suspicious name | Show sources | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_008AE5E9 | |
| Source: | Code function: | 0_2_008AE5F0 | |
| Source: | Code function: | 0_2_008AC66C | |
| Source: | Code function: | 8_2_004AFFF3 | |
| Source: | Code function: | 8_2_004B5179 | |
| Source: | Code function: | 8_2_0043C25A | |
| Source: | Code function: | 8_2_004A444D | |
| Source: | Code function: | 8_2_004A467C | |
| Source: | Code function: | 8_2_004B48E4 | |
| Source: | Code function: | 8_2_004A48AB | |
| Source: | Code function: | 8_2_004BFB2B | |
| Source: | Code function: | 8_2_0049FC6A | |
| Source: | Code function: | 8_2_004A0C10 | |
| Source: | Code function: | 8_2_004A8FD0 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 8_2_004382E8 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 8_2_00447818 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Code function: | 8_2_00446B77 | |
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Data Obfuscation: | |
|---|
| .NET source code contains potential unpacker | Show sources | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | Code function: | 0_2_00077138 | |
| Source: | Code function: | 0_2_0007716B | |
| Source: | Code function: | 0_2_008A41EA | |
| Source: | Code function: | 0_2_008A41E2 | |
| Source: | Code function: | 0_2_008A412A | |
| Source: | Code function: | 0_2_008A4122 | |
| Source: | Code function: | 0_2_008A4126 | |
| Source: | Code function: | 0_2_008A42DA | |
| Source: | Code function: | 0_2_008A42D6 | |
| Source: | Code function: | 0_2_008A449A | |
| Source: | Code function: | 0_2_008A4492 | |
| Source: | Code function: | 0_2_008A4452 | |
| Source: | Code function: | 0_2_008A455A | |
| Source: | Code function: | 0_2_008A4562 | |
| Source: | Code function: | 0_2_008A6D65 | |
| Source: | Code function: | 0_2_07A91A8F | |
| Source: | Code function: | 8_2_00405866 | |
| Source: | Code function: | 8_2_0049D8E7 | |
| Source: | Code function: | 8_2_00402EED | |
| Source: | Code function: | 8_2_00402F55 | |
| Source: | Code function: | 8_2_00402F21 | |
| Source: | Code function: | 8_2_0049DFA9 | |
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
Boot Survival: | |
|---|
| Creates autostart registry keys with suspicious names | Show sources | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Uses schtasks.exe or at.exe to add and modify task schedules | Show sources | ||
| Source: | Process created: | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
Hooking and other Techniques for Hiding and Protection: | |
|---|
| Uses an obfuscated file name to hide its real file extension (double extension) | Show sources | ||
| Source: | Static PE information: | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion: | |
|---|
| Yara detected AntiVM3 | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Contain functionality to detect virtual machines | Show sources | ||
| Source: | Code function: | 8_2_00438696 | |
| Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) | Show sources | ||
| Source: | WMI Queries: | ||
| Tries to detect virtualization through RDTSC time measurements | Show sources | ||
| Source: | RDTSC instruction interceptor: | ||
| Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources | ||
| Source: | WMI Queries: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Code function: | 8_2_00438418 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
Anti Debugging: | |
|---|
| Potentially malicious time measurement code found | Show sources | ||
| Source: | Code function: | 8_2_00438418 | |
| Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) | Show sources | ||
| Source: | Code function: | 8_2_00438DCE | |
| Source: | Code function: | 8_2_004B0BDB | |
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 8_2_00438418 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion: | |
|---|
| Adds a directory exclusion to Windows Defender | Show sources | ||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 8_2_0049C76F | |
| Source: | Code function: | 8_2_0049C6A4 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 8_2_0043865F | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 8_2_0048B007 | |
| Source: | Code function: | 8_2_004BA019 | |
Stealing of Sensitive Information: | |
|---|
| Yara detected WebMonitor RAT | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality: | |
|---|
| Yara detected WebMonitor RAT | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Mitre Att&ck Matrix |
|---|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Windows Management Instrumentation2 | Scheduled Task/Job1 | Access Token Manipulation1 | Disable or Modify Tools11 | Input Capture211 | System Time Discovery2 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel11 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Command and Scripting Interpreter2 | Registry Run Keys / Startup Folder11 | Process Injection12 | Deobfuscate/Decode Files or Information1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Input Capture211 | Exfiltration Over Bluetooth | Non-Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | Scheduled Task/Job1 | Logon Script (Windows) | Scheduled Task/Job1 | Obfuscated Files or Information12 | Security Account Manager | System Information Discovery233 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Registry Run Keys / Startup Folder11 | Software Packing11 | NTDS | Query Registry1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Timestomp1 | LSA Secrets | Security Software Discovery621 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | Masquerading111 | Cached Domain Credentials | Virtualization/Sandbox Evasion231 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | Virtualization/Sandbox Evasion231 | DCSync | Process Discovery3 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Access Token Manipulation1 | Proc Filesystem | Application Window Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Process Injection12 | /etc/passwd and /etc/shadow | Remote System Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
|---|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetScreenshots |
|---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
|---|
Initial Sample |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 26% | Virustotal | Browse | ||
| 25% | ReversingLabs | ByteCode-MSIL.Dropper.Dapato |
Dropped Files |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 40% | ReversingLabs | ByteCode-MSIL.Trojan.AgentTesla |
Unpacked PE Files |
|---|
| Source | Detection | Scanner | Label | Link | Download |
|---|---|---|---|---|---|
| 100% | Avira | TR/Crypt.EPACK.Gen2 | Download File | ||
| 100% | Avira | TR/Crypt.EPACK.Gen2 | Download File | ||
| 100% | Avira | TR/Crypt.EPACK.Gen2 | Download File | ||
| 100% | Avira | TR/Patched.Ren.Gen | Download File | ||
| 100% | Avira | TR/Crypt.EPACK.Gen2 | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.EPACK.Gen2 | Download File | ||
| 100% | Avira | TR/Crypt.EPACK.Gen2 | Download File |
Domains |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 5% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 1% | Virustotal | Browse |
URLs |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware |
Domains and IPs |
|---|
Contacted Domains |
|---|
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| niiarmah.wm01.to | 45.153.186.90 | true | true |
| unknown |
| ntp.se | 194.58.200.20 | true | false |
| unknown |
| sdns.se | 185.243.215.214 | true | false |
| unknown |
| a6d089361c3e66334521ca401baef106.se | unknown | unknown | false | unknown |
Contacted URLs |
|---|
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown |
URLs from Memory and Binaries |
|---|
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| true |
| unknown | ||
| false | high |
Contacted IPs |
|---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
|---|
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 194.58.200.20 | ntp.se | Sweden | 57021 | NTP-SEAnycastedNTPservicesfromNetnodIXPsSE | false | |
| 45.153.186.90 | niiarmah.wm01.to | Bulgaria | 202448 | MVPShttpswwwmvpsnetEU | true |
General Information |
|---|
| Joe Sandbox Version: | 34.0.0 Boulder Opal |
| Analysis ID: | 534663 |
| Start date: | 06.12.2021 |
| Start time: | 12:17:15 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 9m 2s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | PREVIOUS CONVERSATION.pdf.exe |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 21 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@9/9@25/2 |
| EGA Information: | Failed |
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
| Warnings: | Show All
|
Simulations |
|---|
Behavior and APIs |
|---|
| Time | Type | Description |
|---|---|---|
| 12:18:08 | API Interceptor | |
| 12:18:13 | API Interceptor | |
| 12:18:26 | API Interceptor | |
| 12:18:35 | Autostart | |
| 12:18:45 | Autostart | |
| 12:18:53 | Autostart |
Joe Sandbox View / Context |
|---|
IPs |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 194.58.200.20 | Get hash | malicious | Browse | ||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| 45.153.186.90 | Get hash | malicious | Browse | ||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse |
Domains |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| ntp.se | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| niiarmah.wm01.to | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| sdns.se | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
ASN |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| NTP-SEAnycastedNTPservicesfromNetnodIXPsSE | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| MVPShttpswwwmvpsnetEU | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
JA3 Fingerprints |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
Dropped Files |
|---|
| No context |
|---|
Created / dropped Files |
|---|
| Process: | C:\Users\user\Desktop\PREVIOUS CONVERSATION.pdf.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 1310 |
| Entropy (8bit): | 5.345651901398759 |
| Encrypted: | false |
| SSDEEP: | 24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE47mE4Ko88:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKz6 |
| MD5: | D918C6A765EDB90D2A227FE23A3FEC98 |
| SHA1: | 8BA802AD8D740F114783F0DADC407CBFD2A209B3 |
| SHA-256: | AB0E9F716E31502A4C6786575C5E64DFD9D24AF99056BBE2640A2FA322CFF4D6 |
| SHA-512: | A937ABD8294BB32A612F8B3A376C94111D688379F0A4DB9FAA2FCEB71C25E18D621EEBCFDA5706B71C8473A4F38D8B3C4005D1589B564F9B1C9C441B6D337814 |
| Malicious: | true |
| Reputation: | moderate, very likely benign file |
| Preview: |
|
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 22312 |
| Entropy (8bit): | 5.603648763561342 |
| Encrypted: | false |
| SSDEEP: | 384:TtCDJE06V5mtjDqu01bXSBKn/wjultI+37Y9gRSJ3xmT1MaLZlbAV7hXWMZiZBDk:sDqu64KICltxjRc8Cqfw9aVk |
| MD5: | 60C2A60C19405A73D367CE3B35D9FCD5 |
| SHA1: | 26DA844DE6A4C59BAE716ED775B7F5B37AB3CC0A |
| SHA-256: | DF5F17BF03E7E787F34B92EB1AF98F1D3D6341F40644A503A953C1316978F1A5 |
| SHA-512: | 82E3157335CD00BA0B0382FD25808AAF583BCF8FE018E1080622280A7591064A3910C4D978DDAEF05824B465CD94C581026ADBBEEB47312CC5E07669880480D1 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
|
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
|
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\PREVIOUS CONVERSATION.pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1598 |
| Entropy (8bit): | 5.148861891998742 |
| Encrypted: | false |
| SSDEEP: | 24:2di4+S2qh/S1KTy1moCUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNta4aoxvn:cgeKwYrFdOFzOzN33ODOiDdKrsuTRVv |
| MD5: | 0EC92A930D8A57C7BBA188D247F587DA |
| SHA1: | AA08D49260C8CE002DAB9EE7DF68E0CD1631C8E8 |
| SHA-256: | 008067AD3739FFF1A70F48F81E365CC2F0DCA443E167FCDE69602E520851CEE4 |
| SHA-512: | A10D5D0871493DCBBF676E7E1993A468168EFFAE820EF1932373CA287EA35C0BDFE5A002B59627C2FC3E43B141B5E48F818FA5F0B779DF7C4B6612D27965368E |
| Malicious: | true |
| Preview: |
|
| Process: | C:\Users\user\Desktop\PREVIOUS CONVERSATION.pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2296320 |
| Entropy (8bit): | 7.857794521576697 |
| Encrypted: | false |
| SSDEEP: | 49152:DeZkT1lcGocXfF7MGN3GBoqn8IEBYQpp2r7htbTUCdnLv:y6T1lcGpvjRGB77Up4n/l |
| MD5: | 28241AAFE5B6018C984E310C33E9E48B |
| SHA1: | D126C0CF51A98D9F3BD38EFA6E61D4091104C624 |
| SHA-256: | 9E6563C2C5E8A869BFDBF4FF1336BF2ABCD238695D87F79A01B308216ACC9CB5 |
| SHA-512: | 730AE328D0CC82BE717D24130073D8A3D0EC8E3B118E88DCB2B13071499C2EFA03CF98905BE68B2BC041A3245D792A113403272F67052963F3C4BAEAE15D0C98 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Users\user\Desktop\PREVIOUS CONVERSATION.pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5793 |
| Entropy (8bit): | 5.402988544064389 |
| Encrypted: | false |
| SSDEEP: | 96:BZMjIN6qDo1ZFZpjIN6qDo1ZQ6oijZ7jIN6qDo1ZMfSSoZf:6 |
| MD5: | 72286E2CC65464A4067797B77393E659 |
| SHA1: | 51B4D4F2E8E694E82E7F7E5593BEEAD3466092E4 |
| SHA-256: | 257E3CE8B84EDE7EEA0F7995FD5779EC52C0A9010846C759247175F58997704F |
| SHA-512: | C92D44C9A4F8877648445B805F4E89FEAE177E0E0C4C8AE6AD4A46FAADD27D0E81FF0363A414B329BCF100DBE42A1040F1B6765AD52B1596454D00CB38C90545 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 259 |
| Entropy (8bit): | 5.496569330187583 |
| Encrypted: | false |
| SSDEEP: | 6:i+I/4V7vIiuRYJhAq/opS88R0qxaI/4RaRYJhAq/c:iz/W7giJZwpS88R0QP/YZE |
| MD5: | B7DFCCF531CC875C23F211F1DF66CB36 |
| SHA1: | B0E792F75A3D8498C7E0EE97E6E42BEDACBC3BBD |
| SHA-256: | F92D3CD165B54C77053125E2A9AE69BA79AF7B736088F7995501AE63C9258A3E |
| SHA-512: | DC845CBB7F15B628A500F14E3BF5770CE20C7E80A022C80585CB9A96BE0824C3B7BF4A9FDF8E7A4395371200188F0B93B4D3E73C835D43D531E12E5D08DAA5D2 |
| Malicious: | false |
| Preview: |
|
Static File Info |
|---|
General | |
|---|---|
| File type: | |
| Entropy (8bit): | 7.857794521576697 |
| TrID: |
|
| File name: | PREVIOUS CONVERSATION.pdf.exe |
| File size: | 2296320 |
| MD5: | 28241aafe5b6018c984e310c33e9e48b |
| SHA1: | d126c0cf51a98d9f3bd38efa6e61d4091104c624 |
| SHA256: | 9e6563c2c5e8a869bfdbf4ff1336bf2abcd238695d87f79a01b308216acc9cb5 |
| SHA512: | 730ae328d0cc82be717d24130073d8a3d0ec8e3b118e88dcb2b13071499c2efa03cf98905be68b2bc041a3245d792a113403272f67052963f3c4baeae15d0c98 |
| SSDEEP: | 49152:DeZkT1lcGocXfF7MGN3GBoqn8IEBYQpp2r7htbTUCdnLv:y6T1lcGpvjRGB77Up4n/l |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....2................0..\ ..........{ .. .... ...@.. .......................`#...........@................................ |
File Icon |
|---|
 | |
| Icon Hash: | c6f8e1ccccd89cc4 |
Static PE Info |
|---|
General | |
|---|---|
| Entrypoint: | 0x607bde |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
| DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
| Time Stamp: | 0xD5B732DE [Sun Aug 15 10:58:38 2083 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | v4.0.30319 |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
|---|
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
Data Directories |
|---|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x207b84 | 0x57 | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x208000 | 0x2a988 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x234000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0x205be4 | 0x205c00 | unknown | unknown | unknown | unknown | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x208000 | 0x2a988 | 0x2aa00 | False | 0.170872663123 | data | 4.43862407978 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x234000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
|---|
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_ICON | 0x2082b0 | 0x28f5 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
| RT_ICON | 0x20aba8 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | ||
| RT_ICON | 0x21b3d0 | 0x94a8 | data | ||
| RT_ICON | 0x224878 | 0x5488 | data | ||
| RT_ICON | 0x229d00 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 254, next used block 520093696 | ||
| RT_ICON | 0x22df28 | 0x25a8 | data | ||
| RT_ICON | 0x2304d0 | 0x10a8 | data | ||
| RT_ICON | 0x231578 | 0x988 | data | ||
| RT_ICON | 0x231f00 | 0x468 | GLS_BINARY_LSB_FIRST | ||
| RT_GROUP_ICON | 0x232368 | 0x84 | data | ||
| RT_VERSION | 0x2323ec | 0x3b0 | data | ||
| RT_MANIFEST | 0x23279c | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
|---|
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
Version Infos |
|---|
| Description | Data |
|---|---|
| Translation | 0x0000 0x04b0 |
| LegalCopyright | Joshua Doore 2020 - 2022 |
| Assembly Version | 1.0.0.0 |
| InternalName | STOREASSEMBLYSTATUSFLA.exe |
| FileVersion | 1.0.0.0 |
| CompanyName | Joshua Doore |
| LegalTrademarks | |
| Comments | |
| ProductName | Fine arts Photography |
| ProductVersion | 1.0.0.0 |
| FileDescription | Fine arts Photography |
| OriginalFilename | STOREASSEMBLYSTATUSFLA.exe |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeNetwork Behavior |
|---|
Snort IDS Alerts |
|---|
| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 12/06/21-12:18:27.366454 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:27.403276 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:27.442540 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:27.477565 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:27.512630 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:28.054864 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:28.090687 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:28.125964 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:28.161180 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:28.196343 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:28.236654 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:28.271886 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:28.306924 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:28.342141 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:28.377343 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 185.243.215.214 | 192.168.2.4 | ||
| 12/06/21-12:18:33.642477 | UDP | 2032361 | ET TROJAN WebMonitor/RevCode RAT CnC Domain in DNS Lookup | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Network Port Distribution |
|---|
TCP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 6, 2021 12:18:33.722161055 CET | 49774 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:33.722233057 CET | 443 | 49774 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:33.722385883 CET | 49774 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:33.746251106 CET | 49774 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:33.746284962 CET | 443 | 49774 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:33.877682924 CET | 443 | 49774 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:33.877850056 CET | 49774 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:34.242263079 CET | 49774 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:34.242292881 CET | 443 | 49774 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:34.242573023 CET | 443 | 49774 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:34.242646933 CET | 49774 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:34.246139050 CET | 49774 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:34.288887024 CET | 443 | 49774 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:34.465529919 CET | 443 | 49774 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:34.465636969 CET | 443 | 49774 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:34.465822935 CET | 49774 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:34.469988108 CET | 49774 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:34.470036983 CET | 443 | 49774 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:34.566337109 CET | 49775 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:34.566406012 CET | 443 | 49775 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:34.566533089 CET | 49775 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:34.567296982 CET | 49775 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:34.567323923 CET | 443 | 49775 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:34.844564915 CET | 443 | 49775 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:34.844791889 CET | 49775 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:34.845798016 CET | 49775 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:34.845828056 CET | 443 | 49775 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:34.853075981 CET | 49775 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:34.853106976 CET | 443 | 49775 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.435626030 CET | 443 | 49775 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.435695887 CET | 443 | 49775 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.435790062 CET | 49775 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.435826063 CET | 49775 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.436186075 CET | 49775 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.436219931 CET | 443 | 49775 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.470774889 CET | 49776 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.470846891 CET | 443 | 49776 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.470946074 CET | 49776 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.471843004 CET | 49776 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.471869946 CET | 443 | 49776 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.635515928 CET | 443 | 49776 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.635704041 CET | 49776 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.639751911 CET | 49776 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.639785051 CET | 443 | 49776 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.646178961 CET | 49776 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.646219015 CET | 443 | 49776 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.847692966 CET | 443 | 49776 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.847762108 CET | 443 | 49776 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.847811937 CET | 49776 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.847851992 CET | 49776 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.848589897 CET | 49776 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.848629951 CET | 443 | 49776 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.853141069 CET | 49777 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.853195906 CET | 443 | 49777 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.853277922 CET | 49777 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.854126930 CET | 49777 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.854146004 CET | 443 | 49777 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.855324030 CET | 49778 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.855367899 CET | 443 | 49778 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.855446100 CET | 49778 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.856272936 CET | 49778 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.856283903 CET | 443 | 49778 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.971582890 CET | 443 | 49777 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.971674919 CET | 49777 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.972429991 CET | 49777 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.972445965 CET | 443 | 49777 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.978228092 CET | 49777 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:35.978255033 CET | 443 | 49777 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.989564896 CET | 443 | 49778 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:35.989648104 CET | 49778 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:36.047585011 CET | 49778 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:36.047610998 CET | 443 | 49778 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:36.054764032 CET | 49778 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:36.054796934 CET | 443 | 49778 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:36.276968956 CET | 443 | 49777 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:36.277040958 CET | 443 | 49777 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:36.277112961 CET | 49777 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:36.281023979 CET | 49777 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:36.281074047 CET | 443 | 49777 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:36.281090021 CET | 49777 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:36.281138897 CET | 49777 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:36.492743969 CET | 443 | 49778 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:36.492866039 CET | 443 | 49778 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:36.492970943 CET | 49778 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:36.497586966 CET | 49778 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:36.497631073 CET | 443 | 49778 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:36.497639894 CET | 49778 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:36.498625994 CET | 49778 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:37.860615015 CET | 49779 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:37.860677958 CET | 443 | 49779 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:37.860786915 CET | 49779 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:37.861566067 CET | 49779 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:37.861602068 CET | 443 | 49779 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:38.176285028 CET | 443 | 49779 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:38.176381111 CET | 49779 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:38.177416086 CET | 49779 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:38.177436113 CET | 443 | 49779 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:38.184634924 CET | 49779 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:38.184663057 CET | 443 | 49779 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:38.621154070 CET | 443 | 49779 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:38.621232033 CET | 443 | 49779 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:38.621257067 CET | 49779 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:38.621288061 CET | 49779 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:38.621607065 CET | 49779 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:38.621640921 CET | 443 | 49779 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:40.625624895 CET | 49782 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:40.625677109 CET | 443 | 49782 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:40.625919104 CET | 49782 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:40.626620054 CET | 49782 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:40.626635075 CET | 443 | 49782 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:40.799689054 CET | 443 | 49782 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:40.799926043 CET | 49782 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:40.800543070 CET | 49782 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:40.800550938 CET | 443 | 49782 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:40.806221962 CET | 49782 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:40.806236982 CET | 443 | 49782 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:41.189119101 CET | 443 | 49782 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:41.189207077 CET | 443 | 49782 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:41.189265966 CET | 49782 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:41.189307928 CET | 49782 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:41.189640999 CET | 49782 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:41.189661026 CET | 443 | 49782 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:43.206084967 CET | 49783 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:43.206151009 CET | 443 | 49783 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:43.206269026 CET | 49783 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:43.207077026 CET | 49783 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:43.207091093 CET | 443 | 49783 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:43.299141884 CET | 443 | 49783 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:43.299227953 CET | 49783 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:43.303138018 CET | 49783 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:43.303162098 CET | 443 | 49783 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:43.309122086 CET | 49783 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:43.309155941 CET | 443 | 49783 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:43.554805040 CET | 443 | 49783 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:43.554888010 CET | 443 | 49783 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:43.555073023 CET | 49783 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:43.555094004 CET | 49783 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:43.555454016 CET | 49783 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:43.555479050 CET | 443 | 49783 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:45.616862059 CET | 49784 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:45.616919994 CET | 443 | 49784 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:45.617001057 CET | 49784 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:45.653759956 CET | 49784 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:45.653790951 CET | 443 | 49784 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:45.936516047 CET | 443 | 49784 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:45.936625004 CET | 49784 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:45.941683054 CET | 49784 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:45.941709042 CET | 443 | 49784 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:45.948394060 CET | 49784 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:45.948420048 CET | 443 | 49784 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:46.300674915 CET | 443 | 49784 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:46.300753117 CET | 443 | 49784 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:46.300837994 CET | 49784 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:46.300868988 CET | 49784 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:46.301140070 CET | 49784 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:46.301156998 CET | 443 | 49784 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:48.314300060 CET | 49785 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:48.314343929 CET | 443 | 49785 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:48.314440966 CET | 49785 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:48.315151930 CET | 49785 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:48.315166950 CET | 443 | 49785 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:48.401935101 CET | 443 | 49785 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:48.402087927 CET | 49785 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:48.402806997 CET | 49785 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:48.402827024 CET | 443 | 49785 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:48.410082102 CET | 49785 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:48.410108089 CET | 443 | 49785 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:48.746742964 CET | 443 | 49785 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:48.746819973 CET | 443 | 49785 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:48.746836901 CET | 49785 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:48.746875048 CET | 49785 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:48.747150898 CET | 49785 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:48.747173071 CET | 443 | 49785 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:50.829763889 CET | 49786 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:50.829812050 CET | 443 | 49786 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:50.829905033 CET | 49786 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:50.830769062 CET | 49786 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:50.830796003 CET | 443 | 49786 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:50.964478016 CET | 443 | 49786 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:50.964632988 CET | 49786 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:50.965420961 CET | 49786 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:50.965441942 CET | 443 | 49786 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:50.971014977 CET | 49786 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:50.971045971 CET | 443 | 49786 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:51.275665998 CET | 443 | 49786 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:51.275739908 CET | 443 | 49786 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:51.275891066 CET | 49786 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:51.276176929 CET | 49786 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:51.276246071 CET | 49786 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:51.276273012 CET | 443 | 49786 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:53.282069921 CET | 49787 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:53.282124043 CET | 443 | 49787 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:53.282198906 CET | 49787 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:53.282809973 CET | 49787 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:53.282834053 CET | 443 | 49787 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:53.465980053 CET | 443 | 49787 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:53.466164112 CET | 49787 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:53.467030048 CET | 49787 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:53.467042923 CET | 443 | 49787 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:53.476807117 CET | 49787 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:53.476831913 CET | 443 | 49787 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:53.973543882 CET | 443 | 49787 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:53.973675013 CET | 443 | 49787 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:53.973715067 CET | 49787 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:53.973742008 CET | 49787 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:53.974001884 CET | 49787 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:53.974031925 CET | 443 | 49787 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:55.987662077 CET | 49789 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:55.987752914 CET | 443 | 49789 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:55.987967014 CET | 49789 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:55.989335060 CET | 49789 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:55.989366055 CET | 443 | 49789 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:56.099941015 CET | 443 | 49789 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:56.100033998 CET | 49789 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:56.100717068 CET | 49789 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:56.100761890 CET | 443 | 49789 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:56.202377081 CET | 49789 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:56.202404976 CET | 443 | 49789 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:56.397245884 CET | 443 | 49789 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:56.397325039 CET | 443 | 49789 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:56.397381067 CET | 49789 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:56.397407055 CET | 49789 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:56.397804022 CET | 49789 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:56.397829056 CET | 443 | 49789 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:58.407681942 CET | 49790 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:58.407726049 CET | 443 | 49790 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:58.407794952 CET | 49790 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:58.408334017 CET | 49790 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:58.408351898 CET | 443 | 49790 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:58.692604065 CET | 443 | 49790 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:58.695936918 CET | 49790 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:58.696448088 CET | 49790 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:58.696464062 CET | 443 | 49790 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:58.704230070 CET | 49790 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:58.704260111 CET | 443 | 49790 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:59.010921001 CET | 443 | 49790 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:59.011025906 CET | 443 | 49790 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:18:59.011091948 CET | 49790 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:59.011151075 CET | 49790 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:59.011445999 CET | 49790 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:18:59.011466026 CET | 443 | 49790 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:01.071487904 CET | 49791 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:01.071553946 CET | 443 | 49791 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:01.071655035 CET | 49791 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:01.072335005 CET | 49791 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:01.072365046 CET | 443 | 49791 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:01.182791948 CET | 443 | 49791 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:01.184171915 CET | 49791 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:01.237004995 CET | 49791 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:01.237031937 CET | 443 | 49791 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:01.240524054 CET | 49791 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:01.240551949 CET | 443 | 49791 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:01.725384951 CET | 443 | 49791 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:01.725470066 CET | 443 | 49791 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:01.725498915 CET | 49791 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:01.725517988 CET | 49791 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:01.725943089 CET | 49791 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:01.725970984 CET | 443 | 49791 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:04.043354034 CET | 49792 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:04.043409109 CET | 443 | 49792 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:04.043504953 CET | 49792 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:04.048051119 CET | 49792 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:04.048105001 CET | 443 | 49792 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:04.161225080 CET | 443 | 49792 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:04.161427021 CET | 49792 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:04.165411949 CET | 49792 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:04.165440083 CET | 443 | 49792 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:04.190574884 CET | 49792 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:04.190613031 CET | 443 | 49792 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:04.474555969 CET | 443 | 49792 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:04.474678993 CET | 49792 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:04.474716902 CET | 443 | 49792 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:04.474746943 CET | 443 | 49792 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:04.474802017 CET | 49792 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:04.474843979 CET | 49792 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:04.475009918 CET | 49792 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:04.475044012 CET | 443 | 49792 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:06.486743927 CET | 49793 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:06.486819029 CET | 443 | 49793 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:06.486938000 CET | 49793 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:06.487826109 CET | 49793 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:06.487863064 CET | 443 | 49793 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:06.651619911 CET | 443 | 49793 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:06.651796103 CET | 49793 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:06.652374983 CET | 49793 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:06.652395964 CET | 443 | 49793 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:06.656936884 CET | 49793 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:06.656971931 CET | 443 | 49793 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:06.946980000 CET | 443 | 49793 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:06.947078943 CET | 443 | 49793 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:06.947166920 CET | 49793 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:06.947452068 CET | 49793 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:06.947474003 CET | 49793 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:06.947491884 CET | 443 | 49793 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:08.959302902 CET | 49794 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:08.959341049 CET | 443 | 49794 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:08.959420919 CET | 49794 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:08.959978104 CET | 49794 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:08.959999084 CET | 443 | 49794 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:09.110869884 CET | 443 | 49794 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:09.111732006 CET | 49794 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:09.127954960 CET | 49794 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:09.127978086 CET | 443 | 49794 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:09.134212017 CET | 49794 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:09.134234905 CET | 443 | 49794 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:09.746716022 CET | 443 | 49794 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:09.746810913 CET | 443 | 49794 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:09.746880054 CET | 49794 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:09.746896982 CET | 49794 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:09.747373104 CET | 49794 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:09.747396946 CET | 443 | 49794 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:11.752708912 CET | 49803 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:11.752748013 CET | 443 | 49803 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:11.752880096 CET | 49803 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:11.753478050 CET | 49803 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:11.753504038 CET | 443 | 49803 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:11.855999947 CET | 443 | 49803 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:11.856103897 CET | 49803 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:11.856699944 CET | 49803 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:11.856715918 CET | 443 | 49803 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:11.860299110 CET | 49803 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:11.860323906 CET | 443 | 49803 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:12.061393023 CET | 443 | 49803 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:12.061475992 CET | 443 | 49803 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:12.061476946 CET | 49803 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:12.061525106 CET | 49803 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:12.062195063 CET | 49803 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:12.062217951 CET | 443 | 49803 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:14.083709955 CET | 49817 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:14.083767891 CET | 443 | 49817 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:14.085028887 CET | 49817 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:14.097161055 CET | 49817 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:14.097197056 CET | 443 | 49817 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:14.400003910 CET | 443 | 49817 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:14.400430918 CET | 49817 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:14.400930882 CET | 49817 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:14.400949955 CET | 443 | 49817 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:14.404778957 CET | 49817 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:14.404813051 CET | 443 | 49817 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:14.784050941 CET | 443 | 49817 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:14.784152985 CET | 49817 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:14.784174919 CET | 443 | 49817 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:14.784244061 CET | 443 | 49817 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:14.784322023 CET | 49817 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:14.784513950 CET | 49817 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:14.784533024 CET | 443 | 49817 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:16.800404072 CET | 49831 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:16.800467014 CET | 443 | 49831 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:16.800560951 CET | 49831 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:16.801121950 CET | 49831 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:16.801140070 CET | 443 | 49831 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:16.894707918 CET | 443 | 49831 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:16.894851923 CET | 49831 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:16.895668983 CET | 49831 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:16.895687103 CET | 443 | 49831 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:16.901159048 CET | 49831 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:16.901185036 CET | 443 | 49831 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:17.223426104 CET | 443 | 49831 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:17.223495007 CET | 49831 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:17.223510981 CET | 443 | 49831 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:17.223529100 CET | 443 | 49831 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:17.223556995 CET | 49831 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:17.223579884 CET | 49831 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:17.223993063 CET | 49831 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:17.224010944 CET | 443 | 49831 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:19.248214006 CET | 49832 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:19.248259068 CET | 443 | 49832 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:19.248380899 CET | 49832 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:19.249075890 CET | 49832 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:19.249088049 CET | 443 | 49832 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:19.482321978 CET | 443 | 49832 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:19.482496977 CET | 49832 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:19.483408928 CET | 49832 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:19.483419895 CET | 443 | 49832 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:19.491097927 CET | 49832 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:19.491110086 CET | 443 | 49832 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:19.712029934 CET | 443 | 49832 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:19.712127924 CET | 443 | 49832 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:19.712157965 CET | 49832 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:19.712188005 CET | 49832 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:19.714893103 CET | 49832 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:19.714920998 CET | 443 | 49832 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:21.722920895 CET | 49833 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:21.722979069 CET | 443 | 49833 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:21.723087072 CET | 49833 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:21.723865986 CET | 49833 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:21.723891020 CET | 443 | 49833 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:21.870565891 CET | 443 | 49833 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:21.870872021 CET | 49833 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:21.871438980 CET | 49833 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:21.871454000 CET | 443 | 49833 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:21.875793934 CET | 49833 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:21.875806093 CET | 443 | 49833 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:22.389769077 CET | 443 | 49833 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:22.389866114 CET | 443 | 49833 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:22.390001059 CET | 49833 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:22.390609026 CET | 49833 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:22.390635967 CET | 443 | 49833 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:24.411217928 CET | 49839 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:24.411278009 CET | 443 | 49839 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:24.411458015 CET | 49839 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:24.412404060 CET | 49839 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:24.412434101 CET | 443 | 49839 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:24.509799004 CET | 443 | 49839 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:24.509891987 CET | 49839 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:24.510579109 CET | 49839 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:24.510597944 CET | 443 | 49839 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:24.514885902 CET | 49839 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:24.514909983 CET | 443 | 49839 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:24.828944921 CET | 443 | 49839 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:24.829078913 CET | 443 | 49839 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:24.829191923 CET | 49839 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:24.829901934 CET | 49839 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:24.829921961 CET | 443 | 49839 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:26.849288940 CET | 49840 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:26.849334955 CET | 443 | 49840 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:26.849436045 CET | 49840 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:26.850261927 CET | 49840 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:26.850274086 CET | 443 | 49840 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:26.973201990 CET | 443 | 49840 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:26.973270893 CET | 49840 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:26.973828077 CET | 49840 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:26.973838091 CET | 443 | 49840 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:26.977708101 CET | 49840 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:26.977720022 CET | 443 | 49840 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:27.193325996 CET | 443 | 49840 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:27.193412066 CET | 443 | 49840 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:27.193430901 CET | 49840 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:27.193466902 CET | 49840 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:27.193773985 CET | 49840 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:27.193789959 CET | 443 | 49840 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:29.213269949 CET | 49841 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:29.213326931 CET | 443 | 49841 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:29.213443041 CET | 49841 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:29.214147091 CET | 49841 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:29.214163065 CET | 443 | 49841 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:29.340461016 CET | 443 | 49841 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:29.340651035 CET | 49841 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:29.341438055 CET | 49841 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:29.341454983 CET | 443 | 49841 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:29.348002911 CET | 49841 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:29.348033905 CET | 443 | 49841 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:29.867223024 CET | 443 | 49841 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:29.867300034 CET | 443 | 49841 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:29.867383003 CET | 49841 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:29.867407084 CET | 49841 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:29.867674112 CET | 49841 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:29.867697954 CET | 443 | 49841 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:31.879724979 CET | 49843 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:31.879857063 CET | 443 | 49843 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:31.880000114 CET | 49843 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:31.880527020 CET | 49843 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:31.880556107 CET | 443 | 49843 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:31.979188919 CET | 443 | 49843 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:31.979435921 CET | 49843 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:31.980345964 CET | 49843 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:31.980367899 CET | 443 | 49843 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:31.990346909 CET | 49843 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:31.990408897 CET | 443 | 49843 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:32.195466995 CET | 443 | 49843 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:32.195595026 CET | 443 | 49843 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:32.195677996 CET | 49843 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:32.196408987 CET | 49843 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:32.196434021 CET | 443 | 49843 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:34.210329056 CET | 49844 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:34.210390091 CET | 443 | 49844 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:34.210467100 CET | 49844 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:34.211132050 CET | 49844 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:34.211152077 CET | 443 | 49844 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:34.532530069 CET | 443 | 49844 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:34.532665968 CET | 49844 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:34.533818007 CET | 49844 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:34.533833027 CET | 443 | 49844 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:34.538793087 CET | 49844 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:34.538814068 CET | 443 | 49844 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:34.851747990 CET | 443 | 49844 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:34.851820946 CET | 443 | 49844 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:34.852022886 CET | 49844 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:34.852595091 CET | 49844 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:34.852627039 CET | 443 | 49844 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:36.865901947 CET | 49850 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:36.865945101 CET | 443 | 49850 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:36.866086006 CET | 49850 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:36.866586924 CET | 49850 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:36.866609097 CET | 443 | 49850 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:37.116503954 CET | 443 | 49850 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:37.116605043 CET | 49850 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:37.117069006 CET | 49850 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:37.117078066 CET | 443 | 49850 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:37.120439053 CET | 49850 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:37.120445967 CET | 443 | 49850 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:37.744132042 CET | 443 | 49850 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:37.744215012 CET | 443 | 49850 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:37.744337082 CET | 49850 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:37.856020927 CET | 49850 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:37.856065989 CET | 443 | 49850 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:39.865240097 CET | 49863 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:39.865298033 CET | 443 | 49863 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:39.865529060 CET | 49863 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:39.866187096 CET | 49863 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:39.866210938 CET | 443 | 49863 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:39.957541943 CET | 443 | 49863 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:39.958070993 CET | 49863 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:39.959017992 CET | 49863 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:39.959038973 CET | 443 | 49863 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:39.966315985 CET | 49863 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:39.966347933 CET | 443 | 49863 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:40.221340895 CET | 443 | 49863 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:40.221457958 CET | 443 | 49863 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:40.221585989 CET | 49863 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:40.221882105 CET | 49863 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:40.221915960 CET | 443 | 49863 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:42.334099054 CET | 49869 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:42.334140062 CET | 443 | 49869 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:42.334220886 CET | 49869 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:42.335293055 CET | 49869 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:42.335308075 CET | 443 | 49869 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:42.472248077 CET | 443 | 49869 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:42.473275900 CET | 49869 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:42.474689007 CET | 49869 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:42.474701881 CET | 443 | 49869 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:42.481214046 CET | 49869 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:42.481229067 CET | 443 | 49869 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:42.733206987 CET | 443 | 49869 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:42.733287096 CET | 443 | 49869 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:42.733309984 CET | 49869 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:42.733346939 CET | 49869 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:42.733665943 CET | 49869 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:42.733692884 CET | 443 | 49869 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:44.743860006 CET | 49870 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:44.743935108 CET | 443 | 49870 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:44.744121075 CET | 49870 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:44.745156050 CET | 49870 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:44.745182991 CET | 443 | 49870 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:44.942641020 CET | 443 | 49870 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:44.942780018 CET | 49870 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:44.943438053 CET | 49870 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:44.943444967 CET | 443 | 49870 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:44.949280977 CET | 49870 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:44.949294090 CET | 443 | 49870 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:45.453290939 CET | 443 | 49870 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:45.453356981 CET | 49870 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:45.453373909 CET | 443 | 49870 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:45.453399897 CET | 443 | 49870 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:45.453423023 CET | 49870 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:45.453443050 CET | 49870 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:45.453722954 CET | 49870 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:45.453741074 CET | 443 | 49870 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:47.462759972 CET | 49871 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:47.462802887 CET | 443 | 49871 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:47.462907076 CET | 49871 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:47.464124918 CET | 49871 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:47.464143038 CET | 443 | 49871 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:47.569072008 CET | 443 | 49871 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:47.569221973 CET | 49871 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:47.569762945 CET | 49871 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:47.569775105 CET | 443 | 49871 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:47.579538107 CET | 49871 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:47.579550982 CET | 443 | 49871 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:47.785960913 CET | 443 | 49871 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:47.786046982 CET | 49871 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:47.786066055 CET | 443 | 49871 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:47.786098003 CET | 443 | 49871 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:47.786115885 CET | 49871 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:47.786133051 CET | 49871 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:47.786369085 CET | 49871 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:47.786390066 CET | 443 | 49871 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:49.806015015 CET | 49872 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:49.806063890 CET | 443 | 49872 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:49.806457996 CET | 49872 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:49.807440042 CET | 49872 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:49.807457924 CET | 443 | 49872 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:50.020107031 CET | 443 | 49872 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:50.020226955 CET | 49872 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:50.020915031 CET | 49872 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:50.020930052 CET | 443 | 49872 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:50.024368048 CET | 49872 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:50.024388075 CET | 443 | 49872 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:50.306492090 CET | 443 | 49872 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:50.306565046 CET | 443 | 49872 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:50.306634903 CET | 49872 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:50.306663990 CET | 49872 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:50.307163000 CET | 49872 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:50.307192087 CET | 443 | 49872 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:52.318945885 CET | 49874 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:52.318998098 CET | 443 | 49874 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:52.319119930 CET | 49874 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:52.320071936 CET | 49874 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:52.320096970 CET | 443 | 49874 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:52.429888964 CET | 443 | 49874 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:52.430038929 CET | 49874 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:52.430577040 CET | 49874 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:52.430588961 CET | 443 | 49874 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:52.434922934 CET | 49874 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:52.434937954 CET | 443 | 49874 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:52.669873953 CET | 443 | 49874 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:52.670005083 CET | 443 | 49874 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:52.670079947 CET | 49874 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:52.670161963 CET | 49874 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:52.670800924 CET | 49874 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:52.670828104 CET | 443 | 49874 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:54.842660904 CET | 49875 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:54.842709064 CET | 443 | 49875 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:54.842807055 CET | 49875 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:54.843579054 CET | 49875 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:54.843595028 CET | 443 | 49875 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:54.937834978 CET | 443 | 49875 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:54.938774109 CET | 49875 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:54.939393997 CET | 49875 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:54.939404011 CET | 443 | 49875 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:54.943881989 CET | 49875 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:54.943897963 CET | 443 | 49875 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:55.178364038 CET | 443 | 49875 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:55.178457022 CET | 443 | 49875 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:55.178491116 CET | 49875 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:55.178518057 CET | 49875 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:55.178894997 CET | 49875 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:55.178947926 CET | 443 | 49875 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:57.205707073 CET | 49876 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:57.205781937 CET | 443 | 49876 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:57.205895901 CET | 49876 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:57.206372976 CET | 49876 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:57.206403017 CET | 443 | 49876 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:57.429970026 CET | 443 | 49876 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:57.430068016 CET | 49876 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:57.431092024 CET | 49876 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:57.431111097 CET | 443 | 49876 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:57.434647083 CET | 49876 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:57.434664965 CET | 443 | 49876 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:57.887408018 CET | 443 | 49876 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:57.887505054 CET | 443 | 49876 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:57.887742996 CET | 49876 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:57.888350964 CET | 49876 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:57.888391972 CET | 443 | 49876 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:59.904540062 CET | 49877 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:59.904597044 CET | 443 | 49877 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:19:59.904716015 CET | 49877 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:59.906168938 CET | 49877 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:19:59.906193018 CET | 443 | 49877 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:00.044984102 CET | 443 | 49877 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:00.045084000 CET | 49877 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:00.045707941 CET | 49877 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:00.045720100 CET | 443 | 49877 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:00.049206972 CET | 49877 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:00.049226046 CET | 443 | 49877 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:00.278626919 CET | 443 | 49877 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:00.278723955 CET | 49877 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:00.278748035 CET | 443 | 49877 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:00.278778076 CET | 443 | 49877 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:00.278800964 CET | 49877 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:00.278825045 CET | 49877 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:00.279051065 CET | 49877 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:00.279067039 CET | 443 | 49877 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:02.289052010 CET | 49878 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:02.289091110 CET | 443 | 49878 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:02.289228916 CET | 49878 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:02.289930105 CET | 49878 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:02.289963007 CET | 443 | 49878 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:02.592570066 CET | 443 | 49878 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:02.592806101 CET | 49878 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:02.593784094 CET | 49878 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:02.593801975 CET | 443 | 49878 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:02.603790998 CET | 49878 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:02.603817940 CET | 443 | 49878 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:02.900866032 CET | 443 | 49878 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:02.900964975 CET | 443 | 49878 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:02.903651953 CET | 49878 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:02.905452013 CET | 49878 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:02.905492067 CET | 443 | 49878 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:04.914129019 CET | 49879 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:04.914170980 CET | 443 | 49879 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:04.914298058 CET | 49879 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:04.915011883 CET | 49879 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:04.915030956 CET | 443 | 49879 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:05.026381016 CET | 443 | 49879 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:05.026566029 CET | 49879 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:05.027884960 CET | 49879 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:05.027895927 CET | 443 | 49879 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:05.032491922 CET | 49879 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:05.032507896 CET | 443 | 49879 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:05.652427912 CET | 443 | 49879 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:05.652681112 CET | 443 | 49879 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:05.652759075 CET | 49879 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:05.652805090 CET | 49879 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:05.653172970 CET | 49879 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:05.653209925 CET | 443 | 49879 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:07.666038036 CET | 49880 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:07.666089058 CET | 443 | 49880 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:07.666305065 CET | 49880 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:07.667429924 CET | 49880 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:07.667449951 CET | 443 | 49880 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:07.758327961 CET | 443 | 49880 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:07.758850098 CET | 49880 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:07.759423018 CET | 49880 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:07.759439945 CET | 443 | 49880 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:07.763780117 CET | 49880 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:07.763804913 CET | 443 | 49880 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:07.955059052 CET | 443 | 49880 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:07.955137968 CET | 443 | 49880 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:07.955385923 CET | 49880 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:07.956075907 CET | 49880 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:07.956113100 CET | 443 | 49880 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:09.962013960 CET | 49881 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:09.962085009 CET | 443 | 49881 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:09.962376118 CET | 49881 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:09.962949038 CET | 49881 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:09.962975979 CET | 443 | 49881 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:10.198333979 CET | 443 | 49881 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:10.198486090 CET | 49881 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:10.199143887 CET | 49881 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:10.199162960 CET | 443 | 49881 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:10.214071035 CET | 49881 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:10.214095116 CET | 443 | 49881 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:10.434372902 CET | 443 | 49881 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:10.434463024 CET | 443 | 49881 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:10.434572935 CET | 49881 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:10.434833050 CET | 49881 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:10.435221910 CET | 49881 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:10.435247898 CET | 443 | 49881 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:12.449806929 CET | 49882 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:12.449857950 CET | 443 | 49882 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:12.450007915 CET | 49882 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:12.450588942 CET | 49882 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:12.450617075 CET | 443 | 49882 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:12.583544970 CET | 443 | 49882 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:12.583676100 CET | 49882 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:12.586461067 CET | 49882 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:12.586483002 CET | 443 | 49882 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:12.592647076 CET | 49882 | 443 | 192.168.2.4 | 45.153.186.90 |
| Dec 6, 2021 12:20:12.592667103 CET | 443 | 49882 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:13.174170017 CET | 443 | 49882 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:13.174293995 CET | 443 | 49882 | 45.153.186.90 | 192.168.2.4 |
| Dec 6, 2021 12:20:13.174391031 CET | 49882 | 443 | 192.168.2.4 | 45.153.186.90 |
UDP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 6, 2021 12:18:27.018407106 CET | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
| Dec 6, 2021 12:18:27.140331030 CET | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
| Dec 6, 2021 12:18:27.243932962 CET | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
| Dec 6, 2021 12:18:27.263843060 CET | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
| Dec 6, 2021 12:18:27.270508051 CET | 49258 | 123 | 192.168.2.4 | 194.58.200.20 |
| Dec 6, 2021 12:18:27.317620993 CET | 123 | 49258 | 194.58.200.20 | 192.168.2.4 |
| Dec 6, 2021 12:18:27.331526995 CET | 62389 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:27.368480921 CET | 62389 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:27.407763958 CET | 62389 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:27.442845106 CET | 62389 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:27.477871895 CET | 62389 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:27.957701921 CET | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
| Dec 6, 2021 12:18:27.977278948 CET | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
| Dec 6, 2021 12:18:27.978399038 CET | 49911 | 123 | 192.168.2.4 | 194.58.200.20 |
| Dec 6, 2021 12:18:28.015126944 CET | 123 | 49911 | 194.58.200.20 | 192.168.2.4 |
| Dec 6, 2021 12:18:28.019891024 CET | 55854 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:28.055953979 CET | 55854 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:28.091083050 CET | 55854 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:28.126245022 CET | 55854 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:28.161612034 CET | 55854 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:28.201806068 CET | 64549 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:28.237107038 CET | 64549 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:28.272151947 CET | 64549 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:28.307394981 CET | 64549 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:28.342597008 CET | 64549 | 53 | 192.168.2.4 | 185.243.215.214 |
| Dec 6, 2021 12:18:29.472547054 CET | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
| Dec 6, 2021 12:18:29.492039919 CET | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
| Dec 6, 2021 12:18:29.493199110 CET | 63154 | 123 | 192.168.2.4 | 194.58.200.20 |
| Dec 6, 2021 12:18:29.540256977 CET | 123 | 63154 | 194.58.200.20 | 192.168.2.4 |
| Dec 6, 2021 12:18:29.543028116 CET | 52991 | 53 | 192.168.2.4 | 1.2.4.8 |
| Dec 6, 2021 12:18:29.782125950 CET | 53 | 52991 | 1.2.4.8 | 192.168.2.4 |
| Dec 6, 2021 12:18:29.784178019 CET | 53700 | 53 | 192.168.2.4 | 1.2.4.8 |
| Dec 6, 2021 12:18:29.998050928 CET | 53 | 53700 | 1.2.4.8 | 192.168.2.4 |
| Dec 6, 2021 12:18:31.101105928 CET | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
| Dec 6, 2021 12:18:31.150785923 CET | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
| Dec 6, 2021 12:18:31.151928902 CET | 51727 | 123 | 192.168.2.4 | 194.58.200.20 |
| Dec 6, 2021 12:18:31.198793888 CET | 123 | 51727 | 194.58.200.20 | 192.168.2.4 |
| Dec 6, 2021 12:18:31.201875925 CET | 56794 | 53 | 192.168.2.4 | 114.114.114.114 |
| Dec 6, 2021 12:18:31.460943937 CET | 53 | 56794 | 114.114.114.114 | 192.168.2.4 |
| Dec 6, 2021 12:18:31.463043928 CET | 56534 | 53 | 192.168.2.4 | 114.114.114.114 |
| Dec 6, 2021 12:18:31.592924118 CET | 53 | 56534 | 114.114.114.114 | 192.168.2.4 |
| Dec 6, 2021 12:18:33.642477036 CET | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
| Dec 6, 2021 12:18:33.719330072 CET | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
ICMP Packets |
|---|
| Timestamp | Source IP | Dest IP | Checksum | Code | Type |
|---|---|---|---|---|---|
| Dec 6, 2021 12:18:27.366453886 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:27.403275967 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:27.442539930 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:27.477565050 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:27.512629986 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:28.054863930 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:28.090687037 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:28.125963926 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:28.161180019 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:28.196342945 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:28.236654043 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:28.271886110 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:28.306924105 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:28.342140913 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
| Dec 6, 2021 12:18:28.377342939 CET | 185.243.215.214 | 192.168.2.4 | 51c2 | (Port unreachable) | Destination Unreachable |
DNS Queries |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| Dec 6, 2021 12:18:27.018407106 CET | 192.168.2.4 | 8.8.8.8 | 0x6716 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:27.243932962 CET | 192.168.2.4 | 8.8.8.8 | 0xedfa | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:27.331526995 CET | 192.168.2.4 | 185.243.215.214 | 0x9147 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:27.368480921 CET | 192.168.2.4 | 185.243.215.214 | 0x9147 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:27.407763958 CET | 192.168.2.4 | 185.243.215.214 | 0x9147 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:27.442845106 CET | 192.168.2.4 | 185.243.215.214 | 0x9147 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:27.477871895 CET | 192.168.2.4 | 185.243.215.214 | 0x9147 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:27.957701921 CET | 192.168.2.4 | 8.8.8.8 | 0xa7e1 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:28.019891024 CET | 192.168.2.4 | 185.243.215.214 | 0x5a9c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:28.055953979 CET | 192.168.2.4 | 185.243.215.214 | 0x5a9c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:28.091083050 CET | 192.168.2.4 | 185.243.215.214 | 0x5a9c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:28.126245022 CET | 192.168.2.4 | 185.243.215.214 | 0x5a9c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:28.161612034 CET | 192.168.2.4 | 185.243.215.214 | 0x5a9c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:28.201806068 CET | 192.168.2.4 | 185.243.215.214 | 0x2a5e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:28.237107038 CET | 192.168.2.4 | 185.243.215.214 | 0x2a5e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:28.272151947 CET | 192.168.2.4 | 185.243.215.214 | 0x2a5e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:28.307394981 CET | 192.168.2.4 | 185.243.215.214 | 0x2a5e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:28.342597008 CET | 192.168.2.4 | 185.243.215.214 | 0x2a5e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:29.472547054 CET | 192.168.2.4 | 8.8.8.8 | 0x7923 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:29.543028116 CET | 192.168.2.4 | 1.2.4.8 | 0x65a | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:29.784178019 CET | 192.168.2.4 | 1.2.4.8 | 0xb7ee | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:31.101105928 CET | 192.168.2.4 | 8.8.8.8 | 0x88e4 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:31.201875925 CET | 192.168.2.4 | 114.114.114.114 | 0xf363 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:31.463043928 CET | 192.168.2.4 | 114.114.114.114 | 0x8112 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:33.642477036 CET | 192.168.2.4 | 8.8.8.8 | 0x9d84 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| Dec 6, 2021 12:18:27.140331030 CET | 8.8.8.8 | 192.168.2.4 | 0x6716 | No error (0) | 185.243.215.214 | A (IP address) | IN (0x0001) | ||
| Dec 6, 2021 12:18:27.263843060 CET | 8.8.8.8 | 192.168.2.4 | 0xedfa | No error (0) | 194.58.200.20 | A (IP address) | IN (0x0001) | ||
| Dec 6, 2021 12:18:27.977278948 CET | 8.8.8.8 | 192.168.2.4 | 0xa7e1 | No error (0) | 194.58.200.20 | A (IP address) | IN (0x0001) | ||
| Dec 6, 2021 12:18:29.492039919 CET | 8.8.8.8 | 192.168.2.4 | 0x7923 | No error (0) | 194.58.200.20 | A (IP address) | IN (0x0001) | ||
| Dec 6, 2021 12:18:29.782125950 CET | 1.2.4.8 | 192.168.2.4 | 0x65a | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:29.998050928 CET | 1.2.4.8 | 192.168.2.4 | 0xb7ee | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:31.150785923 CET | 8.8.8.8 | 192.168.2.4 | 0x88e4 | No error (0) | 194.58.200.20 | A (IP address) | IN (0x0001) | ||
| Dec 6, 2021 12:18:31.460943937 CET | 114.114.114.114 | 192.168.2.4 | 0xf363 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:31.592924118 CET | 114.114.114.114 | 192.168.2.4 | 0x8112 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Dec 6, 2021 12:18:33.719330072 CET | 8.8.8.8 | 192.168.2.4 | 0x9d84 | No error (0) | 45.153.186.90 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
|---|
|
HTTPS Proxied Packets |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49774 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:34 UTC | 0 | OUT | |
| 2021-12-06 11:18:34 UTC | 0 | OUT | |
| 2021-12-06 11:18:34 UTC | 0 | IN | |
| 2021-12-06 11:18:34 UTC | 0 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49775 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:34 UTC | 0 | OUT | |
| 2021-12-06 11:18:34 UTC | 0 | OUT | |
| 2021-12-06 11:18:35 UTC | 1 | IN | |
| 2021-12-06 11:18:35 UTC | 1 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 49786 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:50 UTC | 7 | OUT | |
| 2021-12-06 11:18:50 UTC | 7 | OUT | |
| 2021-12-06 11:18:51 UTC | 7 | IN | |
| 2021-12-06 11:18:51 UTC | 7 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 49787 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:53 UTC | 7 | OUT | |
| 2021-12-06 11:18:53 UTC | 8 | OUT | |
| 2021-12-06 11:18:53 UTC | 8 | IN | |
| 2021-12-06 11:18:53 UTC | 8 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 12 | 192.168.2.4 | 49789 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:56 UTC | 8 | OUT | |
| 2021-12-06 11:18:56 UTC | 8 | OUT | |
| 2021-12-06 11:18:56 UTC | 9 | IN | |
| 2021-12-06 11:18:56 UTC | 9 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 13 | 192.168.2.4 | 49790 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:58 UTC | 9 | OUT | |
| 2021-12-06 11:18:58 UTC | 9 | OUT | |
| 2021-12-06 11:18:59 UTC | 9 | IN | |
| 2021-12-06 11:18:59 UTC | 10 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 14 | 192.168.2.4 | 49791 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:01 UTC | 10 | OUT | |
| 2021-12-06 11:19:01 UTC | 10 | OUT | |
| 2021-12-06 11:19:01 UTC | 10 | IN | |
| 2021-12-06 11:19:01 UTC | 10 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 15 | 192.168.2.4 | 49792 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:04 UTC | 10 | OUT | |
| 2021-12-06 11:19:04 UTC | 10 | OUT | |
| 2021-12-06 11:19:04 UTC | 11 | IN | |
| 2021-12-06 11:19:04 UTC | 11 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 16 | 192.168.2.4 | 49793 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:06 UTC | 11 | OUT | |
| 2021-12-06 11:19:06 UTC | 11 | OUT | |
| 2021-12-06 11:19:06 UTC | 11 | IN | |
| 2021-12-06 11:19:06 UTC | 12 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 17 | 192.168.2.4 | 49794 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:09 UTC | 12 | OUT | |
| 2021-12-06 11:19:09 UTC | 12 | OUT | |
| 2021-12-06 11:19:09 UTC | 12 | IN | |
| 2021-12-06 11:19:09 UTC | 12 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 18 | 192.168.2.4 | 49803 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:11 UTC | 12 | OUT | |
| 2021-12-06 11:19:11 UTC | 13 | OUT | |
| 2021-12-06 11:19:12 UTC | 13 | IN | |
| 2021-12-06 11:19:12 UTC | 13 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 19 | 192.168.2.4 | 49817 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:14 UTC | 13 | OUT | |
| 2021-12-06 11:19:14 UTC | 13 | OUT | |
| 2021-12-06 11:19:14 UTC | 14 | IN | |
| 2021-12-06 11:19:14 UTC | 14 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49776 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:35 UTC | 1 | OUT | |
| 2021-12-06 11:18:35 UTC | 1 | OUT | |
| 2021-12-06 11:18:35 UTC | 1 | IN | |
| 2021-12-06 11:18:35 UTC | 2 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 20 | 192.168.2.4 | 49831 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:16 UTC | 14 | OUT | |
| 2021-12-06 11:19:16 UTC | 14 | OUT | |
| 2021-12-06 11:19:17 UTC | 14 | IN | |
| 2021-12-06 11:19:17 UTC | 15 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 21 | 192.168.2.4 | 49832 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:19 UTC | 15 | OUT | |
| 2021-12-06 11:19:19 UTC | 15 | OUT | |
| 2021-12-06 11:19:19 UTC | 15 | IN | |
| 2021-12-06 11:19:19 UTC | 15 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 22 | 192.168.2.4 | 49833 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:21 UTC | 15 | OUT | |
| 2021-12-06 11:19:21 UTC | 15 | OUT | |
| 2021-12-06 11:19:22 UTC | 16 | IN | |
| 2021-12-06 11:19:22 UTC | 16 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 23 | 192.168.2.4 | 49839 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:24 UTC | 16 | OUT | |
| 2021-12-06 11:19:24 UTC | 16 | OUT | |
| 2021-12-06 11:19:24 UTC | 16 | IN | |
| 2021-12-06 11:19:24 UTC | 17 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 24 | 192.168.2.4 | 49840 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:26 UTC | 17 | OUT | |
| 2021-12-06 11:19:26 UTC | 17 | OUT | |
| 2021-12-06 11:19:27 UTC | 17 | IN | |
| 2021-12-06 11:19:27 UTC | 17 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 25 | 192.168.2.4 | 49841 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:29 UTC | 17 | OUT | |
| 2021-12-06 11:19:29 UTC | 18 | OUT | |
| 2021-12-06 11:19:29 UTC | 18 | IN | |
| 2021-12-06 11:19:29 UTC | 18 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 26 | 192.168.2.4 | 49843 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:31 UTC | 18 | OUT | |
| 2021-12-06 11:19:31 UTC | 18 | OUT | |
| 2021-12-06 11:19:32 UTC | 19 | IN | |
| 2021-12-06 11:19:32 UTC | 19 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 27 | 192.168.2.4 | 49844 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:34 UTC | 19 | OUT | |
| 2021-12-06 11:19:34 UTC | 19 | OUT | |
| 2021-12-06 11:19:34 UTC | 19 | IN | |
| 2021-12-06 11:19:34 UTC | 20 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 28 | 192.168.2.4 | 49850 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:37 UTC | 20 | OUT | |
| 2021-12-06 11:19:37 UTC | 20 | OUT | |
| 2021-12-06 11:19:37 UTC | 20 | IN | |
| 2021-12-06 11:19:37 UTC | 20 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 29 | 192.168.2.4 | 49863 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:39 UTC | 20 | OUT | |
| 2021-12-06 11:19:39 UTC | 20 | OUT | |
| 2021-12-06 11:19:40 UTC | 21 | IN | |
| 2021-12-06 11:19:40 UTC | 21 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49777 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:35 UTC | 2 | OUT | |
| 2021-12-06 11:18:35 UTC | 2 | OUT | |
| 2021-12-06 11:18:36 UTC | 3 | IN | |
| 2021-12-06 11:18:36 UTC | 3 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 30 | 192.168.2.4 | 49869 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:42 UTC | 21 | OUT | |
| 2021-12-06 11:19:42 UTC | 21 | OUT | |
| 2021-12-06 11:19:42 UTC | 21 | IN | |
| 2021-12-06 11:19:42 UTC | 22 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 31 | 192.168.2.4 | 49870 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:44 UTC | 22 | OUT | |
| 2021-12-06 11:19:44 UTC | 22 | OUT | |
| 2021-12-06 11:19:45 UTC | 22 | IN | |
| 2021-12-06 11:19:45 UTC | 22 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 32 | 192.168.2.4 | 49871 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:47 UTC | 22 | OUT | |
| 2021-12-06 11:19:47 UTC | 23 | OUT | |
| 2021-12-06 11:19:47 UTC | 23 | IN | |
| 2021-12-06 11:19:47 UTC | 23 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 33 | 192.168.2.4 | 49872 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:50 UTC | 23 | OUT | |
| 2021-12-06 11:19:50 UTC | 23 | OUT | |
| 2021-12-06 11:19:50 UTC | 24 | IN | |
| 2021-12-06 11:19:50 UTC | 24 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 34 | 192.168.2.4 | 49874 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:52 UTC | 24 | OUT | |
| 2021-12-06 11:19:52 UTC | 24 | OUT | |
| 2021-12-06 11:19:52 UTC | 24 | IN | |
| 2021-12-06 11:19:52 UTC | 25 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 35 | 192.168.2.4 | 49875 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:54 UTC | 25 | OUT | |
| 2021-12-06 11:19:54 UTC | 25 | OUT | |
| 2021-12-06 11:19:55 UTC | 25 | IN | |
| 2021-12-06 11:19:55 UTC | 25 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 36 | 192.168.2.4 | 49876 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:19:57 UTC | 25 | OUT | |
| 2021-12-06 11:19:57 UTC | 25 | OUT | |
| 2021-12-06 11:19:57 UTC | 26 | IN | |
| 2021-12-06 11:19:57 UTC | 26 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 37 | 192.168.2.4 | 49877 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:20:00 UTC | 26 | OUT | |
| 2021-12-06 11:20:00 UTC | 26 | OUT | |
| 2021-12-06 11:20:00 UTC | 26 | IN | |
| 2021-12-06 11:20:00 UTC | 27 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 38 | 192.168.2.4 | 49878 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:20:02 UTC | 27 | OUT | |
| 2021-12-06 11:20:02 UTC | 27 | OUT | |
| 2021-12-06 11:20:02 UTC | 27 | IN | |
| 2021-12-06 11:20:02 UTC | 27 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 39 | 192.168.2.4 | 49879 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:20:05 UTC | 27 | OUT | |
| 2021-12-06 11:20:05 UTC | 28 | OUT | |
| 2021-12-06 11:20:05 UTC | 28 | IN | |
| 2021-12-06 11:20:05 UTC | 28 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49778 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:36 UTC | 2 | OUT | |
| 2021-12-06 11:18:36 UTC | 2 | OUT | |
| 2021-12-06 11:18:36 UTC | 3 | IN | |
| 2021-12-06 11:18:36 UTC | 3 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 40 | 192.168.2.4 | 49880 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:20:07 UTC | 28 | OUT | |
| 2021-12-06 11:20:07 UTC | 28 | OUT | |
| 2021-12-06 11:20:07 UTC | 29 | IN | |
| 2021-12-06 11:20:07 UTC | 29 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 41 | 192.168.2.4 | 49881 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:20:10 UTC | 29 | OUT | |
| 2021-12-06 11:20:10 UTC | 29 | OUT | |
| 2021-12-06 11:20:10 UTC | 29 | IN | |
| 2021-12-06 11:20:10 UTC | 29 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 42 | 192.168.2.4 | 49882 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:20:12 UTC | 29 | OUT | |
| 2021-12-06 11:20:12 UTC | 30 | OUT | |
| 2021-12-06 11:20:13 UTC | 30 | IN | |
| 2021-12-06 11:20:13 UTC | 30 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49779 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:38 UTC | 3 | OUT | |
| 2021-12-06 11:18:38 UTC | 3 | OUT | |
| 2021-12-06 11:18:38 UTC | 4 | IN | |
| 2021-12-06 11:18:38 UTC | 4 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49782 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:40 UTC | 4 | OUT | |
| 2021-12-06 11:18:40 UTC | 4 | OUT | |
| 2021-12-06 11:18:41 UTC | 4 | IN | |
| 2021-12-06 11:18:41 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49783 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:43 UTC | 5 | OUT | |
| 2021-12-06 11:18:43 UTC | 5 | OUT | |
| 2021-12-06 11:18:43 UTC | 5 | IN | |
| 2021-12-06 11:18:43 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 49784 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:45 UTC | 5 | OUT | |
| 2021-12-06 11:18:45 UTC | 6 | OUT | |
| 2021-12-06 11:18:46 UTC | 6 | IN | |
| 2021-12-06 11:18:46 UTC | 6 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 49785 | 45.153.186.90 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-12-06 11:18:48 UTC | 6 | OUT | |
| 2021-12-06 11:18:48 UTC | 6 | OUT | |
| 2021-12-06 11:18:48 UTC | 6 | IN | |
| 2021-12-06 11:18:48 UTC | 7 | IN |
Code Manipulations |
|---|
Statistics |
|---|
CPU Usage |
|---|
Click to jump to process
Memory Usage |
|---|
Click to jump to process
High Level Behavior Distribution |
|---|
back
Click to dive into process behavior distribution
Behavior |
|---|
Click to jump to process
System Behavior |
|---|
General |
|---|
| Start time: | 12:18:07 |
| Start date: | 06/12/2021 |
| Path: | C:\Users\user\Desktop\PREVIOUS CONVERSATION.pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x70000 |
| File size: | 2296320 bytes |
| MD5 hash: | 28241AAFE5B6018C984E310C33E9E48B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Yara matches: |
|
| Reputation: | low |
General |
|---|
| Start time: | 12:18:11 |
| Start date: | 06/12/2021 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x1340000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Reputation: | high |
General |
|---|
| Start time: | 12:18:11 |
| Start date: | 06/12/2021 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff724c50000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 12:18:12 |
| Start date: | 06/12/2021 |
| Path: | C:\Windows\SysWOW64\schtasks.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb90000 |
| File size: | 185856 bytes |
| MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 12:18:13 |
| Start date: | 06/12/2021 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff724c50000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 12:18:14 |
| Start date: | 06/12/2021 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xeb0000 |
| File size: | 45152 bytes |
| MD5 hash: | 2867A3817C9245F7CF518524DFD18F28 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
Disassembly |
|---|
Code Analysis |
|---|
Executed Functions |
|---|
| APIs |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 008A3CD0, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 008A536E, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 008ABD39, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 008ABD40, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 008A99EB, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 008A99F0, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 008AFE88, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 008AFE90, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 07A90DF8, Relevance: .1, Instructions: 51COMMON
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 07A90D50, Relevance: .0, Instructions: 48COMMON
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 07A90D60, Relevance: .0, Instructions: 42COMMON
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 07A905E9, Relevance: .0, Instructions: 20COMMON
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 07A905F8, Relevance: .0, Instructions: 15COMMON
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Function 008AE5F0, Relevance: .3, Instructions: 315COMMON
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 008AC66C, Relevance: .3, Instructions: 265COMMON
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 008AE5E9, Relevance: .2, Instructions: 220COMMON
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
|---|
Function 004BA019, Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 370timeCOMMON
| C-Code - Quality: 66% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 62% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004382E8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38nativeCOMMON
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0043656A, Relevance: 3.0, APIs: 2, Instructions: 43COMMON
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00438418, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 18% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0049C76F, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00438DCE, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
| C-Code - Quality: 16% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0049ACC4, Relevance: 30.3, APIs: 20, Instructions: 287COMMON
| C-Code - Quality: 62% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 45% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 84% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0043834E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59registryCOMMON
| C-Code - Quality: 30% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0043F667, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 57memoryCOMMON
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004AD519, Relevance: 9.3, APIs: 6, Instructions: 284COMMON
| C-Code - Quality: 66% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004AE22E, Relevance: 9.2, APIs: 6, Instructions: 200COMMON
| C-Code - Quality: 79% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 17% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004BA1EE, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171timeCOMMON
| C-Code - Quality: 38% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004B2407, Relevance: 7.7, APIs: 5, Instructions: 187COMMON
| C-Code - Quality: 73% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00443CE6, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 92% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0043F5AD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86memoryCOMMON
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 37% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004BA349, Relevance: 4.6, APIs: 3, Instructions: 80COMMON
| C-Code - Quality: 69% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D212, Relevance: 4.5, APIs: 3, Instructions: 30COMMON
| C-Code - Quality: 66% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 85% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004B6D93, Relevance: 3.2, APIs: 2, Instructions: 186COMMON
| C-Code - Quality: 87% |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B15C, Relevance: 3.1, APIs: 2, Instructions: 73COMMON
| C-Code - Quality: 83% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0043845F, Relevance: 3.1, APIs: 2, Instructions: 55timeCOMMON
| C-Code - Quality: 36% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004AAF22, Relevance: 3.1, APIs: 2, Instructions: 54threadCOMMON
| C-Code - Quality: 71% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004B8FE6, Relevance: 3.0, APIs: 2, Instructions: 50COMMON
| C-Code - Quality: 61% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048902D, Relevance: 3.0, APIs: 2, Instructions: 46COMMON
| C-Code - Quality: 79% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00492BDC, Relevance: 3.0, APIs: 2, Instructions: 17COMMON
| C-Code - Quality: 89% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0049AC63, Relevance: 3.0, APIs: 2, Instructions: 17COMMON
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004ACB51, Relevance: 1.6, APIs: 1, Instructions: 118COMMON
| C-Code - Quality: 85% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004384DC, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004BB397, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
| C-Code - Quality: 72% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004A9E0D, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
| C-Code - Quality: 92% |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B4DD, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004B1B82, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004B2F72, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
| C-Code - Quality: 95% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004C1FE0, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
| C-Code - Quality: 87% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004B84D4, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 76% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004B3009, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004AAE82, Relevance: 1.5, APIs: 1, Instructions: 31threadCOMMON
| C-Code - Quality: 46% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004C1D1F, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Function 00438696, Relevance: 7.6, Strings: 6, Instructions: 67COMMON
| C-Code - Quality: 77% |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 49% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048B007, Relevance: 1.5, APIs: 1, Instructions: 15timeCOMMON
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0043865F, Relevance: .0, Instructions: 29COMMON
| C-Code - Quality: 50% |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004B0BDB, Relevance: .0, Instructions: 21COMMON
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004AE54D, Relevance: 21.3, APIs: 14, Instructions: 296COMMON
| C-Code - Quality: 73% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004BDA4B, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004BCEDC, Relevance: 18.4, APIs: 12, Instructions: 376COMMON
| C-Code - Quality: 79% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 78% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 56% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 87% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004B3527, Relevance: 15.1, APIs: 10, Instructions: 54COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 69% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004BC505, Relevance: 12.2, APIs: 8, Instructions: 209COMMON
| C-Code - Quality: 83% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 59% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004BD7D6, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00482DFE, Relevance: 9.1, APIs: 6, Instructions: 141COMMON
| C-Code - Quality: 74% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00437AF5, Relevance: 9.1, APIs: 6, Instructions: 136COMMON
| C-Code - Quality: 58% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 45% |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C268, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C2FD, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C392, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C427, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C4BC, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C551, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00499534, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004995C9, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00499788, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0049981D, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C83A, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C8CF, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C964, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C9F9, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CCE2, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CD77, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 48% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004ACD9D, Relevance: 7.6, APIs: 5, Instructions: 116COMMON
| C-Code - Quality: 22% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00433006, Relevance: 7.6, APIs: 5, Instructions: 65COMMON
| C-Code - Quality: 77% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00483AE0, Relevance: 7.6, APIs: 5, Instructions: 65COMMON
| C-Code - Quality: 66% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042FD2A, Relevance: 7.6, APIs: 5, Instructions: 65COMMON
| C-Code - Quality: 72% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042FE86, Relevance: 7.6, APIs: 5, Instructions: 65COMMON
| C-Code - Quality: 29% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048BAE8, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C5E6, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0049965E, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C67B, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004996F3, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C710, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C7A5, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004998B2, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00499947, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CA8E, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CB23, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CBB8, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CC4D, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CE0C, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CEA1, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CF36, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 71% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CFCB, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004BD298, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 88% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 50% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 56% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 73% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004B384E, Relevance: 6.3, APIs: 4, Instructions: 305COMMON
| C-Code - Quality: 74% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004A14C6, Relevance: 6.2, APIs: 4, Instructions: 168COMMON
| C-Code - Quality: 69% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004B9AA8, Relevance: 6.1, APIs: 4, Instructions: 133COMMON
| C-Code - Quality: 95% |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004A13AF, Relevance: 6.1, APIs: 4, Instructions: 60COMMON
| C-Code - Quality: 54% |
|
| APIs |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 83% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 98% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 63% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 63% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 61% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 76% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 75% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 80% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 68% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 66% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 58% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 52% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |