Analysis Report QuotationInvoices.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Remcos |
---|
{"Host:Port:Password": "greatglass.servebeer.com:1961:0", "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Disable", "Install path": "AppData", "Copy file": "remcos.exe", "Startup value": "Remcos", "Hide file": "Disable", "Mutex": "Remcos-I9UILL", "Keylog flag": "1", "Keylog path": "AppData", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "wikipedia;solitaire;", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio path": "AppData", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
REMCOS_RAT_variants | unknown | unknown |
| |
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
REMCOS_RAT_variants | unknown | unknown |
| |
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
Click to see the 4 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
REMCOS_RAT_variants | unknown | unknown |
| |
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
REMCOS_RAT_variants | unknown | unknown |
| |
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
Click to see the 7 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Remcos | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Code function: | 1_2_0042DC88 |
Source: | Binary or memory string: |
Compliance: |
---|
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: |
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Contains modern PE file flags such as dynamic base (ASLR) or NX | Show sources |
Source: | Static PE information: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00405A15 | |
Source: | Code function: | 0_2_004065C1 | |
Source: | Code function: | 0_2_004027A1 | |
Source: | Code function: | 1_2_004170D3 | |
Source: | Code function: | 1_2_004451D9 | |
Source: | Code function: | 1_2_0040A1E5 | |
Source: | Code function: | 1_2_004073C8 | |
Source: | Code function: | 1_2_0040782F | |
Source: | Code function: | 1_2_00405CDC | |
Source: | Code function: | 1_2_00414E6E | |
Source: | Code function: | 1_2_00409FCA | |
Source: | Code function: | 1_1_004170D3 | |
Source: | Code function: | 1_1_004451D9 | |
Source: | Code function: | 1_1_0040A1E5 | |
Source: | Code function: | 1_1_004073C8 |
Source: | Code function: | 1_2_00406496 |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | Code function: | 1_2_00411EA6 |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | Code function: | 1_2_0042190F |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality to capture and log keystrokes | Show sources |
Source: | Code function: | 1_2_00408ED1 | |
Source: | Code function: | 1_2_00408ED1 | |
Source: | Code function: | 1_2_00408ED1 | |
Source: | Code function: | 1_2_00408ED1 | |
Source: | Code function: | 1_2_00408ED1 | |
Source: | Code function: | 1_2_00408ED1 | |
Source: | Code function: | 1_2_00408ED1 | |
Source: | Code function: | 1_2_00408ED1 | |
Source: | Code function: | 1_2_00408ED1 | |
Source: | Code function: | 1_2_00408ED1 | |
Source: | Code function: | 1_2_00408ED1 | |
Source: | Code function: | 1_2_00408ED1 |
Source: | Code function: | 0_2_004054B2 |
Source: | Code function: | 1_2_00409900 |
Source: | Code function: | 1_2_004083AE | |
Source: | Code function: | 1_1_004083AE |
E-Banking Fraud: |
---|
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: |
Source: | Code function: | 0_2_00403486 | |
Source: | Code function: | 1_2_00411C7C |
Source: | Code function: | 0_2_00407272 | |
Source: | Code function: | 0_2_00406A9B | |
Source: | Code function: | 0_2_6FC51A98 | |
Source: | Code function: | 1_2_0044C05A | |
Source: | Code function: | 1_2_0041A15E | |
Source: | Code function: | 1_2_0043027D | |
Source: | Code function: | 1_2_0043E200 | |
Source: | Code function: | 1_2_0044A217 | |
Source: | Code function: | 1_2_0043336D | |
Source: | Code function: | 1_2_00422613 | |
Source: | Code function: | 1_2_0043768C | |
Source: | Code function: | 1_2_00422756 | |
Source: | Code function: | 1_2_00433785 | |
Source: | Code function: | 1_2_004378BB | |
Source: | Code function: | 1_2_0044A929 | |
Source: | Code function: | 1_2_00421A7E | |
Source: | Code function: | 1_2_00410AC5 | |
Source: | Code function: | 1_2_00437AEA | |
Source: | Code function: | 1_2_00450A80 | |
Source: | Code function: | 1_2_00418BDF | |
Source: | Code function: | 1_2_00433BBA | |
Source: | Code function: | 1_2_00430D20 | |
Source: | Code function: | 1_2_0042DD93 | |
Source: | Code function: | 1_2_00432E71 | |
Source: | Code function: | 1_2_00421F75 | |
Source: | Code function: | 1_2_00433FEF | |
Source: | Code function: | 1_1_0044C05A | |
Source: | Code function: | 1_1_0041A15E | |
Source: | Code function: | 1_1_0043027D | |
Source: | Code function: | 1_1_0043E200 | |
Source: | Code function: | 1_1_0044A217 | |
Source: | Code function: | 1_1_0043336D |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_00403486 | |
Source: | Code function: | 1_2_00413417 | |
Source: | Code function: | 1_1_00413417 |
Source: | Code function: | 0_2_00404763 |
Source: | Code function: | 0_2_10004243 |
Source: | Code function: | 0_2_0040216B |
Source: | Code function: | 1_2_0040D246 |
Source: | Code function: | 1_2_00416026 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_2_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA | |
Source: | Command line argument: | 1_1_0040C2AA |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Detected unpacking (changes PE section rights) | Show sources |
Source: | Unpacked PE file: |
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_6FC51A98 |
Source: | Code function: | 0_2_6FC52F8E | |
Source: | Code function: | 1_2_0042F259 | |
Source: | Code function: | 1_2_004573F6 | |
Source: | Code function: | 1_2_00450466 | |
Source: | Code function: | 1_2_0044FB39 | |
Source: | Code function: | 1_1_0042F259 | |
Source: | Code function: | 1_1_004573F6 | |
Source: | Code function: | 1_1_00450466 |
Source: | Static PE information: |
Source: | Code function: | 1_2_00411EA6 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Code function: | 1_2_00415DF3 |
Source: | Code function: | 1_2_0040CEAE |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Delayed program exit found | Show sources |
Source: | Code function: | 1_2_0040D27D | |
Source: | Code function: | 1_1_0040D27D |
Source: | File opened / queried: | Jump to behavior |
Source: | Code function: | 1_2_00415B21 |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 1_2_004081EF | |
Source: | Code function: | 1_1_004081EF |
Source: | Code function: | 0_2_00405A15 | |
Source: | Code function: | 0_2_004065C1 | |
Source: | Code function: | 0_2_004027A1 | |
Source: | Code function: | 1_2_004170D3 | |
Source: | Code function: | 1_2_004451D9 | |
Source: | Code function: | 1_2_0040A1E5 | |
Source: | Code function: | 1_2_004073C8 | |
Source: | Code function: | 1_2_0040782F | |
Source: | Code function: | 1_2_00405CDC | |
Source: | Code function: | 1_2_00414E6E | |
Source: | Code function: | 1_2_00409FCA | |
Source: | Code function: | 1_1_004170D3 | |
Source: | Code function: | 1_1_004451D9 | |
Source: | Code function: | 1_1_0040A1E5 | |
Source: | Code function: | 1_1_004073C8 |
Source: | Code function: | 1_2_00406496 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 1_2_0042EDE5 |
Source: | Code function: | 0_2_6FC51A98 |
Source: | Code function: | 0_2_1000775D | |
Source: | Code function: | 0_2_100074AD | |
Source: | Code function: | 1_2_0043B529 |
Source: | Code function: | 1_2_004464AD |
Source: | Code function: | 1_2_0042F3CC | |
Source: | Code function: | 1_2_0042EDE5 | |
Source: | Code function: | 1_2_00435E43 | |
Source: | Code function: | 1_2_0042EF77 | |
Source: | Code function: | 1_1_0042F3CC |
HIPS / PFW / Operating System Protection Evasion: |
---|
Contains functionality to inject code into remote processes | Show sources |
Source: | Code function: | 1_2_00413BEA |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 1_2_0040F31A | |
Source: | Code function: | 1_1_0040F31A |
Source: | Code function: | 1_2_004149FD |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_0042F055 |
Source: | Code function: | 1_2_0040D3AD | |
Source: | Code function: | 1_2_00448638 | |
Source: | Code function: | 1_2_00440681 | |
Source: | Code function: | 1_2_004488FB | |
Source: | Code function: | 1_2_004488B0 | |
Source: | Code function: | 1_2_00448996 | |
Source: | Code function: | 1_2_00448A23 | |
Source: | Code function: | 1_2_00440B6A | |
Source: | Code function: | 1_2_00448C73 | |
Source: | Code function: | 1_2_00448D9C | |
Source: | Code function: | 1_2_00448EA3 | |
Source: | Code function: | 1_2_00448F70 | |
Source: | Code function: | 1_1_0040D3AD |
Source: | Code function: | 1_2_0042F25B |
Source: | Code function: | 1_2_00416790 |
Source: | Code function: | 1_2_0044143E |
Source: | Code function: | 0_2_00403486 |
Stealing of Sensitive Information: |
---|
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Contains functionality to steal Chrome passwords or cookies | Show sources |
Source: | Code function: | 1_2_00409EAC |
Contains functionality to steal Firefox passwords or cookies | Show sources |
Source: | Code function: | 1_2_00409FCA | |
Source: | Code function: | 1_2_00409FCA |
Remote Access Functionality: |
---|
Detected Remcos RAT | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 1_2_004054A8 | |
Source: | Code function: | 1_1_004054A8 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Native API1 | Application Shimming1 | Application Shimming1 | Deobfuscate/Decode Files or Information1 | OS Credential Dumping1 | System Time Discovery2 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Ingress Tool Transfer21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Command and Scripting Interpreter12 | Windows Service1 | Access Token Manipulation1 | Obfuscated Files or Information3 | Input Capture111 | Account Discovery1 | Remote Desktop Protocol | Input Capture111 | Exfiltration Over Bluetooth | Encrypted Channel2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Service Execution2 | Logon Script (Windows) | Windows Service1 | Software Packing21 | Credentials In Files2 | System Service Discovery1 | SMB/Windows Admin Shares | Clipboard Data2 | Automated Exfiltration | Non-Standard Port1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Process Injection222 | Masquerading1 | NTDS | File and Directory Discovery3 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Remote Access Software1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Virtualization/Sandbox Evasion2 | LSA Secrets | System Information Discovery34 | SSH | Keylogging | Data Transfer Size Limits | Non-Application Layer Protocol1 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Access Token Manipulation1 | Cached Domain Credentials | Security Software Discovery3 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Application Layer Protocol11 | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Process Injection222 | DCSync | Virtualization/Sandbox Evasion2 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | Process Discovery3 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | Application Window Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | System Owner/User Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | Remote System Discovery1 | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1130366 | Download File | ||
100% | Avira | HEUR/AGEN.1130366 | Download File | ||
100% | Avira | HEUR/AGEN.1130366 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
greatglass.servebeer.com | 194.5.97.248 | true | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356046 |
Start date: | 22.02.2021 |
Start time: | 13:56:47 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 25s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | QuotationInvoices.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/5@53/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
13:57:43 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
194.5.97.248 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
greatglass.servebeer.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DANILENKODE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nsc875C.tmp\System.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\QuotationInvoices.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.855045165595541 |
Encrypted: | false |
SSDEEP: | 192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4 |
MD5: | FCCFF8CB7A1067E23FD2E2B63971A8E1 |
SHA1: | 30E2A9E137C1223A78A0F7B0BF96A1C361976D91 |
SHA-256: | 6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E |
SHA-512: | F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C |
Malicious: | false |
Antivirus: | |
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\QuotationInvoices.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 504230 |
Entropy (8bit): | 7.974803391738096 |
Encrypted: | false |
SSDEEP: | 6144:laXlqi0/y4lwKzPHdRAFexzsJ/PvzFjBTkBVg90SS6+qLHmFAgOSqxn+8fp2zwIL:yWySRbHdRAF8zQNVk80QSF3qVLUMXO |
MD5: | 1A5019ACCB8B2C592D98DDCA4D53EA6E |
SHA1: | 64EB9F091F2A25E64FE5DC52F614499BBBA755AA |
SHA-256: | C4F464C4A1CEFF309A6388157AB9FBF26A795C6F5E770D4929892C1A92FFB68E |
SHA-512: | 9A8EDE65C20C9B24ECC3F72FFB4AB1003A7514596175A067BC006D0BF9BB66BBEAF02EFD82ADA1C1C460F114561972F8F98A94738E84B9FA5E82A0A564A9C00E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\QuotationInvoices.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 465408 |
Entropy (8bit): | 7.999601945479521 |
Encrypted: | true |
SSDEEP: | 6144:Q/y4lwKzPHdRAFexzsJ/PvzFjBTkBVg90SS6+qLHmFAgOSqxn+8fp2zwI2P8LQ5:cySRbHdRAF8zQNVk80QSF3qVLUMX/ |
MD5: | 96876AE06A1E7B087CA4B25713691E25 |
SHA1: | EB0C572D4DBD1303BCC20D5E13CA1B5DA6851980 |
SHA-256: | 5144E9DBA5EE3C3CB46706B8095D6EAA2C1AA0D48B4016ECB03CABB844D8EA36 |
SHA-512: | B6F409C132903A752BC10FE083FF5D53366FC22C81DBAF1D7C737DD2F03D1E1A24F8DCA380BFD784232F79EDAB40E803E0AAB6386C4F4DF291E9AE4CC6793FC9 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\QuotationInvoices.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 23552 |
Entropy (8bit): | 7.589805073051753 |
Encrypted: | false |
SSDEEP: | 384:qlpTPQpU2T5eiynNSnAouNfxkSa598ZHWZoujzWxy9sp/x:6hPv29XiSnApNftS9aWZoujzWxX/x |
MD5: | 7B57E6D08CC3767914CA51A604BC6D13 |
SHA1: | AFE12DBF77D6FBCF8960D5761699D821AFCCB2B2 |
SHA-256: | 29E898A600F9A16D828D355709391981396735139E3A8FDB6ADDA75F0AFC670B |
SHA-512: | 106CEEE1485DE5ABC7E977BE4CB17E388D1ECB54FCCD1B3ADD75AFC2A5625A81416998E8E9822DF8485CA8265FDA804826D308C2CF27DE2667EA80A359D823C0 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\QuotationInvoices.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 74 |
Entropy (8bit): | 4.716474907822009 |
Encrypted: | false |
SSDEEP: | 3:ttUHrCqDDIrA4RXMRPHv31aeo:tmcXqdHv3IP |
MD5: | BD035BD4CCB00A887A17BA7CDE17D115 |
SHA1: | FCD6C75314E60CC8B7329184C4E866C783D66664 |
SHA-256: | 9AFCF5D6F8CF2857C5DCD6C3B7C991F1BF3E41FFEFDA08F1DFC6E4BD75CD34E7 |
SHA-512: | 22F353D48726C12134A9D1911FE299DB6D852D7D13110AA62AB5849B82386D058E452250D99849F3B93CADFEEBB9F04F41B611A5FCD67E643E13F0E81E49F924 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.974691206115224 |
TrID: |
|
File name: | QuotationInvoices.exe |
File size: | 528567 |
MD5: | 9c51e2991c6c9708d783aab030dcc0da |
SHA1: | 64accc9e3f84e7365d8236c580b9644427e3f9e3 |
SHA256: | 572a6a6fa5277c2b4cc040710694d33b2def62ab74e2801893d33e92e7b105af |
SHA512: | c8725d2abba8f2ae1c483d948f2909ff73736e4efa415d6a26f91cf2226431720b13f15868b4177d8b581287a1d41c4c051913a0faf8f95f599f14b5133ab5b0 |
SSDEEP: | 12288:Nro6kYoqOR5HdRAFmzKNVky0QynxqHLUmb8uAT:NrEYyBRAFm2/ky0RxqHLLAT |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L..._.$_.................f...x.......4............@ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x403486 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5F24D75F [Sat Aug 1 02:45:51 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | ea4e67a31ace1a72683a99b80cf37830 |
Entrypoint Preview |
---|
Instruction |
---|
sub esp, 00000184h |
push ebx |
push esi |
push edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 0040A130h |
mov dword ptr [esp+20h], ebx |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [004080B0h] |
call dword ptr [004080C0h] |
and eax, BFFFFFFFh |
cmp ax, 00000006h |
mov dword ptr [0042F44Ch], eax |
je 00007FE020EC52D3h |
push ebx |
call 00007FE020EC844Eh |
cmp eax, ebx |
je 00007FE020EC52C9h |
push 00000C00h |
call eax |
mov esi, 004082A0h |
push esi |
call 00007FE020EC83CAh |
push esi |
call dword ptr [004080B8h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], bl |
jne 00007FE020EC52ADh |
push 0000000Bh |
call 00007FE020EC8422h |
push 00000009h |
call 00007FE020EC841Bh |
push 00000007h |
mov dword ptr [0042F444h], eax |
call 00007FE020EC840Fh |
cmp eax, ebx |
je 00007FE020EC52D1h |
push 0000001Eh |
call eax |
test eax, eax |
je 00007FE020EC52C9h |
or byte ptr [0042F44Fh], 00000040h |
push ebp |
call dword ptr [00408038h] |
push ebx |
call dword ptr [00408288h] |
mov dword ptr [0042F518h], eax |
push ebx |
lea eax, dword ptr [esp+38h] |
push 00000160h |
push eax |
push ebx |
push 00429878h |
call dword ptr [0040816Ch] |
push 0040A1ECh |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8544 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x38000 | 0x9c0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x29c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x65ad | 0x6600 | False | 0.675628063725 | data | 6.48593060343 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x1380 | 0x1400 | False | 0.4634765625 | data | 5.26110074066 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x25558 | 0x600 | False | 0.470052083333 | data | 4.21916068772 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x30000 | 0x8000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x38000 | 0x9c0 | 0xa00 | False | 0.466015625 | data | 4.37730261639 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_DIALOG | 0x38148 | 0x100 | data | English | United States |
RT_DIALOG | 0x38248 | 0x11c | data | English | United States |
RT_DIALOG | 0x38364 | 0x60 | data | English | United States |
RT_VERSION | 0x383c4 | 0x2bc | data | English | United States |
RT_MANIFEST | 0x38680 | 0x340 | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA |
SHELL32.dll | SHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA |
ole32.dll | IIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | SetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, GetTempFileNameA, RemoveDirectoryA, WriteFile, CreateDirectoryA, GetLastError, CreateProcessA, GlobalLock, GlobalUnlock, CreateThread, lstrcpynA, SetErrorMode, GetDiskFreeSpaceA, lstrlenA, GetCommandLineA, GetVersion, GetWindowsDirectoryA, SetEnvironmentVariableA, GetTempPathA, CopyFileA, GetCurrentProcess, ExitProcess, GetModuleFileNameA, GetFileSize, ReadFile, GetTickCount, Sleep, CreateFileA, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright fire escape |
FileVersion | 95.84.67.13 |
CompanyName | Angas Proper Group 2 Cluster |
LegalTrademarks | American dollar |
Comments | Benin |
ProductName | arability |
FileDescription | Indonesian Sign Language |
Translation | 0x0409 0x04e4 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2021 13:57:43.352075100 CET | 49731 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:43.401926994 CET | 1961 | 49731 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:44.073777914 CET | 49731 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:44.123581886 CET | 1961 | 49731 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:44.683206081 CET | 49731 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:44.733222008 CET | 1961 | 49731 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:45.844968081 CET | 49734 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:45.895118952 CET | 1961 | 49734 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:46.574366093 CET | 49734 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:46.624531984 CET | 1961 | 49734 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:47.183406115 CET | 49734 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:47.236166000 CET | 1961 | 49734 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:48.359405041 CET | 49737 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:48.409497976 CET | 1961 | 49737 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:49.074224949 CET | 49737 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:49.124393940 CET | 1961 | 49737 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:49.636784077 CET | 49737 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:49.688222885 CET | 1961 | 49737 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:50.799252033 CET | 49740 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:50.849482059 CET | 1961 | 49740 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:51.355676889 CET | 49740 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:51.406126022 CET | 1961 | 49740 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:51.918296099 CET | 49740 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:51.968597889 CET | 1961 | 49740 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:53.068404913 CET | 49742 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:53.120964050 CET | 1961 | 49742 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:53.621481895 CET | 49742 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:53.671588898 CET | 1961 | 49742 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:54.183969975 CET | 49742 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:54.234508038 CET | 1961 | 49742 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:55.346158981 CET | 49745 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:55.398158073 CET | 1961 | 49745 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:55.902920961 CET | 49745 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:55.953052998 CET | 1961 | 49745 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:56.465475082 CET | 49745 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:56.515491009 CET | 1961 | 49745 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:57.913294077 CET | 49746 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:57.963583946 CET | 1961 | 49746 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:58.465712070 CET | 49746 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:58.515902996 CET | 1961 | 49746 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:57:59.028270006 CET | 49746 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:57:59.078471899 CET | 1961 | 49746 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:00.185934067 CET | 49747 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:00.235944986 CET | 1961 | 49747 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:00.747117996 CET | 49747 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:00.797133923 CET | 1961 | 49747 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:01.309602976 CET | 49747 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:01.359744072 CET | 1961 | 49747 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:02.470401049 CET | 49748 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:02.520298958 CET | 1961 | 49748 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:03.028613091 CET | 49748 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:03.080817938 CET | 1961 | 49748 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:03.591046095 CET | 49748 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:03.642575979 CET | 1961 | 49748 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:04.743042946 CET | 49749 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:04.795856953 CET | 1961 | 49749 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:05.309971094 CET | 49749 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:05.360222101 CET | 1961 | 49749 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:05.872490883 CET | 49749 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:05.922924995 CET | 1961 | 49749 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:07.025953054 CET | 49752 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:07.076220036 CET | 1961 | 49752 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:07.591339111 CET | 49752 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:07.643918037 CET | 1961 | 49752 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:08.153973103 CET | 49752 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:08.204159975 CET | 1961 | 49752 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:09.296627045 CET | 49753 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:09.346679926 CET | 1961 | 49753 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:09.857320070 CET | 49753 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:09.909199953 CET | 1961 | 49753 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:10.419747114 CET | 49753 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:10.469902992 CET | 1961 | 49753 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:11.568994999 CET | 49754 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:11.620316982 CET | 1961 | 49754 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:12.123130083 CET | 49754 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:12.173362970 CET | 1961 | 49754 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:12.685606003 CET | 49754 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:12.735862970 CET | 1961 | 49754 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:14.202236891 CET | 49755 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:14.254498005 CET | 1961 | 49755 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:14.779519081 CET | 49755 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:14.830630064 CET | 1961 | 49755 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:15.342042923 CET | 49755 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:15.394045115 CET | 1961 | 49755 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:16.731570005 CET | 49756 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:16.784250975 CET | 1961 | 49756 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:17.373569965 CET | 49756 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:17.423772097 CET | 1961 | 49756 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:18.061012030 CET | 49756 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:18.111196041 CET | 1961 | 49756 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:19.202740908 CET | 49757 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:19.254518032 CET | 1961 | 49757 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:19.764285088 CET | 49757 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:19.814393997 CET | 1961 | 49757 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:20.329847097 CET | 49757 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:20.379925013 CET | 1961 | 49757 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:21.470912933 CET | 49758 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:21.524544954 CET | 1961 | 49758 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:22.030051947 CET | 49758 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:22.080391884 CET | 1961 | 49758 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:22.592670918 CET | 49758 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:22.642935991 CET | 1961 | 49758 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:23.744354963 CET | 49759 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:23.794527054 CET | 1961 | 49759 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:24.295943022 CET | 49759 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:24.346379042 CET | 1961 | 49759 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:24.858508110 CET | 49759 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:24.908565044 CET | 1961 | 49759 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:26.026217937 CET | 49760 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:26.076224089 CET | 1961 | 49760 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:26.577337980 CET | 49760 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:26.628293037 CET | 1961 | 49760 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:27.202383041 CET | 49760 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:27.253732920 CET | 1961 | 49760 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:28.346406937 CET | 49764 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:28.396409988 CET | 1961 | 49764 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:28.937076092 CET | 49764 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:28.987102032 CET | 1961 | 49764 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:29.640089035 CET | 49764 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:29.690332890 CET | 1961 | 49764 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:30.782481909 CET | 49770 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:30.832593918 CET | 1961 | 49770 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:31.437191963 CET | 49770 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:31.487195969 CET | 1961 | 49770 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:31.999671936 CET | 49770 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:32.049760103 CET | 1961 | 49770 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:33.147819042 CET | 49773 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:33.197735071 CET | 1961 | 49773 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:33.703282118 CET | 49773 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:33.755048990 CET | 1961 | 49773 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:34.265479088 CET | 49773 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:34.315466881 CET | 1961 | 49773 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:35.410669088 CET | 49776 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:35.460645914 CET | 1961 | 49776 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:35.968775988 CET | 49776 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:36.018843889 CET | 1961 | 49776 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:36.531311035 CET | 49776 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:36.581557035 CET | 1961 | 49776 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:37.675704956 CET | 49777 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:37.725873947 CET | 1961 | 49777 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:38.234608889 CET | 49777 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:38.284611940 CET | 1961 | 49777 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:38.797152996 CET | 49777 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:38.847008944 CET | 1961 | 49777 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:39.945055962 CET | 49778 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:39.997476101 CET | 1961 | 49778 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:40.501326084 CET | 49778 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:40.551951885 CET | 1961 | 49778 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:41.063944101 CET | 49778 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:41.116743088 CET | 1961 | 49778 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:42.213661909 CET | 49779 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:42.263657093 CET | 1961 | 49779 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:42.766211033 CET | 49779 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:42.820049047 CET | 1961 | 49779 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:43.328778028 CET | 49779 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:43.378788948 CET | 1961 | 49779 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:44.508717060 CET | 49783 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:44.563772917 CET | 1961 | 49783 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:45.079171896 CET | 49783 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:45.129194975 CET | 1961 | 49783 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:45.641428947 CET | 49783 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:45.694446087 CET | 1961 | 49783 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:46.813944101 CET | 49788 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:46.864137888 CET | 1961 | 49788 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:47.376956940 CET | 49788 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:47.426903963 CET | 1961 | 49788 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:47.938853025 CET | 49788 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:47.988907099 CET | 1961 | 49788 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:49.106647968 CET | 49789 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:49.157876968 CET | 1961 | 49789 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:49.673058033 CET | 49789 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:49.723182917 CET | 1961 | 49789 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:50.236252069 CET | 49789 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:50.286473036 CET | 1961 | 49789 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:51.407205105 CET | 49790 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:51.457134008 CET | 1961 | 49790 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:51.970097065 CET | 49790 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:52.022015095 CET | 1961 | 49790 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:52.532685041 CET | 49790 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:52.582799911 CET | 1961 | 49790 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:53.710591078 CET | 49791 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:53.762681007 CET | 1961 | 49791 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:54.267146111 CET | 49791 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:54.317472935 CET | 1961 | 49791 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:54.829752922 CET | 49791 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:54.880203009 CET | 1961 | 49791 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:56.010303974 CET | 49792 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:56.061999083 CET | 1961 | 49792 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:56.564263105 CET | 49792 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:56.615889072 CET | 1961 | 49792 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:57.127350092 CET | 49792 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:57.177571058 CET | 1961 | 49792 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:58.278157949 CET | 49793 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:58.328308105 CET | 1961 | 49793 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:58.830001116 CET | 49793 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:58.882550955 CET | 1961 | 49793 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:58:59.392576933 CET | 49793 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:58:59.442697048 CET | 1961 | 49793 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:00.552719116 CET | 49794 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:00.604748964 CET | 1961 | 49794 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:01.111999989 CET | 49794 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:01.162482023 CET | 1961 | 49794 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:01.674041033 CET | 49794 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:01.724414110 CET | 1961 | 49794 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:03.039315939 CET | 49795 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:03.092828989 CET | 1961 | 49795 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:03.611710072 CET | 49795 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:03.661983967 CET | 1961 | 49795 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:04.174293041 CET | 49795 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:04.224490881 CET | 1961 | 49795 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:05.967900991 CET | 49796 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:06.019345999 CET | 1961 | 49796 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:06.533850908 CET | 49796 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:06.585556984 CET | 1961 | 49796 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:07.111951113 CET | 49796 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:07.162040949 CET | 1961 | 49796 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:08.276035070 CET | 49797 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:08.328511000 CET | 1961 | 49797 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:08.830952883 CET | 49797 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:08.880899906 CET | 1961 | 49797 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:09.393471956 CET | 49797 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:09.443548918 CET | 1961 | 49797 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:10.553666115 CET | 49798 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:10.603671074 CET | 1961 | 49798 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:11.112281084 CET | 49798 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:11.162409067 CET | 1961 | 49798 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:11.674942970 CET | 49798 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:11.725208044 CET | 1961 | 49798 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:12.832178116 CET | 49799 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:12.883332968 CET | 1961 | 49799 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:13.393944025 CET | 49799 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:13.444221973 CET | 1961 | 49799 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:13.956294060 CET | 49799 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:14.006668091 CET | 1961 | 49799 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:15.138698101 CET | 49800 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:15.188873053 CET | 1961 | 49800 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:15.690953016 CET | 49800 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:15.740927935 CET | 1961 | 49800 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:16.253457069 CET | 49800 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:16.303750992 CET | 1961 | 49800 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:17.420805931 CET | 49801 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:17.470844030 CET | 1961 | 49801 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:17.972326040 CET | 49801 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:18.022787094 CET | 1961 | 49801 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:18.534989119 CET | 49801 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:18.584995031 CET | 1961 | 49801 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:19.712188959 CET | 49802 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:19.762264013 CET | 1961 | 49802 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:20.269272089 CET | 49802 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:20.319528103 CET | 1961 | 49802 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:20.831820965 CET | 49802 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:20.881704092 CET | 1961 | 49802 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:22.050276041 CET | 49804 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:22.100214005 CET | 1961 | 49804 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:22.613282919 CET | 49804 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:22.663464069 CET | 1961 | 49804 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:23.175832987 CET | 49804 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:23.227673054 CET | 1961 | 49804 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:24.346683025 CET | 49806 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:24.398341894 CET | 1961 | 49806 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:24.910372019 CET | 49806 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:24.962460041 CET | 1961 | 49806 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:25.472907066 CET | 49806 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:25.522816896 CET | 1961 | 49806 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:26.640094042 CET | 49807 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:26.690135956 CET | 1961 | 49807 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:27.191823006 CET | 49807 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:27.241902113 CET | 1961 | 49807 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:27.754403114 CET | 49807 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:27.804496050 CET | 1961 | 49807 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:28.917356968 CET | 49808 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:28.967200041 CET | 1961 | 49808 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:29.473315001 CET | 49808 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:29.523384094 CET | 1961 | 49808 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:30.035711050 CET | 49808 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:30.087172985 CET | 1961 | 49808 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:31.209254980 CET | 49809 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:31.259326935 CET | 1961 | 49809 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:31.770308018 CET | 49809 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:31.820688963 CET | 1961 | 49809 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:32.332864046 CET | 49809 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:32.383027077 CET | 1961 | 49809 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:33.509232998 CET | 49810 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:33.559355974 CET | 1961 | 49810 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:34.067363977 CET | 49810 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:34.117434978 CET | 1961 | 49810 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:34.630105019 CET | 49810 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:34.680438042 CET | 1961 | 49810 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:35.804946899 CET | 49811 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:35.854857922 CET | 1961 | 49811 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:36.364398956 CET | 49811 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:36.414602041 CET | 1961 | 49811 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:36.927084923 CET | 49811 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:36.977094889 CET | 1961 | 49811 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:38.109721899 CET | 49812 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:38.159822941 CET | 1961 | 49812 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:38.661551952 CET | 49812 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:38.712600946 CET | 1961 | 49812 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:39.223989010 CET | 49812 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:39.274080992 CET | 1961 | 49812 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:40.402884007 CET | 49813 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:40.456190109 CET | 1961 | 49813 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:40.958667040 CET | 49813 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:41.011187077 CET | 1961 | 49813 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:41.521106958 CET | 49813 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:41.575130939 CET | 1961 | 49813 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:42.634627104 CET | 49814 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:42.684803963 CET | 1961 | 49814 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:43.193125010 CET | 49814 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:43.243324995 CET | 1961 | 49814 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:43.755645037 CET | 49814 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:43.807684898 CET | 1961 | 49814 | 194.5.97.248 | 192.168.2.4 |
Feb 22, 2021 13:59:44.886141062 CET | 49815 | 1961 | 192.168.2.4 | 194.5.97.248 |
Feb 22, 2021 13:59:44.938203096 CET | 1961 | 49815 | 194.5.97.248 | 192.168.2.4 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2021 13:57:30.884157896 CET | 65248 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:30.932887077 CET | 53 | 65248 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:31.995923996 CET | 53723 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:32.044653893 CET | 53 | 53723 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:32.189984083 CET | 64646 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:32.241077900 CET | 53 | 64646 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:32.368320942 CET | 65298 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:32.416887999 CET | 53 | 65298 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:32.958420038 CET | 59123 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:33.007092953 CET | 53 | 59123 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:33.925764084 CET | 54531 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:33.977324009 CET | 53 | 54531 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:34.594816923 CET | 49714 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:34.653037071 CET | 53 | 49714 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:35.155740023 CET | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:35.207124949 CET | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:36.390825987 CET | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:36.448599100 CET | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:37.644206047 CET | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:37.694472075 CET | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:38.995876074 CET | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:39.047319889 CET | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:40.487632036 CET | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:40.536463976 CET | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:41.704668045 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:41.756934881 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:43.046756029 CET | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:43.100265026 CET | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:43.281383991 CET | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:43.340078115 CET | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:44.232898951 CET | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:44.281585932 CET | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:45.437531948 CET | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:45.490942001 CET | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:45.782011986 CET | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:45.843770027 CET | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:46.696166992 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:46.744786024 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:47.899638891 CET | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:47.954885960 CET | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:48.295202017 CET | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:48.358426094 CET | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:48.874819040 CET | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:48.925355911 CET | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:50.140919924 CET | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:50.189668894 CET | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:50.736525059 CET | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:50.798317909 CET | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:51.098829985 CET | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:51.147923946 CET | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:53.005208015 CET | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:53.067468882 CET | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:53.163702011 CET | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:53.215184927 CET | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:54.339315891 CET | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:54.391067982 CET | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:55.282325029 CET | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:55.343982935 CET | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:57:57.862533092 CET | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:57:57.912153006 CET | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:00.124687910 CET | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:00.184590101 CET | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:02.406542063 CET | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:02.469014883 CET | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:04.680299044 CET | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:04.741290092 CET | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:06.359139919 CET | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:06.407919884 CET | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:06.964596033 CET | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:07.023207903 CET | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:09.238373041 CET | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:09.295730114 CET | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:11.507550955 CET | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:11.565102100 CET | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:14.141773939 CET | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:14.198827982 CET | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:16.668684959 CET | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:16.730441093 CET | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:19.152645111 CET | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:19.201297045 CET | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:21.412386894 CET | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:21.469583988 CET | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:23.686291933 CET | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:23.743386030 CET | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:25.964018106 CET | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:26.021049976 CET | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:26.651815891 CET | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:26.705871105 CET | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:26.998788118 CET | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:27.074356079 CET | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:28.138034105 CET | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:28.246357918 CET | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:28.293483019 CET | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:28.345366955 CET | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:28.834017992 CET | 50904 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:28.893484116 CET | 53 | 50904 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:29.362914085 CET | 57525 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:29.420852900 CET | 53 | 57525 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:30.026035070 CET | 53814 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:30.029351950 CET | 53418 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:30.101344109 CET | 53 | 53418 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:30.105496883 CET | 53 | 53814 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:30.669245958 CET | 62833 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:30.729173899 CET | 53 | 62833 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:30.732491970 CET | 59260 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:30.781126022 CET | 53 | 59260 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:31.304718971 CET | 49944 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:31.385407925 CET | 53 | 49944 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:32.175874949 CET | 63300 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:32.235533953 CET | 53 | 63300 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:33.089649916 CET | 61449 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:33.137404919 CET | 51275 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:33.146944046 CET | 53 | 61449 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:33.194329977 CET | 53 | 51275 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:33.689402103 CET | 63492 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:33.752295971 CET | 53 | 63492 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:35.352124929 CET | 58945 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:35.408977985 CET | 53 | 58945 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:37.617449045 CET | 60779 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:37.674660921 CET | 53 | 60779 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:39.893341064 CET | 64014 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:39.944017887 CET | 53 | 64014 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:42.163970947 CET | 57091 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:42.197487116 CET | 55904 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:42.212634087 CET | 53 | 57091 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:42.246172905 CET | 53 | 55904 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:42.406217098 CET | 52109 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:42.466309071 CET | 53 | 52109 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:44.456279039 CET | 54450 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:44.507868052 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:45.970840931 CET | 49374 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:46.030608892 CET | 53 | 49374 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:46.754059076 CET | 50436 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:46.812547922 CET | 53 | 50436 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:49.044269085 CET | 62605 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:49.105220079 CET | 53 | 62605 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:51.340818882 CET | 54256 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:51.406141996 CET | 53 | 54256 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:53.647906065 CET | 52189 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:53.708487034 CET | 53 | 52189 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:55.943375111 CET | 56131 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:56.003597975 CET | 53 | 56131 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:58:58.224080086 CET | 62992 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:58:58.276984930 CET | 53 | 62992 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:00.499053955 CET | 54432 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:00.550509930 CET | 53 | 54432 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:02.975363016 CET | 57227 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:03.037074089 CET | 53 | 57227 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:05.908447981 CET | 58383 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:05.966707945 CET | 53 | 58383 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:08.214849949 CET | 63136 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:08.274915934 CET | 53 | 63136 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:10.491177082 CET | 50911 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:10.552557945 CET | 53 | 50911 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:12.773044109 CET | 63409 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:12.830398083 CET | 53 | 63409 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:15.077661991 CET | 59185 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:15.137773037 CET | 53 | 59185 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:17.362710953 CET | 64236 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:17.419770002 CET | 53 | 64236 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:19.654303074 CET | 56157 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:19.711353064 CET | 53 | 56157 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:20.151802063 CET | 55601 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:20.200400114 CET | 53 | 55601 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:21.991266966 CET | 52984 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:22.049139977 CET | 53 | 52984 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:22.722409964 CET | 51141 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:22.779922009 CET | 53 | 51141 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:24.288728952 CET | 53610 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:24.345722914 CET | 53 | 53610 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:26.587452888 CET | 61247 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:26.639040947 CET | 53 | 61247 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:28.864841938 CET | 65165 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:28.916455030 CET | 53 | 65165 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:31.158606052 CET | 52076 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:31.207633972 CET | 53 | 52076 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:33.446224928 CET | 54903 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:33.507658005 CET | 53 | 54903 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:35.753556967 CET | 55045 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:35.802786112 CET | 53 | 55045 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:38.046181917 CET | 54464 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:38.108414888 CET | 53 | 54464 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:40.350781918 CET | 50970 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:40.401925087 CET | 53 | 50970 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:42.585230112 CET | 55261 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:42.634088993 CET | 53 | 55261 | 8.8.8.8 | 192.168.2.4 |
Feb 22, 2021 13:59:44.822701931 CET | 59809 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 22, 2021 13:59:44.885376930 CET | 53 | 59809 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 22, 2021 13:57:43.281383991 CET | 192.168.2.4 | 8.8.8.8 | 0xde5a | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:57:45.782011986 CET | 192.168.2.4 | 8.8.8.8 | 0x4f79 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:57:48.295202017 CET | 192.168.2.4 | 8.8.8.8 | 0x76a7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:57:50.736525059 CET | 192.168.2.4 | 8.8.8.8 | 0x4057 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:57:53.005208015 CET | 192.168.2.4 | 8.8.8.8 | 0xfcc3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:57:55.282325029 CET | 192.168.2.4 | 8.8.8.8 | 0x8df4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:57:57.862533092 CET | 192.168.2.4 | 8.8.8.8 | 0xfc4a | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:00.124687910 CET | 192.168.2.4 | 8.8.8.8 | 0x18e3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:02.406542063 CET | 192.168.2.4 | 8.8.8.8 | 0x2294 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:04.680299044 CET | 192.168.2.4 | 8.8.8.8 | 0x81e4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:06.964596033 CET | 192.168.2.4 | 8.8.8.8 | 0x4364 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:09.238373041 CET | 192.168.2.4 | 8.8.8.8 | 0xcbb9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:11.507550955 CET | 192.168.2.4 | 8.8.8.8 | 0x3f87 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:14.141773939 CET | 192.168.2.4 | 8.8.8.8 | 0x7c01 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:16.668684959 CET | 192.168.2.4 | 8.8.8.8 | 0x4ec5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:19.152645111 CET | 192.168.2.4 | 8.8.8.8 | 0x4332 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:21.412386894 CET | 192.168.2.4 | 8.8.8.8 | 0xf26c | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:23.686291933 CET | 192.168.2.4 | 8.8.8.8 | 0xef30 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:25.964018106 CET | 192.168.2.4 | 8.8.8.8 | 0xeef9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:28.293483019 CET | 192.168.2.4 | 8.8.8.8 | 0xa17b | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:30.732491970 CET | 192.168.2.4 | 8.8.8.8 | 0xb344 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:33.089649916 CET | 192.168.2.4 | 8.8.8.8 | 0x1aa5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:35.352124929 CET | 192.168.2.4 | 8.8.8.8 | 0x326b | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:37.617449045 CET | 192.168.2.4 | 8.8.8.8 | 0xf5f2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:39.893341064 CET | 192.168.2.4 | 8.8.8.8 | 0x3eb2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:42.163970947 CET | 192.168.2.4 | 8.8.8.8 | 0x71df | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:44.456279039 CET | 192.168.2.4 | 8.8.8.8 | 0xd87 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:46.754059076 CET | 192.168.2.4 | 8.8.8.8 | 0xb6f8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:49.044269085 CET | 192.168.2.4 | 8.8.8.8 | 0xbe80 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:51.340818882 CET | 192.168.2.4 | 8.8.8.8 | 0x7899 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:53.647906065 CET | 192.168.2.4 | 8.8.8.8 | 0xf149 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:55.943375111 CET | 192.168.2.4 | 8.8.8.8 | 0x2070 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:58:58.224080086 CET | 192.168.2.4 | 8.8.8.8 | 0x43dc | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:00.499053955 CET | 192.168.2.4 | 8.8.8.8 | 0x4f83 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:02.975363016 CET | 192.168.2.4 | 8.8.8.8 | 0x27e1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:05.908447981 CET | 192.168.2.4 | 8.8.8.8 | 0x6128 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:08.214849949 CET | 192.168.2.4 | 8.8.8.8 | 0x174f | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:10.491177082 CET | 192.168.2.4 | 8.8.8.8 | 0x8d7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:12.773044109 CET | 192.168.2.4 | 8.8.8.8 | 0x3f68 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:15.077661991 CET | 192.168.2.4 | 8.8.8.8 | 0xcfc | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:17.362710953 CET | 192.168.2.4 | 8.8.8.8 | 0xd2d2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:19.654303074 CET | 192.168.2.4 | 8.8.8.8 | 0xf13f | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:21.991266966 CET | 192.168.2.4 | 8.8.8.8 | 0x55fb | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:24.288728952 CET | 192.168.2.4 | 8.8.8.8 | 0xa732 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:26.587452888 CET | 192.168.2.4 | 8.8.8.8 | 0xb854 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:28.864841938 CET | 192.168.2.4 | 8.8.8.8 | 0x698f | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:31.158606052 CET | 192.168.2.4 | 8.8.8.8 | 0xe4e9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:33.446224928 CET | 192.168.2.4 | 8.8.8.8 | 0xc7e | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:35.753556967 CET | 192.168.2.4 | 8.8.8.8 | 0x9f8f | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:38.046181917 CET | 192.168.2.4 | 8.8.8.8 | 0x2a19 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:40.350781918 CET | 192.168.2.4 | 8.8.8.8 | 0xc7dc | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:42.585230112 CET | 192.168.2.4 | 8.8.8.8 | 0xcae | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:59:44.822701931 CET | 192.168.2.4 | 8.8.8.8 | 0xbe0e | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 22, 2021 13:57:43.340078115 CET | 8.8.8.8 | 192.168.2.4 | 0xde5a | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:57:45.843770027 CET | 8.8.8.8 | 192.168.2.4 | 0x4f79 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:57:48.358426094 CET | 8.8.8.8 | 192.168.2.4 | 0x76a7 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:57:50.798317909 CET | 8.8.8.8 | 192.168.2.4 | 0x4057 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:57:53.067468882 CET | 8.8.8.8 | 192.168.2.4 | 0xfcc3 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:57:55.343982935 CET | 8.8.8.8 | 192.168.2.4 | 0x8df4 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:57:57.912153006 CET | 8.8.8.8 | 192.168.2.4 | 0xfc4a | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:00.184590101 CET | 8.8.8.8 | 192.168.2.4 | 0x18e3 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:02.469014883 CET | 8.8.8.8 | 192.168.2.4 | 0x2294 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:04.741290092 CET | 8.8.8.8 | 192.168.2.4 | 0x81e4 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:07.023207903 CET | 8.8.8.8 | 192.168.2.4 | 0x4364 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:09.295730114 CET | 8.8.8.8 | 192.168.2.4 | 0xcbb9 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:11.565102100 CET | 8.8.8.8 | 192.168.2.4 | 0x3f87 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:14.198827982 CET | 8.8.8.8 | 192.168.2.4 | 0x7c01 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:16.730441093 CET | 8.8.8.8 | 192.168.2.4 | 0x4ec5 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:19.201297045 CET | 8.8.8.8 | 192.168.2.4 | 0x4332 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:21.469583988 CET | 8.8.8.8 | 192.168.2.4 | 0xf26c | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:23.743386030 CET | 8.8.8.8 | 192.168.2.4 | 0xef30 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:26.021049976 CET | 8.8.8.8 | 192.168.2.4 | 0xeef9 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:28.345366955 CET | 8.8.8.8 | 192.168.2.4 | 0xa17b | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:30.781126022 CET | 8.8.8.8 | 192.168.2.4 | 0xb344 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:33.146944046 CET | 8.8.8.8 | 192.168.2.4 | 0x1aa5 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:35.408977985 CET | 8.8.8.8 | 192.168.2.4 | 0x326b | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:37.674660921 CET | 8.8.8.8 | 192.168.2.4 | 0xf5f2 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:39.944017887 CET | 8.8.8.8 | 192.168.2.4 | 0x3eb2 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:42.212634087 CET | 8.8.8.8 | 192.168.2.4 | 0x71df | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:44.507868052 CET | 8.8.8.8 | 192.168.2.4 | 0xd87 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:46.812547922 CET | 8.8.8.8 | 192.168.2.4 | 0xb6f8 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:49.105220079 CET | 8.8.8.8 | 192.168.2.4 | 0xbe80 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:51.406141996 CET | 8.8.8.8 | 192.168.2.4 | 0x7899 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:53.708487034 CET | 8.8.8.8 | 192.168.2.4 | 0xf149 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:56.003597975 CET | 8.8.8.8 | 192.168.2.4 | 0x2070 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:58:58.276984930 CET | 8.8.8.8 | 192.168.2.4 | 0x43dc | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:00.550509930 CET | 8.8.8.8 | 192.168.2.4 | 0x4f83 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:03.037074089 CET | 8.8.8.8 | 192.168.2.4 | 0x27e1 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:05.966707945 CET | 8.8.8.8 | 192.168.2.4 | 0x6128 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:08.274915934 CET | 8.8.8.8 | 192.168.2.4 | 0x174f | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:10.552557945 CET | 8.8.8.8 | 192.168.2.4 | 0x8d7 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:12.830398083 CET | 8.8.8.8 | 192.168.2.4 | 0x3f68 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:15.137773037 CET | 8.8.8.8 | 192.168.2.4 | 0xcfc | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:17.419770002 CET | 8.8.8.8 | 192.168.2.4 | 0xd2d2 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:19.711353064 CET | 8.8.8.8 | 192.168.2.4 | 0xf13f | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:22.049139977 CET | 8.8.8.8 | 192.168.2.4 | 0x55fb | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:24.345722914 CET | 8.8.8.8 | 192.168.2.4 | 0xa732 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:26.639040947 CET | 8.8.8.8 | 192.168.2.4 | 0xb854 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:28.916455030 CET | 8.8.8.8 | 192.168.2.4 | 0x698f | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:31.207633972 CET | 8.8.8.8 | 192.168.2.4 | 0xe4e9 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:33.507658005 CET | 8.8.8.8 | 192.168.2.4 | 0xc7e | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:35.802786112 CET | 8.8.8.8 | 192.168.2.4 | 0x9f8f | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:38.108414888 CET | 8.8.8.8 | 192.168.2.4 | 0x2a19 | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:40.401925087 CET | 8.8.8.8 | 192.168.2.4 | 0xc7dc | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:42.634088993 CET | 8.8.8.8 | 192.168.2.4 | 0xcae | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:59:44.885376930 CET | 8.8.8.8 | 192.168.2.4 | 0xbe0e | No error (0) | 194.5.97.248 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 13:57:38 |
Start date: | 22/02/2021 |
Path: | C:\Users\user\Desktop\QuotationInvoices.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 528567 bytes |
MD5 hash: | 9C51E2991C6C9708D783AAB030DCC0DA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 13:57:39 |
Start date: | 22/02/2021 |
Path: | C:\Users\user\Desktop\QuotationInvoices.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 528567 bytes |
MD5 hash: | 9C51E2991C6C9708D783AAB030DCC0DA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 00403486, Relevance: 91.4, APIs: 32, Strings: 20, Instructions: 366stringcomfileCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6FC51A98, Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMONCrypto
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A15, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159filestringCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004065C1, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403A60, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402EF1, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 208memoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401759, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100042E6, Relevance: 12.0, APIs: 4, Strings: 1, Instructions: 3274filememoryCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000372D, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004065E8, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405E5E, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405E8D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004031B7, Relevance: 3.1, APIs: 2, Instructions: 88COMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
C-Code - Quality: 59% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DE6, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DC1, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058B7, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6FC52921, Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040343E, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 004054B2, Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404763, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 274stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040216B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004027A1, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406A9B, Relevance: .3, Instructions: 334COMMONCrypto
C-Code - Quality: 79% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407272, Relevance: .3, Instructions: 300COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000775D, Relevance: .0, Instructions: 33COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100074AD, Relevance: .0, Instructions: 10COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404CD6, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040443C, Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405EBC, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062E0, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404338, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6FC524D8, Relevance: 10.6, APIs: 7, Instructions: 124COMMON
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404C24, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402DBA, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6FC51837, Relevance: 7.7, APIs: 5, Instructions: 194COMMON
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D65, Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401E35, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404B1A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
C-Code - Quality: 77% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401C2E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
C-Code - Quality: 59% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405BE5, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004052E8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406134, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
C-Code - Quality: 90% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058EC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405C2C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D4B, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 0040CEAE, Relevance: 77.1, APIs: 26, Strings: 18, Instructions: 92libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C2AA, Relevance: 60.4, APIs: 16, Strings: 18, Instructions: 891synchronizationCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D27D, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 88sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416790, Relevance: 3.0, APIs: 2, Instructions: 41COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411225, Relevance: 28.7, APIs: 6, Strings: 10, Instructions: 728sleepnetworkthreadCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004089B0, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 156sleepCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040864B, Relevance: 9.2, APIs: 6, Instructions: 156sleepCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408215, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67threadCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004172C6, Relevance: 7.6, APIs: 5, Instructions: 69fileCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408352, Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004048C2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60networkCOMMON
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445D3D, Relevance: 4.5, APIs: 3, Instructions: 37COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401616, Relevance: 3.0, APIs: 2, Instructions: 36COMMON
C-Code - Quality: 64% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B9BC, Relevance: 3.0, APIs: 2, Instructions: 35COMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417E77, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00446A34, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DAF9, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E13D, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 81% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408ED1, Relevance: 34.4, Strings: 27, Instructions: 632COMMON
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F31A, Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 194threadCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004054A8, Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 285pipesleepfileCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413BEA, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 155injectionthreadmemoryCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409FCA, Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 152fileCOMMON
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A1E5, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 143fileCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415B21, Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 226serviceCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044143E, Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370timeCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004170D3, Relevance: 13.6, APIs: 9, Instructions: 147fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409EAC, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004073C8, Relevance: 9.3, APIs: 6, Instructions: 323fileCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040782F, Relevance: 7.7, APIs: 5, Instructions: 245fileCOMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411EA6, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115filenetworkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F055, Relevance: 1.6, APIs: 1, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004488FB, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448EA3, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448996, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004488B0, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D3AD, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004081EF, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042EF77, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004464AD, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041437F, Relevance: 51.0, APIs: 27, Strings: 2, Instructions: 298windowmemoryCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B082, Relevance: 40.5, APIs: 6, Strings: 17, Instructions: 280registryCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F5E8, Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 181synchronizationCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416407, Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 185synchronizationCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AD24, Relevance: 37.0, APIs: 6, Strings: 15, Instructions: 259registryCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004019C8, Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 155fileCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A927, Relevance: 33.6, APIs: 7, Strings: 12, Instructions: 324fileCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445D8D, Relevance: 27.4, APIs: 18, Instructions: 419COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405FBB, Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 345fileCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418518, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 74windowCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417588, Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 212registryCOMMON
C-Code - Quality: 63% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447C26, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CFD5, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 186processsynchronizationCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00446F60, Relevance: 18.4, APIs: 12, Instructions: 376COMMON
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 41% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00434C3A, Relevance: 16.6, APIs: 11, Instructions: 116COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004052A6, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 154windowmemoryCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418617, Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 89memoryCOMMON
C-Code - Quality: 59% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044039E, Relevance: 15.1, APIs: 10, Instructions: 54COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004153A9, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 174sleeptimeCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044331E, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152fileCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413136, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 110sleepfileCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004183E6, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 48windowstringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00444C19, Relevance: 13.8, APIs: 9, Instructions: 300COMMON
C-Code - Quality: 77% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FB58, Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 414filesleepCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004137DA, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 108filesynchronizationCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DF1, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 106fileCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B56A, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 38libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447385, Relevance: 10.7, APIs: 7, Instructions: 204COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00441613, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 171timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404E5D, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 112timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404D4A, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 96timethreadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044F533, Relevance: 10.6, APIs: 7, Instructions: 80COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E9AC, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004168FD, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71sleeplibraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044785A, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00434765, Relevance: 10.6, APIs: 7, Instructions: 60COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409F3B, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404FCB, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38synchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416180, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30sleepCOMMON
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00434E49, Relevance: 9.3, APIs: 6, Instructions: 284COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D8FF, Relevance: 9.2, APIs: 6, Instructions: 200COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440492, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004151E7, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 124fileCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408BBE, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418498, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57registryCOMMON
C-Code - Quality: 70% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 22% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D5BF, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46processCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040504B, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44synchronizationCOMMON
C-Code - Quality: 84% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404360, Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 201sleepCOMMON
C-Code - Quality: 67% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A4DB, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 103sleepCOMMON
C-Code - Quality: 83% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401B31, Relevance: 7.6, APIs: 5, Instructions: 71COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445CBA, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440516, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044731C, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041064E, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 179registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00443781, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408DFF, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041020E, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40registryCOMMON
C-Code - Quality: 63% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440C2A, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044098D, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 30memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440BD4, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 30timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044F5FA, Relevance: 6.2, APIs: 4, Instructions: 152COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043AE51, Relevance: 6.1, APIs: 4, Instructions: 133COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404B61, Relevance: 6.1, APIs: 4, Instructions: 128synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040845A, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 78sleepCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043BC63, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043BCE2, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041735B, Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416FF7, Relevance: 6.0, APIs: 4, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004313B1, Relevance: 6.0, APIs: 4, Instructions: 14COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043AB59, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403FFA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00443693, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004435B4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440747, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041061C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044969B, Relevance: 5.1, APIs: 4, Instructions: 139COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |