Analysis Report dd.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_VB6DownloaderGeneric | Yara detected VB6 Downloader Generic | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 5 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Potential malicious icon found | Show sources |
Source: | Icon embedded in PE file: |
Source: | Code function: | 0_2_02160E24 | |
Source: | Code function: | 0_2_021606D1 | |
Source: | Code function: | 0_2_02165AE2 | |
Source: | Code function: | 0_2_02165F1D | |
Source: | Code function: | 0_2_0216049A | |
Source: | Code function: | 0_2_0216261F | |
Source: | Code function: | 0_2_02162200 | |
Source: | Code function: | 0_2_02166208 | |
Source: | Code function: | 0_2_02160634 | |
Source: | Code function: | 0_2_02166223 | |
Source: | Code function: | 0_2_02162250 | |
Source: | Code function: | 0_2_02166243 | |
Source: | Code function: | 0_2_0216164F | |
Source: | Code function: | 0_2_02160678 | |
Source: | Code function: | 0_2_02162667 | |
Source: | Code function: | 0_2_02166264 | |
Source: | Code function: | 0_2_02165A92 | |
Source: | Code function: | 0_2_0216268F | |
Source: | Code function: | 0_2_02165A8D | |
Source: | Code function: | 0_2_021622B6 | |
Source: | Code function: | 0_2_02160ED4 | |
Source: | Code function: | 0_2_021622F0 | |
Source: | Code function: | 0_2_0216231C | |
Source: | Code function: | 0_2_02162F0C | |
Source: | Code function: | 0_2_02165F30 | |
Source: | Code function: | 0_2_02162350 | |
Source: | Code function: | 0_2_02165F5A | |
Source: | Code function: | 0_2_02165F78 | |
Source: | Code function: | 0_2_02162393 | |
Source: | Code function: | 0_2_02165FA8 | |
Source: | Code function: | 0_2_021623D4 | |
Source: | Code function: | 0_2_02165FD8 | |
Source: | Code function: | 0_2_02165FC8 | |
Source: | Code function: | 0_2_02165FF4 | |
Source: | Code function: | 0_2_02166010 | |
Source: | Code function: | 0_2_02162424 | |
Source: | Code function: | 0_2_02162452 | |
Source: | Code function: | 0_2_02166040 | |
Source: | Code function: | 0_2_02166068 | |
Source: | Code function: | 0_2_02164898 | |
Source: | Code function: | 0_2_02162487 | |
Source: | Code function: | 0_2_02166088 | |
Source: | Code function: | 0_2_021660A6 | |
Source: | Code function: | 0_2_021660D8 | |
Source: | Code function: | 0_2_021660C4 | |
Source: | Code function: | 0_2_021660FC | |
Source: | Code function: | 0_2_021628E5 | |
Source: | Code function: | 0_2_02166133 | |
Source: | Code function: | 0_2_0216053B | |
Source: | Code function: | 0_2_02162547 | |
Source: | Code function: | 0_2_0216057F | |
Source: | Code function: | 0_2_0216257C | |
Source: | Code function: | 0_2_02160560 | |
Source: | Code function: | 0_2_0216616A | |
Source: | Code function: | 0_2_0216619D | |
Source: | Code function: | 0_2_0216218C | |
Source: | Code function: | 0_2_0216058B | |
Source: | Code function: | 0_2_021625B4 | |
Source: | Code function: | 0_2_021655A7 | |
Source: | Code function: | 0_2_021661D8 | |
Source: | Code function: | 0_2_021605F8 | |
Source: | Code function: | 0_2_021625EC | |
Source: | Code function: | 0_2_021661EC | |
Source: | Code function: | 4_2_03251F4B | |
Source: | Code function: | 4_2_03252BC0 | |
Source: | Code function: | 4_2_03252BDA | |
Source: | Code function: | 4_2_03252AB2 | |
Source: | Code function: | 4_2_03251EEC | |
Source: | Code function: | 4_2_03255ADF | |
Source: | Code function: | 4_2_03251F2E | |
Source: | Code function: | 4_2_03251F07 | |
Source: | Code function: | 4_2_03251F7C | |
Source: | Code function: | 4_2_03252B54 | |
Source: | Code function: | 4_2_03252BA4 | |
Source: | Code function: | 4_2_03251FA2 | |
Source: | Code function: | 4_2_03252BBC | |
Source: | Code function: | 4_2_03251FD3 | |
Source: | Code function: | 4_2_03255A8C | |
Source: | Code function: | 4_2_03255A92 | |
Source: | Code function: | 4_2_03251E9B | |
Source: | Code function: | 4_2_03252D04 | |
Source: | Code function: | 4_2_03251D96 | |
Source: | Code function: | 4_2_03252C33 | |
Source: | Code function: | 4_2_03252003 | |
Source: | Code function: | 4_2_03252C13 | |
Source: | Code function: | 4_2_03252C60 | |
Source: | Code function: | 4_2_03252C7B | |
Source: | Code function: | 4_2_03252CB4 | |
Source: | Code function: | 4_2_03252CCC | |
Source: | Code function: | 11_2_00F0646B | |
Source: | Code function: | 11_2_00F06048 | |
Source: | Code function: | 11_2_00F05DFF |
Source: | Code function: | 6_2_00401594 | |
Source: | Code function: | 11_2_1D9147A0 | |
Source: | Code function: | 11_2_1D914790 | |
Source: | Code function: | 11_2_1D914773 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected VB6 Downloader Generic | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 4_2_03254B2C |
Source: | Code function: | 6_2_02193E35 | |
Source: | Code function: | 6_2_02196328 | |
Source: | Code function: | 6_2_02196328 | |
Source: | Code function: | 6_2_02195B22 | |
Source: | Code function: | 6_2_021933B5 | |
Source: | Code function: | 6_2_021903ED | |
Source: | Code function: | 6_2_021938D7 | |
Source: | Code function: | 6_2_021938D7 | |
Source: | Code function: | 6_2_021938D7 | |
Source: | Code function: | 6_2_02192CD9 | |
Source: | Code function: | 6_2_0219396F | |
Source: | Code function: | 6_2_021919AB | |
Source: | Code function: | 6_2_02195B22 | |
Source: | Code function: | 6_2_021945EB | |
Source: | Code function: | 6_2_021945EB | |
Source: | Code function: | 6_2_021919AB | |
Source: | Code function: | 6_2_021915E5 | |
Source: | Code function: | 11_2_00F04080 | |
Source: | Code function: | 11_2_00F04080 | |
Source: | Code function: | 11_2_00F03F9F | |
Source: | Code function: | 11_2_1D9137E7 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Creates multiple autostart registry keys | Show sources |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Contains functionality to detect hardware virtualization (CPUID execution measurement) | Show sources |
Source: | Code function: | 0_2_021606D1 | |
Source: | Code function: | 0_2_02160798 | |
Source: | Code function: | 0_2_021607B4 | |
Source: | Code function: | 0_2_02160808 | |
Source: | Code function: | 0_2_02160836 | |
Source: | Code function: | 0_2_02160870 | |
Source: | Code function: | 0_2_021608A8 | |
Source: | Code function: | 0_2_021608D8 | |
Source: | Code function: | 0_2_0216090B |
Detected RDTSC dummy instruction sequence (likely for instruction hammering) | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | File opened / queried: | Jump to behavior |
Source: | Code function: | 0_2_021606D1 |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread sleep count: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging: |
---|
Contains functionality to hide a thread from the debugger | Show sources |
Source: | Code function: | 0_2_021606D1 |
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_021606D1 |
Source: | Code function: | 0_2_02162DAF |
Source: | Code function: | 4_2_03254B2C |
Source: | Code function: | 0_2_02165612 | |
Source: | Code function: | 0_2_02161E06 | |
Source: | Code function: | 0_2_0216565B | |
Source: | Code function: | 0_2_02164658 | |
Source: | Code function: | 0_2_02161E40 | |
Source: | Code function: | 0_2_0216164F | |
Source: | Code function: | 0_2_02164668 | |
Source: | Code function: | 0_2_0216568C | |
Source: | Code function: | 0_2_02164707 | |
Source: | Code function: | 0_2_02164F70 | |
Source: | Code function: | 0_2_02164F79 | |
Source: | Code function: | 0_2_02161D96 | |
Source: | Code function: | 0_2_021655B4 | |
Source: | Code function: | 0_2_02161DB0 | |
Source: | Code function: | 0_2_021655A7 | |
Source: | Code function: | 0_2_021629DC | |
Source: | Code function: | 0_2_021655CC | |
Source: | Code function: | 0_2_02161DEB | |
Source: | Code function: | 4_2_03254707 | |
Source: | Code function: | 4_2_03254F70 | |
Source: | Code function: | 4_2_03254F79 | |
Source: | Code function: | 4_2_03255612 | |
Source: | Code function: | 4_2_03254668 | |
Source: | Code function: | 4_2_03254658 | |
Source: | Code function: | 4_2_0325565B | |
Source: | Code function: | 4_2_0325568C | |
Source: | Code function: | 4_2_032555A7 | |
Source: | Code function: | 4_2_032555B4 | |
Source: | Code function: | 4_2_032555CC | |
Source: | Code function: | 4_2_032529D9 | |
Source: | Code function: | 11_2_00F048DC | |
Source: | Code function: | 11_2_00F050B5 | |
Source: | Code function: | 11_2_00F05BCB | |
Source: | Code function: | 11_2_00F05B66 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 4_2_03251F4B |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_02160A82 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | Registry Run Keys / Startup Folder11 | Process Injection112 | Masquerading1 | OS Credential Dumping | Security Software Discovery841 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | DLL Side-Loading1 | Registry Run Keys / Startup Folder11 | Disable or Modify Tools1 | LSASS Memory | Process Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | DLL Side-Loading1 | Virtualization/Sandbox Evasion361 | Security Account Manager | Virtualization/Sandbox Evasion361 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection112 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | File and Directory Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery423 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
sogecoenergy.com | 116.203.34.79 | true | false | unknown | |
mariotessarollo.com | 185.81.0.109 | true | false | unknown | |
www.sogecoenergy.com | unknown | unknown | false | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| low | ||
false | high | |||
false | high | |||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
116.203.34.79 | sogecoenergy.com | Germany | 24940 | HETZNER-ASDE | false | |
185.81.0.109 | mariotessarollo.com | Italy | 52030 | SERVERPLAN-ASIT | false | |
79.134.225.109 | unknown | Switzerland | 6775 | FINK-TELECOM-SERVICESCH | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 380091 |
Start date: | 01.04.2021 |
Start time: | 15:42:09 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | dd.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.rans.troj.evad.winEXE@10/3@3/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:43:38 | Autostart | |
15:43:46 | Autostart | |
15:44:36 | Autostart | |
15:44:42 | API Interceptor | |
15:44:44 | Autostart |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
79.134.225.109 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HETZNER-ASDE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
SERVERPLAN-ASIT | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
FINK-TELECOM-SERVICESCH | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 102400 |
Entropy (8bit): | 5.4602601685745045 |
Encrypted: | false |
SSDEEP: | 1536:pQdT+pR4/Mj4EOqc++uyBE/Coq5jcZfP7I4fVRejKtZHyhjgyQfz/pa0AxWAECC8:pgWnc+zyBE/m5jcZH84heEprJa |
MD5: | F22F008D6287349195ADEF8975497D1F |
SHA1: | 64B77588A6835FCBCBF1679F179360D8446DA766 |
SHA-256: | C6D5DDE1A7608F08848860E1C0EB75EB1C489200494E781476F05BC356A3F1CA |
SHA-512: | 46CE3DC5976A9DF50185CA0E233ECF4747BC7701E6C12C500280D52750712EF80290E90EFA98FFE56CA94D6EEBD64AB1371DF182E3DB9247411E07ED483CB5C1 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 102401 |
Entropy (8bit): | 5.443600389721494 |
Encrypted: | false |
SSDEEP: | 1536:HYNgd2V1trE261H7R/F7ogTI+ri7KJWUv691OGPmahFGo6LcsoWFM1SR5MSY:HbEE2YHd6gU+SrJSY |
MD5: | F889D14ADBCC95A93F54D24F4AF140BA |
SHA1: | 0F031A14CD1ECA0DDEEAD98C09CE1F453B27D0D5 |
SHA-256: | C991123689604F5A839C971EA532FC0FE0A0723E940DBB4FB6E92B29D699C9AA |
SHA-512: | 25CEDB4A8CA746129CBA4A10F5865E13CA654176E9F5271C080CE48AECE389B38F18EE901F095B613EE8303D74B6E04D6716930D64462016F6FD217E587D5C6D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 102400 |
Entropy (8bit): | 5.4602601685745045 |
Encrypted: | false |
SSDEEP: | 1536:pQdT+pR4/Mj4EOqc++uyBE/Coq5jcZfP7I4fVRejKtZHyhjgyQfz/pa0AxWAECC8:pgWnc+zyBE/m5jcZH84heEprJa |
MD5: | F22F008D6287349195ADEF8975497D1F |
SHA1: | 64B77588A6835FCBCBF1679F179360D8446DA766 |
SHA-256: | C6D5DDE1A7608F08848860E1C0EB75EB1C489200494E781476F05BC356A3F1CA |
SHA-512: | 46CE3DC5976A9DF50185CA0E233ECF4747BC7701E6C12C500280D52750712EF80290E90EFA98FFE56CA94D6EEBD64AB1371DF182E3DB9247411E07ED483CB5C1 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.443636659306316 |
TrID: |
|
File name: | dd.exe |
File size: | 102400 |
MD5: | 287073f3d2c3100ba375b7bf0db3b0d9 |
SHA1: | 8e09353697169cd3caaf49a008d53ade63b25526 |
SHA256: | f32f7005937b4c94ff31996fde6a0843c05bfb47458ad29a15ddf3fb70c435d2 |
SHA512: | 203387c3884c9a34c57df1fd0a386a1141670c2779db262ec3d912b16c99d36839d656072fe8081747b74aff3fbcf889d52feab999ec77c896848a5b8f8ee887 |
SSDEEP: | 1536:4YNgd2V1trE261H7R/F7ogTI+ri7KJWUv691OGPmahFGo6LcsoWFM1SR5MS:4bEE2YHd6gU+SrJS |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L.....pX.................`...0...............p....@................ |
File Icon |
---|
Icon Hash: | 20047c7c70f0e004 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401594 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x5870D214 [Sat Jan 7 11:33:40 2017 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 0a9ef7cc3833edd03402bcd316bbd785 |
Entrypoint Preview |
---|
Instruction |
---|
push 00402D98h |
call 00007F8128F384F3h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
cmp byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
in eax, 99h |
push eax |
add eax, dword ptr [esi-4Fh] |
in al, dx |
dec esi |
xchg dword ptr [esi], ebp |
fbstp [edx-54B24EEEh] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
and ebp, edi |
inc esi |
add byte ptr [eax], al |
or byte ptr [edi+00h], 0000002Fh |
add bl, al |
jns 00007F8128F38543h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
js 00007F8128F38524h |
mov esp, A40AC5DAh |
cmp eax, dword ptr [eax-52h] |
lahf |
xor ebx, dword ptr [esi+53CA450Eh] |
push ds |
mov ebx, 1EC5BB84h |
aaa |
dec ebp |
xchg byte ptr [ecx-2D8EBE89h], ch |
jnc 00007F8128F3853Ch |
dec edi |
lodsd |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
inc ecx |
pop ss |
add byte ptr [eax], al |
dec esi |
add byte ptr [eax], al |
add byte ptr [eax], al |
push cs |
add byte ptr [ebx+6Bh], dh |
popad |
popad |
outsb |
jnc 00007F8128F38567h |
insb |
jnc 00007F8128F3856Eh |
outsd |
jnc 00007F8128F38577h |
add byte ptr [41000901h], cl |
popad |
jne 00007F8128F38576h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x16724 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x19000 | 0x968 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x1b0 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x15d48 | 0x16000 | False | 0.380715110085 | data | 5.84552175054 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x17000 | 0x11b0 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x19000 | 0x968 | 0x1000 | False | 0.177978515625 | data | 2.04406356685 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x19838 | 0x130 | data | ||
RT_ICON | 0x19550 | 0x2e8 | data | ||
RT_ICON | 0x19428 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x193f8 | 0x30 | data | ||
RT_VERSION | 0x19150 | 0x2a8 | data | Kyrgyz | Cyrillic |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | __vbaStrI2, _CIcos, _adj_fptan, __vbaFreeVar, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaExitProc, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaAryConstruct2, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaVarErrI4, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, _CIatan, __vbaStrMove, __vbaCastObj, __vbaAryCopy, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0440 0x04b0 |
LegalCopyright | POWbit |
InternalName | Mandfolkene7 |
FileVersion | 1.00 |
CompanyName | POWbit |
LegalTrademarks | POWbit |
Comments | POWbit |
ProductName | O |
ProductVersion | 1.00 |
OriginalFilename | Mandfolkene7.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Kyrgyz | Cyrillic |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 1, 2021 15:43:41.920696020 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:41.991619110 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:41.992906094 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.009243965 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.077939034 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.081428051 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.081465960 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.081485033 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.081521034 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.081553936 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.156919956 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.225944996 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.230822086 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.245857954 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.325539112 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.325577974 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.325599909 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.325619936 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.325644016 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.325665951 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.325680971 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.325686932 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.325711012 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.325716019 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.325733900 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.325754881 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.325778961 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.325810909 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.394299984 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394325018 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394340992 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394361973 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394378901 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394393921 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394409895 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394424915 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394440889 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394458055 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394474030 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394486904 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.394493103 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394510031 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394526005 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394541979 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394556999 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394565105 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.394572020 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394598961 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394606113 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394612074 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.394619942 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.394691944 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463238955 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463279963 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463310003 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463335037 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463356018 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463361979 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463387012 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463397026 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463411093 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463413954 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463442087 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463443995 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463464975 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463468075 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463485003 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463500023 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463509083 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463529110 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463553905 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463572025 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463581085 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463603973 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463607073 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463632107 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463633060 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463655949 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463658094 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463674068 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463682890 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463694096 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463715076 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463723898 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463743925 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463756084 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463769913 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463787079 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463797092 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463807106 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463823080 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463835001 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463848114 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463856936 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463872910 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463900089 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463913918 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463932037 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463944912 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463960886 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463974953 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.463985920 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.463994980 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.464011908 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.464024067 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.464037895 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.464049101 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.464062929 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.464073896 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.464088917 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.464104891 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.464113951 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.464139938 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.464145899 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.464164972 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.464174986 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.464195967 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.464200020 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.464216948 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.464226007 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.464241028 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.464251041 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.464261055 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.464276075 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.464291096 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.464303017 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.464327097 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.464350939 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.532766104 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.532797098 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.532816887 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.532831907 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.532845974 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.532860994 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.532875061 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:42.532943010 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:42.532998085 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:43.513925076 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.572840929 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.572961092 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.581417084 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.641012907 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.642622948 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.642653942 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.642662048 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.642731905 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.642780066 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.662509918 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.721553087 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.721652031 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.722532988 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.787161112 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.787225008 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.787265062 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.787302971 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.787338018 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.787339926 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.787390947 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.787394047 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.787429094 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.787435055 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.787455082 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.787472963 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.787512064 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.787512064 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.787533998 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.787550926 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.787561893 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.787597895 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850177050 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850213051 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850230932 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850246906 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850263119 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850279093 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850291967 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850310087 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850327969 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850330114 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850383043 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850406885 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850459099 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850483894 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850501060 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850517035 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850528002 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850549936 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850570917 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850574017 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850595951 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850611925 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850622892 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850639105 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850641012 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850666046 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850689888 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850717068 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850750923 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850758076 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850766897 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850783110 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.850790977 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850820065 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.850833893 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.908961058 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909002066 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909027100 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909049988 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909073114 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909092903 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909117937 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909135103 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909142017 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909162998 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909187078 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909189939 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909209013 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909216881 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909240961 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909288883 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909290075 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909316063 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909338951 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909339905 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909363031 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909372091 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909399986 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909400940 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909425974 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909426928 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909447908 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909455061 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909476042 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909480095 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909497976 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909507036 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909521103 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909533024 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909548044 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909557104 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909571886 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909586906 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909594059 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909615993 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909615993 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909640074 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909650087 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909661055 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909682989 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909689903 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909730911 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909745932 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909768105 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909790993 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909795046 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909816027 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909838915 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909857035 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909874916 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909879923 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909908056 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909912109 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909931898 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909945011 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909954071 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909967899 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909976959 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.909997940 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.909998894 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.910021067 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.910032988 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.910072088 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968060017 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968090057 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968106031 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968121052 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968132019 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968143940 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968144894 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968179941 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968236923 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968281031 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968297005 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968312979 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968324900 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968328953 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968344927 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968358040 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968360901 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968374014 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968389988 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968396902 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968405008 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968420029 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968420029 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968444109 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968457937 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968461037 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968487978 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968502998 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968518019 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968519926 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968544006 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968561888 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968565941 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968578100 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968594074 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968602896 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968609095 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968626976 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968648911 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968687057 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968708992 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968730927 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968734980 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968755960 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968766928 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968777895 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968801975 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968806028 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968831062 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968838930 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968851089 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:43.968858957 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968878984 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:43.968899965 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:44.069583893 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:43:44.175717115 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:43:44.175833941 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:43:44.176665068 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:43:44.323533058 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:43:44.909543037 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:44.909575939 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:43:44.909707069 CEST | 49748 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:43:47.465027094 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:47.465038061 CEST | 443 | 49745 | 116.203.34.79 | 192.168.2.4 |
Apr 1, 2021 15:43:47.470822096 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:43:58.984450102 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:43:59.018122911 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:43:59.164756060 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:44:06.531954050 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:44:06.537918091 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:44:06.684010983 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:44:14.909661055 CEST | 443 | 49748 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:18.683562040 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:44:18.687422991 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:44:18.836016893 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:44:30.864751101 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:44:30.874263048 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:44:31.020437002 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.316864014 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.376843929 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.377052069 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.411396980 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.472084999 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.473434925 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.473458052 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.473495007 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.473608017 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.473666906 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.488372087 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.549283981 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.549393892 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.561263084 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.625113010 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.625148058 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.625166893 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.625179052 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.625191927 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.625202894 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.625226974 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.625250101 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.625253916 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.625272989 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.625284910 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.625288010 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.625298977 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.625310898 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.625345945 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.625946999 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.685229063 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685259104 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685277939 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685296059 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685312033 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685327053 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685350895 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.685360909 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685373068 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.685379028 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685446978 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.685451984 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685471058 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685494900 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.685497999 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685514927 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685529947 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.685551882 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.685558081 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685575008 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685602903 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.685636044 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.685657024 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685678005 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685694933 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685698986 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.685710907 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685719013 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.685729980 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685748100 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.685766935 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.685780048 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.685822964 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.746515989 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.746576071 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.746665001 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.746731043 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.746885061 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.746926069 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.746963978 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747014046 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747018099 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747059107 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747097015 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747102022 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747133017 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747138023 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747138023 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747143030 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747172117 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747190952 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747198105 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747229099 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747271061 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747270107 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747304916 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747311115 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747344017 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747351885 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747353077 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747430086 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747512102 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747564077 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747596979 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747605085 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747643948 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747646093 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747677088 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747683048 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747716904 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747723103 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747755051 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747761011 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747797012 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747801065 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747838020 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747840881 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747874975 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747901917 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747903109 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747947931 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.747978926 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.747986078 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748019934 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.748028040 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748066902 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748068094 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.748099089 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.748106956 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748146057 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748147964 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.748178959 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.748184919 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748218060 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.748236895 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.748236895 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748281956 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748317957 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.748322010 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748368979 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748399019 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748429060 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748467922 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748485088 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748490095 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.748518944 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.748526096 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.748662949 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.748671055 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.806704998 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.806757927 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.806797028 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.806837082 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.806850910 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.806904078 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.806912899 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.806936979 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.807276011 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.807346106 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.807378054 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.807399988 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.807404041 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.807442904 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.807457924 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.807483912 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.807492971 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.807523012 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.807538986 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.807559967 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.807576895 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.807600975 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.807615042 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.807651043 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.808449984 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.808535099 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.808537006 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.808604002 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.808604956 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.808645010 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.808669090 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.808695078 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.808701038 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.808734894 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.808752060 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.808773041 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.808789015 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.808811903 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.808830023 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.808851004 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.808876038 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.808898926 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.808931112 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.808945894 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.808975935 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.808984995 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809025049 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809031010 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809041977 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809062958 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809079885 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809101105 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809117079 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809139967 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809155941 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809180021 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809197903 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809230089 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809231997 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809273958 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809314013 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809354067 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809422016 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809437037 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809451103 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809458017 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809464931 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809473038 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809499979 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809542894 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809580088 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809588909 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809598923 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809606075 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809618950 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809647083 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809659004 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809680939 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809696913 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809731960 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809735060 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809747934 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809772968 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809798002 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809820890 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809848070 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809863091 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809884071 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809905052 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809938908 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809943914 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.809957027 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.809983015 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810004950 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810020924 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810046911 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810059071 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810076952 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810097933 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810121059 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810144901 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810162067 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810189009 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810209036 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810228109 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810246944 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810266972 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810292006 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810305119 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810327053 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810343981 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810370922 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810383081 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810400009 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810420990 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810446978 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810468912 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810487986 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810512066 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810537100 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810550928 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810564995 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810590029 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810612917 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810627937 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810657024 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810681105 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810695887 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810695887 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810715914 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810734987 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810755014 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810774088 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810796976 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810811996 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810827971 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810849905 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810873032 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810887098 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810913086 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810925961 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810941935 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.810972929 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.810982943 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.811016083 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.811033010 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.811053991 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.811075926 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.811091900 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.811115980 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.811131001 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.811157942 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.811167955 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.811186075 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.811199903 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.811239958 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.811239958 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.811256886 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.811290979 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.866851091 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.866878986 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.866894007 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.866909981 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.866962910 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.866977930 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.867006063 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.867023945 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.867033005 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.867038965 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.867069960 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.867094994 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.867386103 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.867403030 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.867419004 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.867434978 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.867460966 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.867494106 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.867496967 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.867513895 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.867543936 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.867558956 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.867575884 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.867578030 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.867607117 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.867628098 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:33.867631912 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:33.867670059 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:34.810055971 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:34.810115099 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:44:34.810237885 CEST | 49769 | 443 | 192.168.2.4 | 185.81.0.109 |
Apr 1, 2021 15:44:43.018464088 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:44:43.024405956 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:44:43.171808958 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:44:55.167109966 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:44:55.194011927 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:44:55.339941025 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:45:04.810081005 CEST | 443 | 49769 | 185.81.0.109 | 192.168.2.4 |
Apr 1, 2021 15:45:07.311819077 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:45:07.490447044 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:45:07.883574009 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:45:08.029917002 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:45:19.489952087 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:45:19.493801117 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:45:19.639565945 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:45:31.634316921 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:45:31.634918928 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:45:31.696616888 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:45:31.696644068 CEST | 49745 | 443 | 192.168.2.4 | 116.203.34.79 |
Apr 1, 2021 15:45:31.782732010 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:45:43.801510096 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
Apr 1, 2021 15:45:43.802213907 CEST | 49749 | 6090 | 192.168.2.4 | 79.134.225.109 |
Apr 1, 2021 15:45:43.947599888 CEST | 6090 | 49749 | 79.134.225.109 | 192.168.2.4 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 1, 2021 15:43:15.535963058 CEST | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:15.581911087 CEST | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:16.694917917 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:16.753235102 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:18.575983047 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:18.621825933 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:19.573478937 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:19.620323896 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:20.695627928 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:20.741533995 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:21.026272058 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:21.073623896 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:22.196043015 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:22.250602961 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:23.158515930 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:23.204359055 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:24.994379044 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:25.043277025 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:26.692487001 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:26.752346039 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:27.868361950 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:27.914273977 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:29.413628101 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:29.461770058 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:35.571326017 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:35.621689081 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:37.100397110 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:37.156961918 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:39.956054926 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:40.008654118 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:40.745585918 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:40.791531086 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:41.833261967 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:41.901607037 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:41.939317942 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:41.986629963 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:42.864022970 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:42.909962893 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:43.421148062 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:43.511255980 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:45.867594957 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:45.913599968 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:47.256077051 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:47.303358078 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:43:48.815706015 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:43:48.861762047 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:01.465003967 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:01.548556089 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:02.225209951 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:02.367655993 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:02.901695967 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:02.960102081 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:03.448379040 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:03.503814936 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:04.060703039 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:04.117774963 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:04.691134930 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:04.737149954 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:05.230901003 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:05.289005995 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:06.135133982 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:06.192943096 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:07.205127001 CEST | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:07.262980938 CEST | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:07.919828892 CEST | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:07.968537092 CEST | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:13.103957891 CEST | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:13.174320936 CEST | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:17.459073067 CEST | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:17.517321110 CEST | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:33.246081114 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:33.300718069 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:52.180541992 CEST | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:52.235055923 CEST | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2021 15:44:52.807077885 CEST | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2021 15:44:52.867428064 CEST | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 1, 2021 15:43:41.833261967 CEST | 192.168.2.4 | 8.8.8.8 | 0xd98d | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 1, 2021 15:43:43.421148062 CEST | 192.168.2.4 | 8.8.8.8 | 0x3070 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 1, 2021 15:44:33.246081114 CEST | 192.168.2.4 | 8.8.8.8 | 0x2fcf | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 1, 2021 15:43:41.901607037 CEST | 8.8.8.8 | 192.168.2.4 | 0xd98d | No error (0) | sogecoenergy.com | CNAME (Canonical name) | IN (0x0001) | ||
Apr 1, 2021 15:43:41.901607037 CEST | 8.8.8.8 | 192.168.2.4 | 0xd98d | No error (0) | 116.203.34.79 | A (IP address) | IN (0x0001) | ||
Apr 1, 2021 15:43:43.511255980 CEST | 8.8.8.8 | 192.168.2.4 | 0x3070 | No error (0) | 185.81.0.109 | A (IP address) | IN (0x0001) | ||
Apr 1, 2021 15:44:33.300718069 CEST | 8.8.8.8 | 192.168.2.4 | 0x2fcf | No error (0) | 185.81.0.109 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Apr 1, 2021 15:43:42.081465960 CEST | 116.203.34.79 | 443 | 192.168.2.4 | 49745 | CN=sogecoenergy.com CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Sat Feb 27 01:36:30 CET 2021 Wed Oct 07 21:21:40 CEST 2020 | Fri May 28 02:36:30 CEST 2021 Wed Sep 29 21:21:40 CEST 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=R3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Oct 07 21:21:40 CEST 2020 | Wed Sep 29 21:21:40 CEST 2021 | |||||||
Apr 1, 2021 15:43:43.642653942 CEST | 185.81.0.109 | 443 | 192.168.2.4 | 49748 | CN=mariotessarollo.com CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Sun Mar 21 16:24:48 CET 2021 Wed Oct 07 21:21:40 CEST 2020 | Sat Jun 19 17:24:48 CEST 2021 Wed Sep 29 21:21:40 CEST 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=R3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Oct 07 21:21:40 CEST 2020 | Wed Sep 29 21:21:40 CEST 2021 | |||||||
Apr 1, 2021 15:44:33.473458052 CEST | 185.81.0.109 | 443 | 192.168.2.4 | 49769 | CN=mariotessarollo.com CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Sun Mar 21 16:24:48 CET 2021 Wed Oct 07 21:21:40 CEST 2020 | Sat Jun 19 17:24:48 CEST 2021 Wed Sep 29 21:21:40 CEST 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=R3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Oct 07 21:21:40 CEST 2020 | Wed Sep 29 21:21:40 CEST 2021 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 15:42:56 |
Start date: | 01/04/2021 |
Path: | C:\Users\user\Desktop\dd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 102400 bytes |
MD5 hash: | 287073F3D2C3100BA375B7BF0DB3B0D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Reputation: | low |
General |
---|
Start time: | 15:43:25 |
Start date: | 01/04/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe90000 |
File size: | 480256 bytes |
MD5 hash: | DAD17AB737E680C47C8A44CBB95EE67E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 15:43:42 |
Start date: | 01/04/2021 |
Path: | C:\Users\user\AppData\Local\Temp\ota.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 102400 bytes |
MD5 hash: | F22F008D6287349195ADEF8975497D1F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Reputation: | low |
General |
---|
Start time: | 15:44:18 |
Start date: | 01/04/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xaf0000 |
File size: | 64616 bytes |
MD5 hash: | 6FD7592411112729BF6B1F2F6C34899F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 15:44:19 |
Start date: | 01/04/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:44:44 |
Start date: | 01/04/2021 |
Path: | C:\Users\user\Afkodedes8\asparagussens.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 102400 bytes |
MD5 hash: | F22F008D6287349195ADEF8975497D1F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Reputation: | low |
General |
---|
Start time: | 15:44:52 |
Start date: | 01/04/2021 |
Path: | C:\Users\user\Afkodedes8\asparagussens.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 102400 bytes |
MD5 hash: | F22F008D6287349195ADEF8975497D1F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 3.8% |
Dynamic/Decrypted Code Coverage: | 54.5% |
Signature Coverage: | 35.8% |
Total number of Nodes: | 769 |
Total number of Limit Nodes: | 94 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216049A, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02164707, Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 843libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02162F0C, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 206nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02164898, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 171nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021605F8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216058B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160560, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 100nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160634, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 94nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216057F, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 86nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216053B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160678, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021655A7, Relevance: 2.0, APIs: 1, Instructions: 549COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216218C, Relevance: 1.9, APIs: 1, Instructions: 351COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160E24, Relevance: 1.8, APIs: 1, Instructions: 311COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160ED4, Relevance: 1.8, APIs: 1, Instructions: 310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02162250, Relevance: 1.8, APIs: 1, Instructions: 307COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02162200, Relevance: 1.8, APIs: 1, Instructions: 286COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02162350, Relevance: 1.8, APIs: 1, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021622B6, Relevance: 1.8, APIs: 1, Instructions: 260COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021622F0, Relevance: 1.8, APIs: 1, Instructions: 256COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160798, Relevance: 1.8, APIs: 1, Instructions: 254COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021607B4, Relevance: 1.7, APIs: 1, Instructions: 249COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216231C, Relevance: 1.7, APIs: 1, Instructions: 237COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160808, Relevance: 1.7, APIs: 1, Instructions: 225COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160836, Relevance: 1.7, APIs: 1, Instructions: 224COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021623D4, Relevance: 1.7, APIs: 1, Instructions: 213COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02162393, Relevance: 1.7, APIs: 1, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160870, Relevance: 1.7, APIs: 1, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021608D8, Relevance: 1.7, APIs: 1, Instructions: 197COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02162487, Relevance: 1.7, APIs: 1, Instructions: 192COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02162452, Relevance: 1.7, APIs: 1, Instructions: 185COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02162424, Relevance: 1.7, APIs: 1, Instructions: 182COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021608A8, Relevance: 1.7, APIs: 1, Instructions: 176COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02161D96, Relevance: 1.7, APIs: 1, Instructions: 174COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02165F78, Relevance: 1.7, APIs: 1, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216090B, Relevance: 1.7, APIs: 1, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02165FA8, Relevance: 1.6, APIs: 1, Instructions: 141COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02165FC8, Relevance: 1.6, APIs: 1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160A82, Relevance: 1.6, APIs: 1, Instructions: 107COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216261F, Relevance: 1.6, APIs: 1, Instructions: 97nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021661D8, Relevance: 1.6, APIs: 1, Instructions: 89nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021660A6, Relevance: 1.6, APIs: 1, Instructions: 86nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021660C4, Relevance: 1.6, APIs: 1, Instructions: 85nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02166133, Relevance: 1.6, APIs: 1, Instructions: 84nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02162667, Relevance: 1.6, APIs: 1, Instructions: 73nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02166088, Relevance: 1.6, APIs: 1, Instructions: 73nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216268F, Relevance: 1.6, APIs: 1, Instructions: 71nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021625EC, Relevance: 1.6, APIs: 1, Instructions: 71nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216616A, Relevance: 1.6, APIs: 1, Instructions: 67nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02166208, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02166223, Relevance: 1.5, APIs: 1, Instructions: 49nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02166243, Relevance: 1.5, APIs: 1, Instructions: 46nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02166264, Relevance: 1.5, APIs: 1, Instructions: 41nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216619D, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021661EC, Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02165A8D, Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02165A92, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411ACF, Relevance: 591.0, APIs: 301, Strings: 35, Instructions: 3007COMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 67% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02164754, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02163DBE, Relevance: 1.9, APIs: 1, Instructions: 442COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160994, Relevance: 1.7, APIs: 1, Instructions: 176COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160938, Relevance: 1.7, APIs: 1, Instructions: 175COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160B78, Relevance: 1.7, APIs: 1, Instructions: 170COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160960, Relevance: 1.7, APIs: 1, Instructions: 161COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160BD3, Relevance: 1.6, APIs: 1, Instructions: 144COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160A32, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021648A8, Relevance: 1.6, APIs: 1, Instructions: 106librarynativethreadCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160AAC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021620D8, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02164E3B, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160A08, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160AFF, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216443A, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160B34, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160AE7, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02162D72, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160BBA, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160514, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02163ECE, Relevance: 1.5, APIs: 1, Instructions: 28fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02163EF0, Relevance: 1.5, APIs: 1, Instructions: 21fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02163EAF, Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02163EC3, Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02163F14, Relevance: 1.5, APIs: 1, Instructions: 5fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 021655B4, Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021655CC, Relevance: .2, Instructions: 183COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02165612, Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216568C, Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216565B, Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02161DB0, Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02161E06, Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02161DEB, Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02161E40, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02164F70, Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02164F79, Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02164668, Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02164658, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021629DC, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411636, Relevance: 69.3, APIs: 46, Instructions: 301COMMON
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 57% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 52% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 56% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 55% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 1.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 3.8% |
Total number of Nodes: | 184 |
Total number of Limit Nodes: | 17 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252AB2, Relevance: 4.6, APIs: 3, Instructions: 99sleepCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03251F4B, Relevance: 4.6, APIs: 3, Instructions: 93nativeCOMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03254707, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 424libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252D04, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24nativeCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252C7B, Relevance: 1.6, APIs: 1, Instructions: 83nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252003, Relevance: 1.6, APIs: 1, Instructions: 82nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252C33, Relevance: 1.6, APIs: 1, Instructions: 71nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252CCC, Relevance: 1.6, APIs: 1, Instructions: 71nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03251FD3, Relevance: 1.6, APIs: 1, Instructions: 69nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252BDA, Relevance: 1.6, APIs: 1, Instructions: 52nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252BBC, Relevance: 1.6, APIs: 1, Instructions: 51nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252C60, Relevance: 1.5, APIs: 1, Instructions: 44nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252CB4, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252C13, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252B54, Relevance: 1.5, APIs: 1, Instructions: 22nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03255A8C, Relevance: 1.5, APIs: 1, Instructions: 15nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03255A92, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252FA8, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 172networkCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252F1B, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 169networkCOMMON
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252EC8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56networkCOMMON
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03254754, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0325429E, Relevance: 1.9, APIs: 1, Instructions: 352COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03254308, Relevance: 1.8, APIs: 1, Instructions: 284COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03255F30, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03255F78, Relevance: 1.7, APIs: 1, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03254CD2, Relevance: 1.6, APIs: 1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03256010, Relevance: 1.6, APIs: 1, Instructions: 145COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03255FA8, Relevance: 1.6, APIs: 1, Instructions: 141COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03255FD8, Relevance: 1.6, APIs: 1, Instructions: 139COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03255FF4, Relevance: 1.6, APIs: 1, Instructions: 137COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03255F5A, Relevance: 1.6, APIs: 1, Instructions: 136COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03255FC8, Relevance: 1.6, APIs: 1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03255F1D, Relevance: 1.6, APIs: 1, Instructions: 120COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03256040, Relevance: 1.6, APIs: 1, Instructions: 118COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03256068, Relevance: 1.6, APIs: 1, Instructions: 114COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032560D8, Relevance: 1.6, APIs: 1, Instructions: 107COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032560FC, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032520D6, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032561D8, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032560A6, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032560C4, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03256133, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03256088, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0325616A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03256208, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03256223, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03256243, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03256264, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0325619D, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032561EC, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03253ECE, Relevance: 1.5, APIs: 1, Instructions: 28fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03254268, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0325424C, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032541CF, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03254234, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03253EF0, Relevance: 1.5, APIs: 1, Instructions: 21fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032541C0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03253EAF, Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03253EC3, Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03254204, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03253F14, Relevance: 1.5, APIs: 1, Instructions: 5fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252A99, Relevance: 1.3, APIs: 1, Instructions: 31sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252AB3, Relevance: 1.3, APIs: 1, Instructions: 29sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252ACB, Relevance: 1.3, APIs: 1, Instructions: 27sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252AA8, Relevance: 1.3, APIs: 1, Instructions: 22sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252B16, Relevance: 1.3, APIs: 1, Instructions: 20sleeplibrarynativeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03252AFC, Relevance: 1.3, APIs: 1, Instructions: 17sleeplibrarynativeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Execution Graph |
---|
Execution Coverage: | 13.6% |
Dynamic/Decrypted Code Coverage: | 3.2% |
Signature Coverage: | 0.4% |
Total number of Nodes: | 555 |
Total number of Limit Nodes: | 84 |
Graph
Executed Functions |
---|
Function 00401594, Relevance: 6.4, APIs: 1, Strings: 1, Instructions: 2913COMMONCrypto
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411CEF, Relevance: 578.8, APIs: 294, Strings: 35, Instructions: 3005COMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 67% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00411856, Relevance: 69.3, APIs: 46, Instructions: 301COMMON
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 57% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 52% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 56% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 55% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 8.1% |
Dynamic/Decrypted Code Coverage: | 67.1% |
Signature Coverage: | 0% |
Total number of Nodes: | 161 |
Total number of Limit Nodes: | 8 |
Graph
Executed Functions |
---|
Function 00F05DFF, Relevance: 1.7, APIs: 1, Instructions: 153COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F06048, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F03457, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115networkCOMMON
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F034E1, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 101networkCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F034AE, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74networkCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F06546, Relevance: 1.6, APIs: 1, Instructions: 149fileCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F04B7E, Relevance: 1.6, APIs: 1, Instructions: 148COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F06598, Relevance: 1.6, APIs: 1, Instructions: 136fileCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D913C6F, Relevance: 1.6, APIs: 1, Instructions: 136COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F06511, Relevance: 1.6, APIs: 1, Instructions: 122fileCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D913C7C, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D915184, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F0666C, Relevance: 1.6, APIs: 1, Instructions: 107fileCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F06560, Relevance: 1.6, APIs: 1, Instructions: 105fileCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F030B6, Relevance: 1.6, APIs: 1, Instructions: 104fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F0657C, Relevance: 1.6, APIs: 1, Instructions: 101fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F066A8, Relevance: 1.6, APIs: 1, Instructions: 97fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F065CC, Relevance: 1.6, APIs: 1, Instructions: 97fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D916964, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F065F0, Relevance: 1.6, APIs: 1, Instructions: 84fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F01F1A, Relevance: 1.6, APIs: 1, Instructions: 78threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F06686, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F043DB, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D91BDE8, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D916D73, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D916D78, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D91BDF8, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F0675A, Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F0677C, Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F0681F, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F067A2, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F04330, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F04390, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F043A8, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F043C0, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F043A6, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F03B2E, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F030A8, Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F03B24, Relevance: 1.5, APIs: 1, Instructions: 7libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D7CD53C, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D7CD450, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D7DD01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D7DD005, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D7CD537, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1D7CD44B, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|