Windows
Analysis Report
bUHF.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- bUHF.exe (PID: 2892 cmdline:
"C:\Users\ user\Deskt op\bUHF.ex e" MD5: B47307545C821C03B617776A41DF1741) - cmd.exe (PID: 5844 cmdline:
cmd.exe /C Y /N /D Y /T 1 & De l "C:\User s\user\Des ktop\bUHF. exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 3608 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
NjRAT | RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored. |
{"Host": "rusia.duckdns.org", "Port": "1994", "Campaign ID": "NYAN CAT", "Network Seprator": "@!#&^%$", "Registry": "aed0817703934"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
JoeSecurity_Njrat | Yara detected Njrat | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security |
Timestamp: | 04/24/24-17:09:02.365130 |
SID: | 2825563 |
Source Port: | 49704 |
Destination Port: | 1994 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/24/24-17:09:01.858370 |
SID: | 2033132 |
Source Port: | 49704 |
Destination Port: | 1994 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/24/24-17:10:42.090158 |
SID: | 2825564 |
Source Port: | 49704 |
Destination Port: | 1994 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00A319F0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_00BD22AA | |
Source: | Code function: | 0_2_00BD2273 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 Input Capture | 1 Security Software Discovery | Remote Services | 1 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 2 Process Injection | 2 Virtualization/Sandbox Evasion | LSASS Memory | 2 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Disable or Modify Tools | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 21 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Process Injection | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Software Packing | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 File Deletion | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Dropper.Gen7 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
rusia.duckdns.org | 46.246.84.12 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
46.246.84.12 | rusia.duckdns.org | Sweden | 42708 | PORTLANEwwwportlanecomSE | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431191 |
Start date and time: | 2024-04-24 17:08:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 27s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | bUHF.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/1@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: bUHF.exe
Time | Type | Description |
---|---|---|
17:09:30 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
46.246.84.12 | Get hash | malicious | Njrat | Browse | ||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | ArrowRAT | Browse | |||
Get hash | malicious | ArrowRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Njrat | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | LodaRAT | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
rusia.duckdns.org | Get hash | malicious | Njrat | Browse |
| |
Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PORTLANEwwwportlanecomSE | Get hash | malicious | Njrat | Browse |
| |
Get hash | malicious | AsyncRAT, PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Njrat | Browse |
|
Process: | C:\Users\user\Desktop\bUHF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 907 |
Entropy (8bit): | 5.243019596074263 |
Encrypted: | false |
SSDEEP: | 24:MLF2CpI329Iz52VMzffup26KTnKoO2+b2hHAa/:MwQd9IzoaXuY6Ux+SF/ |
MD5: | 48A0572426885EBDE53CA62C7F2E194E |
SHA1: | 035628CDF6276367F6C83E9F4AA2172933850AA8 |
SHA-256: | 4C68E10691304CAC8DA65A05CF2580728EC0E294104F267840712AF1C46A6538 |
SHA-512: | DEFE728C2312918D94BD43C98908C08CCCA5EBFB77F873779DCA784F14C607B33A4E29AC5ECB798F2F741668B7692F72BCB60DEFD536EA86B296B64FA359C42D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 3.8017804727292726 |
TrID: |
|
File name: | bUHF.exe |
File size: | 32'768 bytes |
MD5: | b47307545c821c03b617776a41df1741 |
SHA1: | 086f735fcd95e8d3608e22494ae3cadd4d9d7acb |
SHA256: | 0f2be1e974ae7ee9be5354fbef333e105cce5c25473648e66a67269d560220f4 |
SHA512: | 3393fd1e427430e5ac3a8d40bef45bd26d0490d9184d4cbddb595efa1c6fc5ede427962d93c18710d554472c93d6e4dc42bb4c7bb6e987c305b9c43c3a0d2209 |
SSDEEP: | 384:z0bUe5XB4e0XvOxZggUBZIGlWT1tTUFQqzFBObbB:gT9BumzggUBZI5XbB |
TLSH: | 6CE2080A7BA58215C6BC1AFC8CB313210772E3478532EB6F5CDC88CA5B67AD44645EED |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....)f.................P... ......ng... ........@.. ....................................@................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x40676e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6629121B [Wed Apr 24 14:07:23 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x6718 | 0x53 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x8000 | 0x2a8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xa000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x4774 | 0x5000 | b8b7fff03707f4af4df8bc2bb76d1fbe | False | 0.475146484375 | data | 5.291960881583985 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x8000 | 0x2a8 | 0x1000 | 06f784705978c77c74b103740d210ee3 | False | 0.07763671875 | data | 0.6775791141051085 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xa000 | 0xc | 0x1000 | 34585954bedb30c5084980db7d41ad8f | False | 0.0087890625 | data | 0.013126943721219527 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x8058 | 0x24c | data | 0.46598639455782315 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/24/24-17:09:02.365130 | TCP | 2825563 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
04/24/24-17:09:01.858370 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
04/24/24-17:10:42.090158 | TCP | 2825564 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 17:09:01.382041931 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:09:01.777091980 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:09:01.777225971 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:09:01.858370066 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:09:02.365070105 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:09:02.365129948 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:09:02.867944002 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:09:06.665285110 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:09:07.269476891 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:09:08.723532915 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:09:08.728322029 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:09:09.168953896 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:09:24.211107016 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:09:24.211716890 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:09:24.767654896 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:09:39.985285997 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:09:39.985694885 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:09:40.466756105 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:09:53.368144989 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:09:53.870814085 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:09:55.227912903 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:09:55.764136076 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:09:55.901596069 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:09:55.901875019 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:09:56.465127945 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:01.868076086 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:02.458620071 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:02.458771944 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:02.967127085 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:03.086726904 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:03.557346106 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:03.557468891 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:03.984031916 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:04.068381071 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:04.068548918 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:04.365196943 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:04.392777920 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:04.392963886 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:04.616240025 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:04.669766903 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:04.669869900 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:04.758838892 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:04.758925915 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:04.870953083 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:04.871032953 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:05.049901009 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:05.051668882 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:05.142874002 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:05.143603086 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:05.350229025 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:05.369899988 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:05.371625900 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:05.529249907 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:05.529654980 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:05.740798950 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:05.741604090 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:05.919392109 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:05.919507980 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:06.139909983 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:06.266932964 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:06.267206907 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:06.468153954 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:06.468254089 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:06.547235012 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:06.547319889 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:06.753146887 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:06.857953072 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:06.858155012 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:07.053271055 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:07.173069000 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:07.173209906 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:07.258785009 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:07.258996010 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:07.447135925 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:07.447329998 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:07.660492897 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:07.660805941 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:07.906310081 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:07.968523026 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:07.968724012 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:08.167180061 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:08.167409897 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:08.335134029 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:08.335252047 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:08.555234909 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:08.555443048 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:08.747066975 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:08.969398022 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:08.969619036 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:09.140456915 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:09.143685102 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:09.356736898 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:09.359647989 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:09.466388941 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:09.466500998 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:09.669188023 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:09.671679974 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:09.862420082 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:09.865822077 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:10.118077993 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:10.165462017 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:10.165703058 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:10.463546038 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:10.515407085 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:10.515584946 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:10.567264080 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:10.567433119 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:10.768976927 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:10.769169092 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:10.867353916 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:10.867674112 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:10.971242905 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:10.971472979 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:11.183275938 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:11.265327930 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:11.269609928 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:11.469239950 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:11.472419024 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:11.551322937 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:11.553637028 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:11.565404892 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:11.568125010 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:11.572247028 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:11.575558901 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:11.766233921 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:11.767671108 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:11.862435102 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:11.863773108 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:11.938338995 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:11.938447952 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:11.959306955 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:11.959696054 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:12.210448980 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:12.264802933 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:12.264949083 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:12.325263977 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:12.325341940 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:12.464641094 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:12.464708090 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:12.604346991 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:12.604490042 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:12.728864908 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:12.728992939 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:12.936625004 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:13.014822006 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:13.014914989 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:13.264719009 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:13.264864922 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:13.350895882 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:13.351058006 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:13.465862036 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:13.466022015 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:13.723395109 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:13.756932020 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:13.757021904 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:13.847975016 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:13.848217010 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:14.120865107 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:14.121176004 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:14.236656904 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:14.236839056 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:14.497761011 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:14.637729883 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:14.637825966 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:14.850481987 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:14.890073061 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:14.890156031 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:15.128674984 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:15.168072939 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:15.168397903 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:15.293443918 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:15.297640085 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:15.529645920 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:15.540411949 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:15.540529013 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:15.563760042 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:15.563841105 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:15.765801907 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:15.768580914 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:15.925079107 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:15.925597906 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:15.987777948 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:15.989552975 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:16.259325981 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:16.349931002 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:16.350188971 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:16.568655014 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:16.568723917 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:16.686070919 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:16.686168909 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:16.872143030 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:16.872344971 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:17.058151960 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:17.059806108 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:17.294260979 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:17.357033968 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:17.357158899 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:17.564465046 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:17.666157007 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:17.669719934 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:17.697879076 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:17.701664925 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:17.782128096 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:17.785669088 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:17.979688883 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:17.979804039 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:18.000658035 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:18.000755072 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:18.097369909 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:18.097565889 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:18.318157911 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:18.357423067 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:18.357512951 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:18.403286934 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:18.403381109 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:18.667445898 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:18.667618036 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:18.708343983 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:18.708539963 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:18.797296047 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:18.797430992 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:19.057543993 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:19.092453003 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:19.092684031 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:19.357763052 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:19.358330011 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:19.449126959 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:19.449356079 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:19.669500113 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:19.669719934 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:19.762165070 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:19.762263060 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:20.002033949 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:20.057301998 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:20.057540894 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:20.148293018 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:20.148473978 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:20.382361889 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:20.400378942 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:20.400669098 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:20.551115036 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:20.551197052 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:20.771159887 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:20.771311045 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:20.973351002 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:20.973608017 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:21.167265892 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:21.169567108 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:21.179291964 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:21.180531025 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:21.427887917 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:21.557483912 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:21.559047937 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:21.587537050 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:21.587722063 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:21.820225000 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:21.836870909 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:21.841590881 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:21.978919983 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:21.979136944 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:22.219726086 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:22.243949890 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:22.244091988 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:22.363368988 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:22.363585949 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:22.580542088 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:22.629638910 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:22.629717112 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:22.761066914 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:22.761128902 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:22.971529007 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:22.985696077 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:22.985794067 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:23.157804966 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:23.159676075 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:23.266791105 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:23.269567013 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:23.437359095 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:23.437546968 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:23.572666883 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:23.575658083 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:23.771008015 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:23.831161022 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:23.833592892 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:23.999043941 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:23.999619961 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:24.174160957 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:24.174323082 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:24.182969093 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:24.183016062 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:24.383192062 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:24.383304119 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:24.569159031 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:24.569231987 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:24.893527985 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:24.893749952 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:25.056004047 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:25.056283951 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:25.254781961 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:25.368230104 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:25.368320942 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:25.568983078 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:25.569310904 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:25.662952900 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:25.663312912 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:25.866369963 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:25.866468906 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:26.062172890 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:26.062469006 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:26.263262987 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:26.458112001 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:26.458203077 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:26.567526102 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:26.567770958 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:26.675493002 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:26.675759077 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:26.871160984 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:26.956726074 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:26.956882954 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:27.156868935 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:27.157119036 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:27.191615105 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:27.191839933 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:27.304132938 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:27.304234028 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:27.305016041 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:27.474327087 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:27.474443913 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:27.589225054 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:27.589464903 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:27.838180065 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:27.859224081 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:27.859514952 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:27.970498085 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:27.970763922 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:28.157322884 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:28.157421112 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:28.263154030 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:28.263252974 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:28.409028053 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:28.409252882 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:28.620973110 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:28.664963961 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:28.665222883 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:28.916996002 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:28.972718954 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:28.972898960 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:29.043428898 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:29.043699026 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:29.169262886 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:29.169493914 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:29.338347912 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:29.338443995 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:29.460572958 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:29.460659981 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:29.689178944 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:29.728684902 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:29.728811026 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:29.936805964 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:29.968728065 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:29.968961000 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:30.129157066 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:30.131772041 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:30.313446999 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:30.317667961 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:30.350239038 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:30.350263119 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:30.350533009 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:30.537378073 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:30.537475109 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:30.737478018 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:30.737631083 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:31.121646881 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:31.121856928 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:31.459567070 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:31.666738987 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:31.666861057 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:31.879420042 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:32.274657965 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:32.643378019 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:33.051882982 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:33.167788982 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:33.167944908 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:33.387386084 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:33.458887100 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:33.459157944 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:33.503861904 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:33.504007101 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:33.665946960 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:33.666060925 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:33.798077106 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:33.798115969 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:33.798288107 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:33.928841114 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:33.929099083 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:34.156864882 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:34.157146931 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:34.262883902 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:34.263216019 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:34.480817080 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:34.555228949 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:34.555383921 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:34.768982887 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:34.769125938 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:34.898015022 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:34.898113966 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:35.156507015 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:35.156651974 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:35.265981913 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:35.266087055 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:35.373920918 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:35.374075890 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:35.542026043 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:35.659183025 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:35.659302950 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:35.849615097 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:35.948213100 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:35.948390961 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:36.090253115 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:36.090401888 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:36.265974998 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:36.266067028 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:36.457251072 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:36.473324060 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:36.473450899 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:36.620196104 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:36.620307922 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:36.769067049 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:36.769200087 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:36.850305080 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:36.850380898 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:36.852129936 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:36.968277931 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:36.968425989 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:37.154273987 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:37.157738924 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:37.365375996 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:37.367728949 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:37.539216042 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:37.539391041 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:37.783382893 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:37.958245993 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:37.961617947 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:38.216387987 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:38.216619968 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:38.426922083 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:38.568478107 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:38.568645954 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:38.769733906 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:38.769859076 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:38.847470999 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:38.847562075 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:39.097397089 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:39.159406900 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:39.159792900 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:39.370107889 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:39.370208979 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:39.496376991 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:39.496692896 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:39.631880999 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:39.635684967 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:39.761733055 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:39.764681101 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:39.890505075 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:39.893515110 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:40.115123987 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:40.169567108 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:40.169764042 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:40.285638094 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:40.285968065 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:40.478903055 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:40.479351044 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:40.552542925 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:40.552588940 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:40.552650928 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:40.629373074 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:40.688714981 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:40.688843012 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:40.917805910 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:40.963078976 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:40.963169098 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:41.053505898 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:41.053764105 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:41.266520023 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:41.266731977 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:41.328805923 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:41.328978062 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:41.461606026 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:41.461878061 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:41.685558081 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:41.722387075 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:41.722531080 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:41.954335928 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:42.074845076 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:42.075145006 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:42.089991093 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:42.090157986 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:42.272556067 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:42.272651911 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:42.364746094 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:42.364845991 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:42.480562925 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:42.480707884 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:42.628830910 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:42.628923893 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:42.672691107 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:42.672871113 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:42.874325037 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:42.874694109 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:43.072181940 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:43.072263956 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:43.266043901 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:43.267715931 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:43.352494955 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:43.352624893 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:43.393254042 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:43.513086081 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:43.513629913 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Apr 24, 2024 17:10:43.742055893 CEST | 1994 | 49704 | 46.246.84.12 | 192.168.2.5 |
Apr 24, 2024 17:10:43.742114067 CEST | 49704 | 1994 | 192.168.2.5 | 46.246.84.12 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 17:09:00.675107956 CEST | 65395 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 24, 2024 17:09:01.378818989 CEST | 53 | 65395 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 24, 2024 17:09:00.675107956 CEST | 192.168.2.5 | 1.1.1.1 | 0xb9b8 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 24, 2024 17:09:01.378818989 CEST | 1.1.1.1 | 192.168.2.5 | 0xb9b8 | No error (0) | 46.246.84.12 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:08:52 |
Start date: | 24/04/2024 |
Path: | C:\Users\user\Desktop\bUHF.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x20000 |
File size: | 32'768 bytes |
MD5 hash: | B47307545C821C03B617776A41DF1741 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 17:10:42 |
Start date: | 24/04/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x790000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 17:10:42 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 15.3% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 2.1% |
Total number of Nodes: | 145 |
Total number of Limit Nodes: | 8 |
Graph
Function 00A319F0 Relevance: 3.9, Strings: 2, Instructions: 1396COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD2273 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD22AA Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A303F8 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080B5DE Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A303E8 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD099C Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD0894 Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD0190 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD09BE Relevance: 1.6, APIs: 1, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD0D10 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080B6F4 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD201D Relevance: 1.6, APIs: 1, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD23F5 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080BC3E Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD0346 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080B61E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD01B6 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD20EC Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD24DF Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD25C3 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080A140 Relevance: 1.6, APIs: 1, Instructions: 70networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080B9D6 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD1F57 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080A710 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080BD23 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080BC5E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD0B6E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD0366 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD0FD2 Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD2E09 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD08D2 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD25E6 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD3ADD Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD2502 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080AC03 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD2426 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080B9F6 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD0006 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD1F7A Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080A2AE Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD0FF2 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD3EDD Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD2056 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080AD9F Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD212A Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080B736 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD0B9E Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD3D90 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD0D66 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD2E3A Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080AC2A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080A74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080BD62 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD0032 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080A186 Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD3F02 Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080ADCE Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD3B16 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080A2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD3DB2 Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04DD1C60 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A107C4 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0081ADEC Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04DD1B04 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A107A3 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A105EC Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A10880 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A10606 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0081AE3B Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04DD1CCB Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04DD1B53 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04DD1577 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008023F4 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008023BC Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |