Windows
Analysis Report
bUBD.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- bUBD.exe (PID: 6840 cmdline:
"C:\Users\ user\Deskt op\bUBD.ex e" MD5: B0EB1186DEC29582D7C86D211E2ADDF8) - cmd.exe (PID: 4088 cmdline:
cmd.exe /C Y /N /D Y /T 1 & De l "C:\User s\user\Des ktop\bUBD. exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 5216 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
NjRAT | RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored. |
{"Host": "patria.duckdns.org", "Port": "1994", "Campaign ID": "NYAN CAT", "Network Seprator": "@!#&^%$", "Registry": "03bf0f5789"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
JoeSecurity_Njrat | Yara detected Njrat | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security |
Timestamp: | 04/17/24-21:10:33.620833 |
SID: | 2825564 |
Source Port: | 49738 |
Destination Port: | 1994 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-21:09:03.882073 |
SID: | 2825563 |
Source Port: | 49730 |
Destination Port: | 1994 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-21:10:24.166032 |
SID: | 2033132 |
Source Port: | 49738 |
Destination Port: | 1994 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-21:10:19.272986 |
SID: | 2825564 |
Source Port: | 49730 |
Destination Port: | 1994 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-21:09:03.399283 |
SID: | 2033132 |
Source Port: | 49730 |
Destination Port: | 1994 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00B519F0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_049E22AA | |
Source: | Code function: | 0_2_049E2273 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 Input Capture | 1 Security Software Discovery | Remote Services | 1 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 2 Process Injection | 2 Virtualization/Sandbox Evasion | LSASS Memory | 2 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Disable or Modify Tools | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 21 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Process Injection | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Software Packing | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 File Deletion | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
95% | ReversingLabs | ByteCode-MSIL.Backdoor.Bladabhindi | ||
100% | Avira | TR/Dropper.Gen7 | ||
100% | Joe Sandbox ML |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
patria.duckdns.org | 46.246.14.22 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
46.246.14.22 | patria.duckdns.org | Sweden | 42708 | PORTLANEwwwportlanecomSE | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1427599 |
Start date and time: | 2024-04-17 21:08:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | bUBD.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/1@2/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: bUBD.exe
Time | Type | Description |
---|---|---|
21:09:32 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
46.246.14.22 | Get hash | malicious | Njrat | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
patria.duckdns.org | Get hash | malicious | Njrat | Browse |
| |
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PORTLANEwwwportlanecomSE | Get hash | malicious | AsyncRAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | Njrat | Browse |
|
Process: | C:\Users\user\Desktop\bUBD.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 907 |
Entropy (8bit): | 5.243019596074263 |
Encrypted: | false |
SSDEEP: | 24:MLF2CpI329Iz52VMzffup26KTnKoO2+b2hHAa/:MwQd9IzoaXuY6Ux+SF/ |
MD5: | 48A0572426885EBDE53CA62C7F2E194E |
SHA1: | 035628CDF6276367F6C83E9F4AA2172933850AA8 |
SHA-256: | 4C68E10691304CAC8DA65A05CF2580728EC0E294104F267840712AF1C46A6538 |
SHA-512: | DEFE728C2312918D94BD43C98908C08CCCA5EBFB77F873779DCA784F14C607B33A4E29AC5ECB798F2F741668B7692F72BCB60DEFD536EA86B296B64FA359C42D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 3.8058337179857618 |
TrID: |
|
File name: | bUBD.exe |
File size: | 32'768 bytes |
MD5: | b0eb1186dec29582d7c86d211e2addf8 |
SHA1: | f8edefa10e35a0434bcb56ba45fcc265b4da6c52 |
SHA256: | d88a3e728153a059a398e01b451767e0fccf2eba9dcfeb6a5fe014363984a1c0 |
SHA512: | d3152ab2ebb76eea8ef99627317e4d9c01aa0cd060089338e6d62fbbc9d374ea282338c111100b430d11aeeb1faa73b973c4ff3473d6c2a66805c453e7fe3421 |
SSDEEP: | 384:e0bUe5XB4e0X0gONpQq1pvmufCsIs6WT2tTUFQqz9A+ObbE:PT9Bui/Qqvvmu6V/bE |
TLSH: | E2E2084A77E58215C6BC16FC8CB313210672E3878572EB6F9CDC88CA5B676D00651EEE |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................P... ......ng... ........@.. ....................................@................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x40676e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x661FE016 [Wed Apr 17 14:43:34 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x6718 | 0x53 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x8000 | 0x2b0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xa000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x4774 | 0x5000 | dff105bc01e460c4fcff2a345b0802a2 | False | 0.475146484375 | data | 5.295670427311821 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x8000 | 0x2b0 | 0x1000 | 00198e1617ae38c466f86b96f395cb28 | False | 0.077880859375 | data | 0.6915250571668272 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xa000 | 0xc | 0x1000 | 34585954bedb30c5084980db7d41ad8f | False | 0.0087890625 | data | 0.013126943721219527 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x8058 | 0x254 | data | 0.46308724832214765 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/17/24-21:10:33.620833 | TCP | 2825564 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
04/17/24-21:09:03.882073 | TCP | 2825563 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
04/17/24-21:10:24.166032 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
04/17/24-21:10:19.272986 | TCP | 2825564 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
04/17/24-21:09:03.399283 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 21:09:02.964767933 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:09:03.307085037 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:09:03.307625055 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:09:03.399282932 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:09:03.881759882 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:09:03.882072926 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:09:04.269494057 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:09:08.416810036 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:09:08.858582020 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:09:52.744801044 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:09:53.169831038 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:09:55.150919914 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:09:55.571297884 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:09:57.059071064 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:09:57.457238913 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:03.463172913 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:03.869147062 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:05.918942928 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:06.369039059 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:06.369229078 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:06.933542013 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:06.978542089 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:07.271454096 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:07.271717072 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:07.319235086 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:07.319330931 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:07.602807999 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:07.603498936 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:07.758290052 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:07.758625031 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:08.090907097 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:08.091450930 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:08.409045935 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:08.479511976 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:08.479919910 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:08.746536970 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:08.746841908 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:08.957159996 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:08.957321882 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:09.269571066 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:09.269757986 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:09.459064960 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:09.459310055 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:09.769881010 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:09.769999981 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:09.969191074 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:09.969504118 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:10.174731970 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:10.175232887 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:10.371000051 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:10.371109009 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:10.573375940 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:10.573677063 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:10.761343956 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:10.761737108 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:11.056601048 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:11.056699991 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:11.164460897 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:11.164536953 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:11.496620893 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:11.500051022 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:11.850893021 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:12.071400881 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:12.076919079 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:12.196772099 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:12.197443962 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:12.449620962 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:12.458223104 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:12.458357096 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:12.723762035 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:12.770823956 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:12.771039963 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:12.786890984 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:12.787091970 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:12.970983028 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:12.971086979 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:13.055316925 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:13.055696011 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:13.278717041 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:13.357870102 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:13.357979059 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:13.469034910 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:13.469172001 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:13.610970020 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:13.611097097 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:13.809415102 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:13.809530020 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:14.080444098 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:14.080641031 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:14.260412931 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:14.260806084 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:14.516318083 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:14.758160114 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:14.758291006 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:14.847887039 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:14.851954937 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:15.115189075 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:15.191075087 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:15.193295956 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:15.440948009 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:15.448774099 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:15.568949938 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:15.569053888 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:15.785518885 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:15.785778046 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:15.972094059 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:15.972357035 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:16.269633055 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:16.269779921 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:16.470282078 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:16.472299099 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:16.658818960 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:16.658925056 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:16.971288919 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:16.971781015 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:17.160548925 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:17.163835049 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:17.431041956 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:17.470412970 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:17.470592022 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:17.658107042 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:17.658571959 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:17.764657021 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:17.764806032 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:17.980382919 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:17.980540037 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:18.109056950 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:18.109204054 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:18.330322027 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:18.370495081 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:18.370596886 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:18.560308933 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:18.560517073 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:18.664242029 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:18.664659977 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:18.871464968 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:18.871604919 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:19.009346008 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:19.009604931 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:19.263540030 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:19.272691011 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:19.272985935 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:19.458496094 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:19.461486101 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:19.625689030 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:19.625838041 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:19.771785975 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:19.773238897 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:19.959466934 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:19.964171886 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:20.069988966 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:20.072422028 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:20.272121906 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:20.274434090 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:20.406460047 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:20.406688929 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:20.661317110 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:20.661623955 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:20.892437935 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:20.892653942 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:21.066205978 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:21.066422939 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:21.270560026 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:21.270844936 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:21.470606089 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:21.470721960 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:21.522542953 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:21.522804022 CEST | 49730 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:21.610563993 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:21.802439928 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:21.856547117 CEST | 1994 | 49730 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:23.805253029 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:24.137129068 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:24.137213945 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:24.166032076 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:24.449816942 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:24.647708893 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:24.647804976 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:24.782586098 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:24.783333063 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:25.051983118 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:25.052119017 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:25.237078905 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:25.237201929 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:25.529417038 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:25.547234058 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:25.549266100 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:25.749913931 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:25.750037909 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:25.865838051 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:25.866028070 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:26.043003082 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:26.043095112 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:26.148665905 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:26.149241924 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:26.335767984 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:26.337218046 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:26.444174051 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:26.444272041 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:26.641627073 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:26.641839981 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:26.747646093 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:26.747823954 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:26.946157932 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:26.946521997 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:27.087281942 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:27.087392092 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:27.336044073 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:27.349133015 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:27.349248886 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:27.538331032 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:27.538477898 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:27.678749084 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:27.678848028 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:27.849509954 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:27.849611998 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:28.021361113 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:28.021476030 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:28.336086035 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:28.336167097 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:28.444941044 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:28.447369099 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:28.679737091 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:28.792821884 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:28.793175936 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:29.012048960 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:29.236915112 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:29.338048935 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:29.339658022 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:29.341031075 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:29.341160059 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:29.570746899 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:29.570888996 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:29.671555042 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:29.671749115 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:29.940232992 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:29.947014093 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:29.947171926 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:30.148905039 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:30.148981094 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:30.274274111 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:30.274349928 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:30.336806059 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:30.336873055 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:30.593193054 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:30.745592117 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:30.747175932 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:30.935553074 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:30.936589003 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:31.114701033 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:31.248577118 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:31.251806974 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:31.437560081 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:31.437870026 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:31.444859028 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:31.444895983 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:31.444933891 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:31.493932962 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:31.679358959 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:31.734746933 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:31.734860897 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:31.773386955 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:31.773435116 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:31.773493052 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:31.842921019 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:31.843028069 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:32.020754099 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:32.020853996 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:32.107625008 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:32.107701063 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:32.247802973 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:32.247919083 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:32.414040089 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:32.448076963 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:32.448183060 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:32.588176966 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:32.588280916 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:32.767015934 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:32.848686934 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:32.851857901 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:33.034166098 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:33.050606966 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:33.052202940 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:33.280606985 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:33.371371984 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:33.371572018 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:33.435383081 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:33.435466051 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:33.616142035 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:33.620732069 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:33.620832920 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:33.745131016 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:33.745232105 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:33.948501110 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:33.948849916 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:33.969497919 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:33.969598055 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:34.084331036 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:34.084453106 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:34.305653095 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:34.506542921 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:34.636296034 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:34.636545897 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:34.748363018 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:34.748506069 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:34.838537931 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:34.838866949 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:35.044194937 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:35.044363022 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:35.085299969 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:35.085453033 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:35.210522890 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:35.345328093 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:35.345434904 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:35.543873072 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:35.544150114 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:35.745311022 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:35.745413065 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:35.946286917 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:35.946455002 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:36.152849913 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:36.153004885 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:36.336365938 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:36.336726904 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:36.555432081 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:36.646018028 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:36.646225929 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:36.848191023 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:36.848445892 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:36.891577959 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:36.891720057 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:37.171647072 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:37.223112106 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:37.223288059 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:37.501535892 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:37.501683950 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:37.735896111 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:37.736145020 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:37.930979967 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:37.931087017 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:38.251032114 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:38.251156092 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:38.438880920 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:38.439249039 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:38.595467091 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:38.749722958 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:38.753160954 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:38.934772015 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:39.041666031 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:39.045116901 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:39.097517014 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Apr 17, 2024 21:10:39.149622917 CEST | 1994 | 49738 | 46.246.14.22 | 192.168.2.4 |
Apr 17, 2024 21:10:39.153198957 CEST | 49738 | 1994 | 192.168.2.4 | 46.246.14.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 21:09:02.389862061 CEST | 61417 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 17, 2024 21:09:02.961895943 CEST | 53 | 61417 | 1.1.1.1 | 192.168.2.4 |
Apr 17, 2024 21:10:23.662367105 CEST | 63472 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 17, 2024 21:10:23.801206112 CEST | 53 | 63472 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 17, 2024 21:09:02.389862061 CEST | 192.168.2.4 | 1.1.1.1 | 0x8f6f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 21:10:23.662367105 CEST | 192.168.2.4 | 1.1.1.1 | 0xbe08 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 17, 2024 21:09:02.961895943 CEST | 1.1.1.1 | 192.168.2.4 | 0x8f6f | No error (0) | 46.246.14.22 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 21:10:23.801206112 CEST | 1.1.1.1 | 192.168.2.4 | 0xbe08 | No error (0) | 46.246.14.22 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 21:08:54 |
Start date: | 17/04/2024 |
Path: | C:\Users\user\Desktop\bUBD.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x40000 |
File size: | 32'768 bytes |
MD5 hash: | B0EB1186DEC29582D7C86D211E2ADDF8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 5 |
Start time: | 21:10:38 |
Start date: | 17/04/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 21:10:38 |
Start date: | 17/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 14.7% |
Dynamic/Decrypted Code Coverage: | 82.1% |
Signature Coverage: | 2% |
Total number of Nodes: | 151 |
Total number of Limit Nodes: | 8 |
Graph
Function 00B519F0 Relevance: 3.9, Strings: 2, Instructions: 1396COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E2273 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E22AA Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B503F8 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082B5DE Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B503E8 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E099C Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E0894 Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E0190 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E09BE Relevance: 1.6, APIs: 1, Instructions: 84COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E0D10 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E201D Relevance: 1.6, APIs: 1, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082B6F4 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E23F5 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082BC3E Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E0346 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082B61E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E01B6 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E20EC Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E24DF Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E25C3 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E05DD Relevance: 1.6, APIs: 1, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082B9D6 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082A140 Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E1F57 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082BD23 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082BC5E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E0B6E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E0366 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E0FD2 Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E2ED5 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082A710 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E08D2 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E3BA9 Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E25E6 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E0006 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E2502 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082AC03 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E2426 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082B9F6 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E1F7A Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E060A Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082A2AE Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E3FA9 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E0FF2 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E2056 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082AD9F Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E212A Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082B736 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E0B9E Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E3E5C Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E0D66 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E2F06 Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082AC2A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082A74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082BD62 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E0032 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082A186 Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E3FCE Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082ADCE Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E3BE2 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0082A2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E3E7E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04DF1C60 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D60794 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D607C4 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083ADEC Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D605E0 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D60774 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D60880 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D60606 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083AE3B Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04DF1CCB Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04DF1577 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008223F4 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008223BC Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |