Analysis Report ddff.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Username: ": "edeiF78", "URL: ": "https://t8vI5nXseaUv.com", "To: ": "sanetbehin.co@gmail.com", "ByHost: ": "mail.gcclatinoamerica.com:587", "Password: ": "6VomwXsWgiEV7", "From: ": "jobs@gcclatinoamerica.com"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 1 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: RegAsm connects to smtp port | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Installs a global keyboard hook | Show sources |
Source: | Windows user hook set: | Jump to behavior |
Source: | Code function: | 0_2_00414594 |
Source: | Binary or memory string: |
Source: | Window created: | Jump to behavior |
System Summary: |
---|
Source: | Process Stats: |
Source: | Code function: | 19_2_00F08809 | |
Source: | Code function: | 19_2_00F082D9 | |
Source: | Code function: | 19_2_00F088F4 | |
Source: | Code function: | 19_2_00F088C6 | |
Source: | Code function: | 19_2_00F0889E | |
Source: | Code function: | 19_2_00F08875 | |
Source: | Code function: | 19_2_00F08C7F | |
Source: | Code function: | 19_2_00F08C54 | |
Source: | Code function: | 19_2_00F0884D | |
Source: | Code function: | 19_2_00F08824 | |
Source: | Code function: | 19_2_00F089CC | |
Source: | Code function: | 19_2_00F089A7 | |
Source: | Code function: | 19_2_00F08979 | |
Source: | Code function: | 19_2_00F08D6E | |
Source: | Code function: | 19_2_00F08951 | |
Source: | Code function: | 19_2_00F08922 | |
Source: | Code function: | 19_2_00F08D2C | |
Source: | Code function: | 19_2_00F08D04 | |
Source: | Code function: | 19_2_00F08AE3 | |
Source: | Code function: | 19_2_00F082D7 | |
Source: | Code function: | 19_2_00F08ABE | |
Source: | Code function: | 19_2_00F08A89 | |
Source: | Code function: | 19_2_00F08A61 | |
Source: | Code function: | 19_2_00F08A35 | |
Source: | Code function: | 19_2_00F08A05 | |
Source: | Code function: | 19_2_00F08BDE | |
Source: | Code function: | 19_2_00F08B9F | |
Source: | Code function: | 19_2_00F08B77 | |
Source: | Code function: | 19_2_00F08B4B | |
Source: | Code function: | 19_2_00F08B14 |
Source: | Code function: | 0_2_004064CA | |
Source: | Code function: | 0_2_0040729D | |
Source: | Code function: | 19_2_00F0433E | |
Source: | Code function: | 19_2_01256878 | |
Source: | Code function: | 19_2_01255B18 | |
Source: | Code function: | 19_2_0128A9E8 | |
Source: | Code function: | 19_2_01287B98 | |
Source: | Code function: | 19_2_012847F2 | |
Source: | Code function: | 19_2_01280DB0 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00404E48 | |
Source: | Code function: | 0_2_0040404C | |
Source: | Code function: | 0_2_00406403 | |
Source: | Code function: | 0_2_00406406 | |
Source: | Code function: | 0_2_00406409 | |
Source: | Code function: | 0_2_0040640C | |
Source: | Code function: | 0_2_0040640F | |
Source: | Code function: | 0_2_00406412 | |
Source: | Code function: | 0_2_00409046 | |
Source: | Code function: | 0_2_004020FC | |
Source: | Code function: | 0_2_00402EFC | |
Source: | Code function: | 0_2_00402100 | |
Source: | Code function: | 0_2_00403404 | |
Source: | Code function: | 0_2_00402304 | |
Source: | Code function: | 0_2_004063C4 | |
Source: | Code function: | 0_2_004063C7 | |
Source: | Code function: | 0_2_004063CA | |
Source: | Code function: | 0_2_004063CD | |
Source: | Code function: | 0_2_004063D0 | |
Source: | Code function: | 0_2_004063D3 | |
Source: | Code function: | 0_2_004063D6 | |
Source: | Code function: | 0_2_004063D9 | |
Source: | Code function: | 0_2_00402BE0 | |
Source: | Code function: | 0_2_004063DC | |
Source: | Code function: | 0_2_004063DF | |
Source: | Code function: | 0_2_004063E2 | |
Source: | Code function: | 0_2_004063E5 | |
Source: | Code function: | 0_2_004063E8 | |
Source: | Code function: | 0_2_004063EB | |
Source: | Code function: | 0_2_004063EE | |
Source: | Code function: | 0_2_004063F1 |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Detected RDTSC dummy instruction sequence (likely for instruction hammering) | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Code function: | 19_2_00F034E3 |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 19_2_00F034E3 |
Source: | Code function: | 19_2_01250A70 |
Source: | Code function: | 19_2_00F038BB | |
Source: | Code function: | 19_2_00F07C85 | |
Source: | Code function: | 19_2_00F07C33 | |
Source: | Code function: | 19_2_00F07C38 | |
Source: | Code function: | 19_2_00F061D0 | |
Source: | Code function: | 19_2_00F06B79 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection2 | Masquerading1 | OS Credential Dumping2 | Query Registry1 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Disable or Modify Tools1 | Input Capture111 | Security Software Discovery631 | Remote Desktop Protocol | Input Capture111 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion341 | Credentials in Registry1 | Process Discovery2 | SMB/Windows Admin Shares | Archive Collected Data1 | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection2 | NTDS | Virtualization/Sandbox Evasion341 | Distributed Component Object Model | Data from Local System2 | Scheduled Transfer | Application Layer Protocol112 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | Application Window Discovery1 | SSH | Clipboard Data2 | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | Remote System Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery313 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
16% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
mail.gcclatinoamerica.com | 108.179.235.108 | true | true |
| unknown |
googlehosted.l.googleusercontent.com | 172.217.23.33 | true | false | high | |
doc-0k-1c-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.23.33 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
108.179.235.108 | mail.gcclatinoamerica.com | United States | 46606 | UNIFIEDLAYER-AS-1US | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 382651 |
Start date: | 06.04.2021 |
Start time: | 12:37:48 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 25s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | ddff.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 40 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/2@2/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
12:40:20 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
UNIFIEDLAYER-AS-1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20480 |
Entropy (8bit): | 0.6970840431455908 |
Encrypted: | false |
SSDEEP: | 24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0 |
MD5: | 00681D89EDDB6AD25E6F4BD2E66C61C6 |
SHA1: | 14B2FBFB460816155190377BBC66AB5D2A15F7AB |
SHA-256: | 8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85 |
SHA-512: | 159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.729364262794313 |
TrID: |
|
File name: | ddff.exe |
File size: | 122880 |
MD5: | ded56210e4491797f704b4b0525238d8 |
SHA1: | 7a1ca12b56aee84bab41abb6cd4b6eb50a64ef21 |
SHA256: | 422287b67dd187c3fae4472cdf654ef69354ab78ac094dee6711874c9e59f1f4 |
SHA512: | a5e2399e1b18ac416036658db449c2c77e30a31242d2c827870022989ff5b5cff6cf183b5e04b1a20be72ad615782b8f43975cd42c27d1b961745ee70e6fef3b |
SSDEEP: | 1536:FGouBWGIDtxQCg53OuHKuSx2ig9TWb1yihGo:FGZBWG+tebq3x2nCb1yihG |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1...1...1.......0...~...0.......0...Rich1...........PE..L...>..T.................p...`......(.............@................ |
File Icon |
---|
Icon Hash: | 0ccea09899191898 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401328 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x54DD953E [Fri Feb 13 06:10:06 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | efa774b90ad6b9ab8c4fabb031ebe78d |
Entrypoint Preview |
---|
Instruction |
---|
push 00413DF0h |
call 00007F6C00804D35h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
cmp byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add al, BBh |
sub al, 88h |
mov ebx, DB9B42F0h |
xchg eax, esp |
imul edi, dword ptr [eax+001FFE45h], 00h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
inc ecx |
add byte ptr [esi+4D018250h], al |
inc ecx |
dec ecx |
inc esp |
inc ebp |
dec esi |
add byte ptr [ebx], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
sub byte ptr [ecx], dh |
js 00007F6C00804D41h |
das |
movsd |
pop ss |
into |
dec edi |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x175f4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x19000 | 0x4856 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0xd4 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x169e4 | 0x17000 | False | 0.347486413043 | data | 6.18979858125 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x18000 | 0xa88 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x19000 | 0x4856 | 0x5000 | False | 0.414111328125 | data | 4.36025980168 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x1b2ae | 0x25a8 | data | ||
RT_ICON | 0x1a206 | 0x10a8 | data | ||
RT_ICON | 0x1987e | 0x988 | data | ||
RT_ICON | 0x19416 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x193d8 | 0x3e | data | ||
RT_VERSION | 0x19180 | 0x258 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaVarForInit, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaStrToAnsi, __vbaVarDup, __vbaFpI4, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, _CItan, __vbaVarForNext, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
InternalName | nyanlgg |
FileVersion | 3.00 |
CompanyName | Salty |
Comments | Salty |
ProductName | Salty |
ProductVersion | 3.00 |
FileDescription | Salty |
OriginalFilename | nyanlgg.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 6, 2021 12:40:10.254446983 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.295238018 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.295432091 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.296657085 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.337526083 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.351098061 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.351195097 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.351248980 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.351259947 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.351289988 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.351295948 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.351300001 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.351363897 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.364321947 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.405380011 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.405553102 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.406564951 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.451906919 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.651345015 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.651422977 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.651462078 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.651473999 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.651499033 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.651524067 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.651539087 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.651582956 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.651583910 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.651643038 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.654021025 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.654078960 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.654099941 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.654149055 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.656913996 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.656971931 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.656991959 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.657046080 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.659732103 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.659790039 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.659805059 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.659856081 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.662596941 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.662646055 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.662668943 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.662710905 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.664926052 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.664979935 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.665019989 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.665044069 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.692289114 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.692349911 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.692431927 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.692480087 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.693635941 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.693692923 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.693773985 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.693820000 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.696532965 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.696590900 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.696675062 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.696719885 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.699392080 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.699450970 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.699522018 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.699567080 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.702272892 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.702332020 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.702398062 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.702445030 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.705205917 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.705260992 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.705332041 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.705378056 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.707999945 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.708055973 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.708143950 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.708189964 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.710887909 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.710947037 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.710975885 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.711003065 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.713692904 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.713759899 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.713761091 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.713937998 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.716240883 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.716296911 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.716316938 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.716358900 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.718739033 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.718800068 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.718806982 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.718856096 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.721297979 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.721350908 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.721368074 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.721409082 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.723886013 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.723939896 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.723957062 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.724001884 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.726392984 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.726448059 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.726506948 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.726524115 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.728955984 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.729012966 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.729087114 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.729132891 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.733117104 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.733170986 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.733190060 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.733236074 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.734065056 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.734123945 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.734139919 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.734181881 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.735872984 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.735929012 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.735970974 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.735996962 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.737626076 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.737684965 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.737721920 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.737766981 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.739433050 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.739487886 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.739502907 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.739545107 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.741117001 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.741178036 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.741195917 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.741236925 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.742875099 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.742928028 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.742942095 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.742985964 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.744647980 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.744704008 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.744723082 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.744767904 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.746438026 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.746503115 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.746507883 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.746558905 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.748157978 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.748219967 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.748239994 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.748292923 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.749911070 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.749974012 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.749994040 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.750045061 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.751662016 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.751714945 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.751738071 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.751770973 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.753457069 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.753511906 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.753526926 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.753705025 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.755178928 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.755237103 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.755251884 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.755299091 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.756922007 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.756978989 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.757003069 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.757038116 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.758706093 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.758764982 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.758793116 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.758837938 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.760423899 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.760489941 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.760509014 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.760551929 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.762192011 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.762250900 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.762269020 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.762300968 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.763925076 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.763987064 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.764003038 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.764045000 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.765625000 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.765677929 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.765702009 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.765734911 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.767308950 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.767380953 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.767414093 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.767437935 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.768915892 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.768981934 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.768985033 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.769160986 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.770530939 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.770591974 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.770607948 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.770654917 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.772080898 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.772135019 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.772150040 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.772198915 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.773593903 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.773649931 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.773663998 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.773711920 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.775070906 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.775125027 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.775144100 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.775182009 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.776580095 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.776638031 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.776655912 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.776702881 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.778062105 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.778125048 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.778147936 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.778191090 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.778995991 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.779052973 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.779073000 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.779114962 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.779907942 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.779963017 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.779989958 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.780028105 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.780781984 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.780852079 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.780853033 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.781033039 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.781687021 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.781744003 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.781760931 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.781795979 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.782568932 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.782635927 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.782665014 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.782690048 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.783523083 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.783579111 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.783624887 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.783647060 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.784296036 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.784357071 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.784374952 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.784423113 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.785144091 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.785197020 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.785218000 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.785264015 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.785989046 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.786045074 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.786065102 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.786108971 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.786856890 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.786916018 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.786931992 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.786976099 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.787673950 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.787733078 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.787744045 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.787796974 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.788507938 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.788563967 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.788578033 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.788642883 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.789278984 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.789335012 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.789343119 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.789393902 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.790111065 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.790165901 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.790179968 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.790239096 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.790894032 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.790955067 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.790961027 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.791016102 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.791670084 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.791727066 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.791744947 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.791794062 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.792493105 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.792545080 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.792592049 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.792606115 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.793257952 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.793328047 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.793576002 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.794049025 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.794111967 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.794131994 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.794195890 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.794811964 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.794869900 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.794878006 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.794929981 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.795584917 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.795639992 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.795655012 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.795696974 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.796340942 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.796401024 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.796453953 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.796473026 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.797099113 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.797162056 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.797172070 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.797220945 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.797862053 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.797916889 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.797926903 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.797974110 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.798708916 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.798770905 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.798777103 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.798842907 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.799348116 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.799417019 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.799432993 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.799475908 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.800062895 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.800122023 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.800157070 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.800179005 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.800849915 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.800905943 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.800914049 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.800966978 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.801609039 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.801667929 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.801697969 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.801719904 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.802282095 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.802335978 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.802367926 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.802391052 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.802975893 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.803045034 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.803083897 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.803107977 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.803704023 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.803759098 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.803792000 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.803821087 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.804379940 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.804435015 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.804455042 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.804501057 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.805095911 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.805154085 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.805171967 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.805346966 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.805880070 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.805937052 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.805953026 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.805991888 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.806488037 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.806546926 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:40:10.806632042 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:40:10.806694031 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:41:45.565880060 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:45.722001076 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:45.722150087 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:46.038834095 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:46.039329052 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:46.195832014 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:46.196239948 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:46.355518103 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:46.368751049 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:46.536582947 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:46.536650896 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:46.536679029 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:46.536845922 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:46.547553062 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:46.704809904 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:46.717108965 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:46.873567104 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:46.876152992 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:47.032516003 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:47.033962965 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:47.192207098 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:47.195297003 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:47.351488113 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:47.352404118 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:47.515173912 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:47.515978098 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:47.671962976 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:47.678930998 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:47.679246902 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:47.680018902 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:47.680206060 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:47.834983110 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:47.835031033 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:47.835813046 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:47.835931063 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:47.836410999 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:47.885874987 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:48.730532885 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:48.887569904 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:48.887723923 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:48.888359070 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:48.889609098 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:49.049192905 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:49.049346924 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:49.212441921 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:49.212722063 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:49.373460054 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:49.374119043 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:49.538451910 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:49.539347887 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:49.719662905 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:49.719743967 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:49.719789982 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:49.719966888 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:49.726424932 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:49.887079000 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:49.890454054 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:50.050517082 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:50.051474094 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:50.211553097 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:50.212723970 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:50.373595953 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:50.374368906 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:50.533979893 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:50.546729088 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:50.713907003 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:50.715207100 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:50.874787092 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:50.881699085 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:50.882122993 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:50.882500887 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:50.882828951 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:50.883285046 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:50.883694887 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:50.883944035 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:50.884195089 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:51.041248083 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:51.041503906 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:51.041771889 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:51.042181969 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:51.042663097 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:51.042979956 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:51.043173075 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:51.043452024 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:51.043776989 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:41:51.089363098 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:41:57.794001102 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:41:57.835040092 CEST | 443 | 49733 | 172.217.23.33 | 192.168.2.3 |
Apr 6, 2021 12:41:57.835431099 CEST | 49733 | 443 | 192.168.2.3 | 172.217.23.33 |
Apr 6, 2021 12:43:25.363477945 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:43:25.524549961 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 |
Apr 6, 2021 12:43:25.524795055 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
Apr 6, 2021 12:43:25.525469065 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 6, 2021 12:38:26.490256071 CEST | 51281 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:38:26.549189091 CEST | 53 | 51281 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:38:27.416503906 CEST | 49199 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:38:27.480247021 CEST | 53 | 49199 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:38:28.519505024 CEST | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:38:28.575723886 CEST | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:38:29.014059067 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:38:29.072041035 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:38:30.183959961 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:38:30.229957104 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:38:31.505867958 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:38:31.552011967 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:38:52.675306082 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:38:52.724174976 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:38:53.792023897 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:38:53.837938070 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:38:55.091465950 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:38:55.137310028 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:38:56.338965893 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:38:56.385159969 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:05.734342098 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:05.807686090 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:21.900122881 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:21.959518909 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:24.274601936 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:24.320872068 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:26.891315937 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:26.940251112 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:28.500572920 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:28.549417973 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:30.388962030 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:30.438782930 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:31.387197018 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:31.433409929 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:32.174664021 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:32.223575115 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:35.404690981 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:35.452562094 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:36.924537897 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:36.971714020 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:37.874058008 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:37.922924042 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:39.459230900 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:39.515553951 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:40.542083979 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:40.588284016 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:41.355058908 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:41.403889894 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:39:52.314244986 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:39:52.384251118 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:40:07.986004114 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:40:08.048541069 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:40:08.731096983 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:40:08.776892900 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:40:10.189623117 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:40:10.252120018 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:40:13.892976999 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:40:13.947936058 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:40:44.937808990 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:40:44.993721008 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:40:46.527230978 CEST | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:40:46.573290110 CEST | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:41:21.843970060 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:41:21.927680969 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:41:22.512407064 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:41:22.567893028 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:41:22.960082054 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:41:23.318380117 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:41:23.886065960 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:41:23.943433046 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:41:24.556430101 CEST | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:41:24.612591982 CEST | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:41:25.342679977 CEST | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:41:25.415327072 CEST | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:41:25.958585024 CEST | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:41:26.018208027 CEST | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:41:26.713805914 CEST | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:41:26.771321058 CEST | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:41:27.935620070 CEST | 56338 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:41:27.990155935 CEST | 53 | 56338 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:41:28.673451900 CEST | 59420 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:41:28.719708920 CEST | 53 | 59420 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:41:45.341291904 CEST | 58784 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:41:45.547538042 CEST | 53 | 58784 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:43:18.767577887 CEST | 63978 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:43:18.822230101 CEST | 53 | 63978 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:43:19.421952963 CEST | 62938 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:43:19.486018896 CEST | 53 | 62938 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:43:23.231192112 CEST | 55708 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:43:23.285566092 CEST | 53 | 55708 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:43:29.205905914 CEST | 56803 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:43:29.276460886 CEST | 53 | 56803 | 8.8.8.8 | 192.168.2.3 |
Apr 6, 2021 12:43:30.403588057 CEST | 57145 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 6, 2021 12:43:30.471645117 CEST | 53 | 57145 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 6, 2021 12:40:10.189623117 CEST | 192.168.2.3 | 8.8.8.8 | 0xf3b | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 6, 2021 12:41:45.341291904 CEST | 192.168.2.3 | 8.8.8.8 | 0x53fd | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 6, 2021 12:40:10.252120018 CEST | 8.8.8.8 | 192.168.2.3 | 0xf3b | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Apr 6, 2021 12:40:10.252120018 CEST | 8.8.8.8 | 192.168.2.3 | 0xf3b | No error (0) | 172.217.23.33 | A (IP address) | IN (0x0001) | ||
Apr 6, 2021 12:41:45.547538042 CEST | 8.8.8.8 | 192.168.2.3 | 0x53fd | No error (0) | 108.179.235.108 | A (IP address) | IN (0x0001) | ||
Apr 6, 2021 12:43:18.822230101 CEST | 8.8.8.8 | 192.168.2.3 | 0x572c | No error (0) | www.tm.a.prd.aadg.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Apr 6, 2021 12:40:10.351300001 CEST | 172.217.23.33 | 443 | 192.168.2.3 | 49733 | CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Tue Mar 16 20:32:57 CET 2021 Thu Jun 15 02:00:42 CEST 2017 | Tue Jun 08 21:32:56 CEST 2021 Wed Dec 15 01:00:42 CET 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Thu Jun 15 02:00:42 CEST 2017 | Wed Dec 15 01:00:42 CET 2021 |
SMTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Apr 6, 2021 12:41:46.038834095 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 | 220-gator4253.hostgator.com ESMTP Exim 4.93 #2 Tue, 06 Apr 2021 05:41:45 -0500 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Apr 6, 2021 12:41:46.039329052 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 | EHLO 760639 |
Apr 6, 2021 12:41:46.195832014 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 | 250-gator4253.hostgator.com Hello 760639 [84.17.52.79] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP |
Apr 6, 2021 12:41:46.196239948 CEST | 49751 | 587 | 192.168.2.3 | 108.179.235.108 | STARTTLS |
Apr 6, 2021 12:41:46.355518103 CEST | 587 | 49751 | 108.179.235.108 | 192.168.2.3 | 220 TLS go ahead |
Apr 6, 2021 12:41:49.212441921 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 | 220-gator4253.hostgator.com ESMTP Exim 4.93 #2 Tue, 06 Apr 2021 05:41:49 -0500 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Apr 6, 2021 12:41:49.212722063 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 | EHLO 760639 |
Apr 6, 2021 12:41:49.373460054 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 | 250-gator4253.hostgator.com Hello 760639 [84.17.52.79] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP |
Apr 6, 2021 12:41:49.374119043 CEST | 49752 | 587 | 192.168.2.3 | 108.179.235.108 | STARTTLS |
Apr 6, 2021 12:41:49.538451910 CEST | 587 | 49752 | 108.179.235.108 | 192.168.2.3 | 220 TLS go ahead |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 12:38:32 |
Start date: | 06/04/2021 |
Path: | C:\Users\user\Desktop\ddff.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 122880 bytes |
MD5 hash: | DED56210E4491797F704B4B0525238D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Reputation: | low |
General |
---|
Start time: | 12:39:57 |
Start date: | 06/04/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xae0000 |
File size: | 64616 bytes |
MD5 hash: | 6FD7592411112729BF6B1F2F6C34899F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 12:39:58 |
Start date: | 06/04/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 15.8% |
Dynamic/Decrypted Code Coverage: | 6.6% |
Signature Coverage: | 0% |
Total number of Nodes: | 136 |
Total number of Limit Nodes: | 16 |
Graph
Executed Functions |
---|
Function 00416144, Relevance: 151.4, APIs: 82, Strings: 4, Instructions: 924COMMON
Control-flow Graph |
---|
C-Code - Quality: 55% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004174E5, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
Control-flow Graph |
---|
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414504, Relevance: .0, Instructions: 8COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 48% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004064CA, Relevance: .1, Instructions: 123COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414594, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417298, Relevance: 10.6, APIs: 7, Instructions: 81COMMON
Control-flow Graph |
---|
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004173DB, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
Control-flow Graph |
---|
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417110, Relevance: 10.6, APIs: 7, Instructions: 62COMMON
Control-flow Graph |
---|
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 12.5% |
Dynamic/Decrypted Code Coverage: | 59% |
Signature Coverage: | 24.6% |
Total number of Nodes: | 61 |
Total number of Limit Nodes: | 3 |
Graph
Executed Functions |
---|
Function 01250A70, Relevance: 9.7, APIs: 4, Strings: 1, Instructions: 976libraryCOMMON
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08809, Relevance: 1.6, APIs: 1, Instructions: 139COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08A61, Relevance: 1.6, APIs: 1, Instructions: 96nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08A89, Relevance: 1.6, APIs: 1, Instructions: 94nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08AE3, Relevance: 1.6, APIs: 1, Instructions: 90nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08ABE, Relevance: 1.6, APIs: 1, Instructions: 87nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08B14, Relevance: 1.6, APIs: 1, Instructions: 83nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08C7F, Relevance: 1.6, APIs: 1, Instructions: 81nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08B4B, Relevance: 1.6, APIs: 1, Instructions: 80nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08B77, Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08B9F, Relevance: 1.6, APIs: 1, Instructions: 75nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08BDE, Relevance: 1.6, APIs: 1, Instructions: 66nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08C54, Relevance: 1.6, APIs: 1, Instructions: 55nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08D04, Relevance: 1.5, APIs: 1, Instructions: 41nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08D2C, Relevance: 1.5, APIs: 1, Instructions: 40nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F08D6E, Relevance: 1.5, APIs: 1, Instructions: 33nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F082D9, Relevance: 1.5, APIs: 1, Instructions: 30nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F082D7, Relevance: 1.5, APIs: 1, Instructions: 15nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01250FFE, Relevance: 3.4, APIs: 2, Instructions: 437COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251043, Relevance: 3.4, APIs: 2, Instructions: 430COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251088, Relevance: 3.4, APIs: 2, Instructions: 423COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012510CD, Relevance: 3.4, APIs: 2, Instructions: 416COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251112, Relevance: 3.4, APIs: 2, Instructions: 407COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0125114E, Relevance: 3.4, APIs: 2, Instructions: 402COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251193, Relevance: 3.4, APIs: 2, Instructions: 395COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012511D8, Relevance: 3.4, APIs: 2, Instructions: 388COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0125121D, Relevance: 3.4, APIs: 2, Instructions: 381COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251262, Relevance: 3.4, APIs: 2, Instructions: 374COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012512A7, Relevance: 3.4, APIs: 2, Instructions: 367COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012512EC, Relevance: 3.4, APIs: 2, Instructions: 360COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251347, Relevance: 3.3, APIs: 2, Instructions: 349COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0125138C, Relevance: 3.3, APIs: 2, Instructions: 342COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012513D4, Relevance: 3.3, APIs: 2, Instructions: 335COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0125141C, Relevance: 3.3, APIs: 2, Instructions: 328COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251464, Relevance: 3.3, APIs: 2, Instructions: 321COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012514AC, Relevance: 3.3, APIs: 2, Instructions: 314COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012514F4, Relevance: 3.3, APIs: 2, Instructions: 307COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0125153C, Relevance: 3.3, APIs: 2, Instructions: 298COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251578, Relevance: 3.3, APIs: 2, Instructions: 291COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012515B4, Relevance: 3.3, APIs: 2, Instructions: 286COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012515FC, Relevance: 3.3, APIs: 2, Instructions: 277COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251638, Relevance: 3.3, APIs: 2, Instructions: 272COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251680, Relevance: 3.3, APIs: 2, Instructions: 265COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012516C8, Relevance: 3.3, APIs: 2, Instructions: 258COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251710, Relevance: 3.2, APIs: 2, Instructions: 249COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0125174C, Relevance: 3.2, APIs: 2, Instructions: 244COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251794, Relevance: 3.2, APIs: 2, Instructions: 237COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012517DC, Relevance: 3.2, APIs: 2, Instructions: 230COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251824, Relevance: 3.2, APIs: 2, Instructions: 221COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01251876, Relevance: 1.7, APIs: 1, Instructions: 212COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F029A8, Relevance: 1.6, APIs: 1, Instructions: 86threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F0299A, Relevance: 1.6, APIs: 1, Instructions: 76threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F03FE8, Relevance: 1.5, APIs: 1, Instructions: 25fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F03FDE, Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00F07C33, Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F07C38, Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F07C85, Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F034E3, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F06B79, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F038BB, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F061D0, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |