Analysis Report faktura.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: GuLoader |
---|
{"Payload URL": "https://drive.google.com/uc?export=download&id=14NOGnWkPLNy6theJEcWu4MGC0ytBSV3L", "Injection Process": ["RegAsm.exe", "RegSvcs.exe", "MSBuild.exe"]}
Threatname: Agenttesla |
---|
{"Username: ": "kwiG9npnHBMTywq", "URL: ": "https://kij0jMdbT7S0DxfQ.net", "To: ": "", "ByHost: ": "mail.felgui.pt:587", "Password: ": "5ghXavUhzAY", "From: ": ""}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 1 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: RegAsm connects to smtp port | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | TCP traffic: |
Source: | Code function: | 3_2_1DB2A09A |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary: |
---|
Potential malicious icon found | Show sources |
Source: | Icon embedded in PE file: |
Source: | Code function: | 0_2_022E384F | |
Source: | Code function: | 3_2_00FA33F9 | |
Source: | Code function: | 3_2_00FA384F | |
Source: | Code function: | 3_2_1DB2B0BA | |
Source: | Code function: | 3_2_1DB2B089 |
Source: | Code function: | 0_2_004015B8 | |
Source: | Code function: | 0_2_0040827D | |
Source: | Code function: | 0_2_00405950 | |
Source: | Code function: | 0_2_00406351 | |
Source: | Code function: | 0_2_022E3BD9 | |
Source: | Code function: | 3_2_00FA3BD9 | |
Source: | Code function: | 3_2_1DB2283C | |
Source: | Code function: | 3_2_1FEEB5E8 | |
Source: | Code function: | 3_2_1FEE9989 | |
Source: | Code function: | 3_2_1FEEDC90 | |
Source: | Code function: | 3_2_20B13B98 | |
Source: | Code function: | 3_2_20B145F8 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 3_2_1DB2AF3E | |
Source: | Code function: | 3_2_1DB2AF07 |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_004070FA | |
Source: | Code function: | 0_2_0040894C | |
Source: | Code function: | 0_2_00404DC4 | |
Source: | Code function: | 0_2_004053C4 | |
Source: | Code function: | 0_2_022E005E | |
Source: | Code function: | 0_2_022E016F | |
Source: | Code function: | 0_2_022E254C | |
Source: | Code function: | 0_2_022E1B61 | |
Source: | Code function: | 0_2_022E25FA | |
Source: | Code function: | 3_2_20510DDD |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Contains functionality to detect hardware virtualization (CPUID execution measurement) | Show sources |
Source: | Code function: | 3_2_00FA1E61 | |
Source: | Code function: | 3_2_00FA1872 | |
Source: | Code function: | 3_2_00FA3135 |
Detected RDTSC dummy instruction sequence (likely for instruction hammering) | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Found evasive API chain (trying to detect sleep duration tampering with parallel thread) | Show sources |
Source: | Function Chain: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Code function: | 3_2_00FA2BCE |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 3_2_00FA2BCE |
Source: | Code function: | 3_2_1FEEF950 |
Source: | Code function: | 3_2_00FA19C4 | |
Source: | Code function: | 3_2_00FA2D79 | |
Source: | Code function: | 3_2_00FA2B62 | |
Source: | Code function: | 3_2_00FA3135 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 3_2_00FA18E7 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Access Token Manipulation1 | Disable or Modify Tools11 | OS Credential Dumping2 | Query Registry1 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Process Injection112 | Virtualization/Sandbox Evasion341 | Credentials in Registry1 | Security Software Discovery731 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | DLL Side-Loading1 | Access Token Manipulation1 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection112 | NTDS | Virtualization/Sandbox Evasion341 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol112 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | Remote System Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery424 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
32% | Virustotal | Browse |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
felgui.pt | 185.31.158.175 | true | true |
| unknown |
googlehosted.l.googleusercontent.com | 216.58.215.225 | true | false | high | |
mail.felgui.pt | unknown | unknown | true | unknown | |
doc-0o-7c-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
216.58.215.225 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
185.31.158.175 | felgui.pt | Portugal | 9186 | ONILisbonPortugalPT | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 385392 |
Start date: | 12.04.2021 |
Start time: | 12:31:11 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 54s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | faktura.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.rans.troj.spyw.evad.winEXE@6/1@2/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
12:32:22 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ONILisbonPortugalPT | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.712007953970682 |
TrID: |
|
File name: | faktura.exe |
File size: | 86016 |
MD5: | 4a4501e0665974a9aee852ea13e6e7f6 |
SHA1: | 200399b39a95fa717ccd64e51c7b5515e4b1a3a7 |
SHA256: | cb4b104a48fd8927dd979c9f7381707470432540161a2be6e1eabcee470020b8 |
SHA512: | 156185f13b31304e76d486b3bad4b8e43cbae4261b96b1996d8301bdf68de6b3353f8c67dc1fdae0c84fa7100be13469bc833de906e9688e9861d475d79bdf80 |
SSDEEP: | 1536:6vUULwK+YaTMDDeDTw4F6qPRE08raVX5siZQz9:vULbaTMDiDTVZjy |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L.....t`................. ...0...............0....@................ |
File Icon |
---|
Icon Hash: | 20047c7c70f0e004 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4015b8 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x60741610 [Mon Apr 12 09:42:40 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 4ba170b6a3de0ed01456bc01eac94f5d |
Entrypoint Preview |
---|
Instruction |
---|
push 004017A8h |
call 00007FC25CDE3F43h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [esi+21B10C5Eh], al |
pushad |
mov ecx, 77AF8E44h |
in eax, dx |
cld |
dec esi |
test byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], ch |
pop edi |
sbb byte ptr [ebx], al |
push edx |
push ebp |
dec esi |
inc esp |
push esp |
push ebp |
push edx |
inc ebp |
add byte ptr [eax], cl |
inc ecx |
add byte ptr [eax], ah |
or byte ptr [ecx+00h], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
add eax, E72DE951h |
js 00007FC25CDE3EE5h |
lds eax, fword ptr [ebx-75h] |
jl 00007FC25CDE3EF4h |
call 00007FC203D81EA9h |
lahf |
dec eax |
push edi |
loopne 00007FC25CDE3EF3h |
scasb |
inc edx |
xchg eax, esi |
add dword ptr [edx+ebx*2-39h], ebx |
cmp ebx, dword ptr [ebx+6Fh] |
cmp cl, byte ptr [edi-53h] |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
inc esp |
add dword ptr [eax], eax |
add byte ptr [ebx+00h], bl |
add byte ptr [eax], al |
add byte ptr [41454700h], al |
push edx |
push ebx |
add byte ptr [46001401h], cl |
push 0000006Ch |
jc 00007FC25CDE3FB7h |
je 00007FC25CDE3FB3h |
bound ebp, dword ptr [eax+eax+00h] |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x126b4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x15000 | 0x90c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x1a8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x11d34 | 0x12000 | False | 0.45270453559 | data | 6.23295630947 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x13000 | 0x12e8 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x15000 | 0x90c | 0x1000 | False | 0.168701171875 | data | 1.97869504775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x157dc | 0x130 | data | ||
RT_ICON | 0x154f4 | 0x2e8 | data | ||
RT_ICON | 0x153cc | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x1539c | 0x30 | data | ||
RT_VERSION | 0x15150 | 0x24c | data | Chinese | Taiwan |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaRecDestruct, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaCyStr, __vbaFpR8, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, __vbaRecUniToAnsi, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaInStrVar, _CIlog, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaLateMemCall, __vbaStrToAnsi, __vbaVarDup, __vbaFpI4, __vbaRecDestructAnsi, _CIatan, __vbaStrMove, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0404 0x04b0 |
InternalName | lnoverfrslers |
FileVersion | 1.00 |
CompanyName | Pixar |
ProductName | Pixar |
ProductVersion | 1.00 |
FileDescription | Pixar |
OriginalFilename | lnoverfrslers.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | Taiwan |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 12, 2021 12:32:15.428812981 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.475714922 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.475919008 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.477658033 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.524838924 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.538342953 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.538431883 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.538475990 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.538479090 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.538513899 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.538573980 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.538661003 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.557836056 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.603912115 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.604077101 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.606158018 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.656802893 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.870677948 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.870723963 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.870759010 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.870798111 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.870835066 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.870857000 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.870887041 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.870985985 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.874026060 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.874059916 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.874135971 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.874221087 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.877454996 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.877489090 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.877572060 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.877629042 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.880759954 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.880808115 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.880873919 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.880923033 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.884094000 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.884135008 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.884222031 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.884264946 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.886877060 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.886918068 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.887021065 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.887075901 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.916469097 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.916526079 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.916574001 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.916609049 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.918062925 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.918106079 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.918311119 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.921478033 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.921519041 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.921610117 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.921653032 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.924873114 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.924913883 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.924974918 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.925035954 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.928263903 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.928308964 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.928371906 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.928411961 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.931653976 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.931699991 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.931754112 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.931796074 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.935044050 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.935087919 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.935211897 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.935323954 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.938543081 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.938591003 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.938632011 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.938676119 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.941643953 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.941692114 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.944766998 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.944813013 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.947479963 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.947531939 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.949839115 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.951750040 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.951780081 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.951850891 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.951878071 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.954535961 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.954562902 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.954689026 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.956168890 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.956199884 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.956302881 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.958982944 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.959080935 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.959095955 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.959163904 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.962201118 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.962245941 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.962346077 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.962385893 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.964082956 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.964215040 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.964242935 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.964459896 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.966075897 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.966114998 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.966160059 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.966187000 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.968053102 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.968097925 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.968173981 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.968204975 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.970046043 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.970088005 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.970128059 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.970169067 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.972073078 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.972117901 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.972140074 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.972177982 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.974195957 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.974239111 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.974256039 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.974282026 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.976084948 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.976128101 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.976150036 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.976174116 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.988744020 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.988801956 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.988838911 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.988867044 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.989187956 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.989231110 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.989249945 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.989285946 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.990650892 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.990710020 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.990720987 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.990753889 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.991200924 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.991246939 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.991261959 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.991322041 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.991357088 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.991414070 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.991421938 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.991468906 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.991782904 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.991846085 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.991847038 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.991889954 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.991890907 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.991929054 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.991944075 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.991978884 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.992207050 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.992250919 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.992252111 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.992295980 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.996016026 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.996062040 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.996087074 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.996115923 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.997364044 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.997436047 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.997436047 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.997508049 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.998528957 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.998570919 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:15.998589039 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:15.998620033 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.001594067 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.001637936 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.001663923 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.001713037 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.003261089 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.003307104 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.003350019 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.003376007 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.007026911 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.007071018 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.007150888 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.007178068 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.007227898 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.007268906 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.007289886 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.007347107 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.011231899 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.011276960 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.011297941 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.011337996 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.012242079 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.012284994 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.012353897 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.012428999 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.012923002 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.012964964 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.012995005 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.013029099 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.013237000 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.013278008 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.013339043 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.013364077 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.013473034 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.013513088 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.013560057 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.013596058 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.014565945 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.014607906 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.014636993 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.014661074 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.015522003 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.015562057 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.015620947 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.015635014 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.016419888 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.016460896 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.016496897 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.016513109 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.017556906 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.017596006 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.017683983 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.017719030 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.018516064 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.018556118 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.018614054 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.018640041 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.019536018 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.019577980 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.019650936 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.019671917 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.020508051 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.020550966 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.020623922 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.020652056 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.021452904 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.021497011 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.021531105 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.021563053 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.022384882 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.022430897 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.022460938 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.022495031 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.023740053 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.023782969 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.023859978 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.023890018 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.024517059 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.024580002 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.024656057 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.024698973 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.025249958 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.025290966 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.025352955 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.025424004 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.026221037 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.026279926 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.026329041 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.026376009 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.027177095 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.027219057 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.027266026 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.027308941 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.027970076 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.028011084 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.028068066 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.028126001 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.028923035 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.028964043 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.029014111 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.029057980 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.029977083 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.030016899 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.030086994 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.030145884 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.030772924 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.030813932 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.030875921 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.030910969 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.034375906 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.034420967 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.034440994 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.034509897 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.034812927 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.034868956 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.034881115 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.034921885 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.035851002 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.035893917 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.035949945 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.035968065 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.036643982 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.036708117 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.036712885 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.036771059 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.037652969 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.037728071 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.037734985 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.037790060 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.038497925 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.038566113 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.038577080 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.038631916 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.039484024 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.039525986 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.039556980 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.039614916 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.040312052 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.040352106 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.040391922 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.040416956 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.043664932 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.043713093 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.043735027 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.043816090 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.044699907 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.044749022 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.044766903 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.044806004 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.045367002 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.045428991 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.045444965 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.045500994 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.047463894 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.047503948 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.047545910 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.047565937 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.048329115 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.048384905 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.048486948 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.049060106 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.049101114 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.049124956 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.049165010 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.049905062 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.049954891 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.049981117 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.050014973 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.050568104 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.050616980 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.050648928 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.050683022 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.051127911 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.051177025 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.051197052 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.051234961 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.051755905 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.051784992 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:32:16.051884890 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:32:16.051948071 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:33:44.371263027 CEST | 49773 | 587 | 192.168.2.4 | 185.31.158.175 |
Apr 12, 2021 12:33:44.468743086 CEST | 587 | 49773 | 185.31.158.175 | 192.168.2.4 |
Apr 12, 2021 12:33:44.468956947 CEST | 49773 | 587 | 192.168.2.4 | 185.31.158.175 |
Apr 12, 2021 12:33:44.695185900 CEST | 587 | 49773 | 185.31.158.175 | 192.168.2.4 |
Apr 12, 2021 12:33:44.695745945 CEST | 49773 | 587 | 192.168.2.4 | 185.31.158.175 |
Apr 12, 2021 12:33:44.697076082 CEST | 49773 | 587 | 192.168.2.4 | 185.31.158.175 |
Apr 12, 2021 12:33:44.792510986 CEST | 587 | 49773 | 185.31.158.175 | 192.168.2.4 |
Apr 12, 2021 12:33:44.792642117 CEST | 49773 | 587 | 192.168.2.4 | 185.31.158.175 |
Apr 12, 2021 12:33:44.793549061 CEST | 587 | 49773 | 185.31.158.175 | 192.168.2.4 |
Apr 12, 2021 12:33:44.793633938 CEST | 49773 | 587 | 192.168.2.4 | 185.31.158.175 |
Apr 12, 2021 12:33:44.794102907 CEST | 587 | 49773 | 185.31.158.175 | 192.168.2.4 |
Apr 12, 2021 12:33:44.794173002 CEST | 49773 | 587 | 192.168.2.4 | 185.31.158.175 |
Apr 12, 2021 12:34:04.058017015 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
Apr 12, 2021 12:34:04.103636026 CEST | 443 | 49742 | 216.58.215.225 | 192.168.2.4 |
Apr 12, 2021 12:34:04.103874922 CEST | 49742 | 443 | 192.168.2.4 | 216.58.215.225 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 12, 2021 12:31:48.197839022 CEST | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:31:48.247685909 CEST | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:31:48.521337986 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:31:48.570025921 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:31:48.738893032 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:31:48.787513971 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:31:54.372689009 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:31:54.422895908 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:31:55.477492094 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:31:55.529230118 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:31:56.647651911 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:31:56.709515095 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:31:57.860956907 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:31:57.911808968 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:31:58.980928898 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:31:59.037889957 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:00.471754074 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:00.532522917 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:01.508951902 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:01.557921886 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:03.459892988 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:03.513540983 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:05.327303886 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:05.384478092 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:07.583515882 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:07.632533073 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:08.685651064 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:08.738821030 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:09.854979992 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:09.903726101 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:14.041749001 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:14.098901033 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:14.224805117 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:14.289911985 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:15.361759901 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:15.410377026 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:15.426651001 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:15.459176064 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:18.012386084 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:18.064095020 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:24.734566927 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:24.795698881 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:31.120017052 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:31.170082092 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:32.186961889 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:32.246851921 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:35.226739883 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:35.276806116 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:36.511339903 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:36.564383984 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:37.576410055 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:37.695224047 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:38.229449034 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:38.289577007 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:38.720961094 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:38.793565989 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:38.850287914 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:38.998446941 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:39.472543955 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:39.532144070 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:40.102365017 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:40.160980940 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:40.685070992 CEST | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:40.768840075 CEST | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:41.344455004 CEST | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:41.470510960 CEST | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:42.314495087 CEST | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:42.364402056 CEST | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:43.230549097 CEST | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:43.289160967 CEST | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:43.710417986 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:43.782314062 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:43.841063023 CEST | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:43.912854910 CEST | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:53.730091095 CEST | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:53.783735037 CEST | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:53.892374039 CEST | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:53.962152958 CEST | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:32:56.057111979 CEST | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:32:56.118586063 CEST | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:33:28.757922888 CEST | 50904 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:33:28.806732893 CEST | 53 | 50904 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:33:30.481461048 CEST | 57525 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:33:30.546253920 CEST | 53 | 57525 | 8.8.8.8 | 192.168.2.4 |
Apr 12, 2021 12:33:44.203052998 CEST | 53814 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 12, 2021 12:33:44.354367971 CEST | 53 | 53814 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 12, 2021 12:32:15.361759901 CEST | 192.168.2.4 | 8.8.8.8 | 0x31f0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 12, 2021 12:33:44.203052998 CEST | 192.168.2.4 | 8.8.8.8 | 0x1826 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 12, 2021 12:32:15.426651001 CEST | 8.8.8.8 | 192.168.2.4 | 0x31f0 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Apr 12, 2021 12:32:15.426651001 CEST | 8.8.8.8 | 192.168.2.4 | 0x31f0 | No error (0) | 216.58.215.225 | A (IP address) | IN (0x0001) | ||
Apr 12, 2021 12:33:44.354367971 CEST | 8.8.8.8 | 192.168.2.4 | 0x1826 | No error (0) | felgui.pt | CNAME (Canonical name) | IN (0x0001) | ||
Apr 12, 2021 12:33:44.354367971 CEST | 8.8.8.8 | 192.168.2.4 | 0x1826 | No error (0) | 185.31.158.175 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Apr 12, 2021 12:32:15.538513899 CEST | 216.58.215.225 | 443 | 192.168.2.4 | 49742 | CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Tue Mar 16 20:32:57 CET 2021 Thu Jun 15 02:00:42 CEST 2017 | Tue Jun 08 21:32:56 CEST 2021 Wed Dec 15 01:00:42 CET 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Thu Jun 15 02:00:42 CEST 2017 | Wed Dec 15 01:00:42 CET 2021 |
SMTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Apr 12, 2021 12:33:44.695185900 CEST | 587 | 49773 | 185.31.158.175 | 192.168.2.4 | 220-servidor3.scpdpi.pt ESMTP Exim 4.94 #2 Mon, 12 Apr 2021 11:33:44 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Apr 12, 2021 12:33:44.695745945 CEST | 49773 | 587 | 192.168.2.4 | 185.31.158.175 | EHLO 715575 |
Apr 12, 2021 12:33:44.792510986 CEST | 587 | 49773 | 185.31.158.175 | 192.168.2.4 | 250-servidor3.scpdpi.pt Hello 715575 [84.17.52.3] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-X_PIPE_CONNECT 250-STARTTLS 250 HELP |
Apr 12, 2021 12:33:44.793549061 CEST | 587 | 49773 | 185.31.158.175 | 192.168.2.4 | 421 servidor3.scpdpi.pt lost input connection |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 12:31:55 |
Start date: | 12/04/2021 |
Path: | C:\Users\user\Desktop\faktura.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 86016 bytes |
MD5 hash: | 4A4501E0665974A9AEE852EA13E6E7F6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Reputation: | low |
General |
---|
Start time: | 12:32:03 |
Start date: | 12/04/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x310000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:32:03 |
Start date: | 12/04/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbd0000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 12:32:04 |
Start date: | 12/04/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 004015B8, Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 477COMMONCrypto
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EFC1, Relevance: 154.9, APIs: 81, Strings: 7, Instructions: 905COMMON
C-Code - Quality: 54% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411AAE, Relevance: 149.5, APIs: 80, Strings: 5, Instructions: 720COMMON
C-Code - Quality: 51% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FEDD, Relevance: 138.9, APIs: 77, Strings: 2, Instructions: 639COMMON
C-Code - Quality: 52% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408409, Relevance: 1.5, APIs: 1, Instructions: 286COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004083B2, Relevance: 1.5, APIs: 1, Instructions: 231COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408499, Relevance: 1.4, APIs: 1, Instructions: 185COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004086D8, Relevance: 1.3, APIs: 1, Instructions: 91memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408776, Relevance: 1.3, APIs: 1, Instructions: 88memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040872B, Relevance: 1.3, APIs: 1, Instructions: 79memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00405950, Relevance: .1, Instructions: 121COMMONCrypto
C-Code - Quality: 21% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022E3BD9, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406351, Relevance: .0, Instructions: 40COMMONCrypto
C-Code - Quality: 67% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041098C, Relevance: 119.5, APIs: 65, Strings: 3, Instructions: 497COMMON
C-Code - Quality: 46% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 54% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041164C, Relevance: 40.8, APIs: 27, Instructions: 263COMMON
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00FA1E61, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B13B98, Relevance: 2.0, Strings: 1, Instructions: 746COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA384F, Relevance: 1.6, APIs: 1, Instructions: 97nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2AF07, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2B089, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2AF3E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2B0BA, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA33F9, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B145F8, Relevance: .3, Instructions: 288COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE30C0, Relevance: 24.0, APIs: 10, Strings: 3, Instructions: 1230librarywindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE30F0, Relevance: 19.9, APIs: 10, Strings: 1, Instructions: 696librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3150, Relevance: 18.2, APIs: 9, Strings: 1, Instructions: 683librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE31A4, Relevance: 18.2, APIs: 9, Strings: 1, Instructions: 673librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE31F8, Relevance: 18.2, APIs: 9, Strings: 1, Instructions: 663librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE324C, Relevance: 18.2, APIs: 9, Strings: 1, Instructions: 653librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE32A0, Relevance: 18.1, APIs: 9, Strings: 1, Instructions: 643librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE32F4, Relevance: 18.1, APIs: 9, Strings: 1, Instructions: 633librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3348, Relevance: 18.1, APIs: 9, Strings: 1, Instructions: 621librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3393, Relevance: 18.1, APIs: 9, Strings: 1, Instructions: 613librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE33E7, Relevance: 18.1, APIs: 9, Strings: 1, Instructions: 603librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE343B, Relevance: 18.1, APIs: 9, Strings: 1, Instructions: 593librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE348F, Relevance: 18.1, APIs: 9, Strings: 1, Instructions: 583librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE34E3, Relevance: 18.1, APIs: 9, Strings: 1, Instructions: 573librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3537, Relevance: 18.1, APIs: 9, Strings: 1, Instructions: 563librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE358B, Relevance: 18.1, APIs: 9, Strings: 1, Instructions: 553librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE35DF, Relevance: 18.0, APIs: 9, Strings: 1, Instructions: 543librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3633, Relevance: 18.0, APIs: 9, Strings: 1, Instructions: 533librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3687, Relevance: 18.0, APIs: 9, Strings: 1, Instructions: 521librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE36D2, Relevance: 18.0, APIs: 9, Strings: 1, Instructions: 513librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3726, Relevance: 18.0, APIs: 9, Strings: 1, Instructions: 501librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3771, Relevance: 18.0, APIs: 9, Strings: 1, Instructions: 493librarywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE37C5, Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 483libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3819, Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 471libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3864, Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 463libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE38B8, Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 453libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE390C, Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 441libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3957, Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 433libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE39AB, Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 423libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3A02, Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 413libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3A59, Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 403libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3AB0, Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 391libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA117C, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 405threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3F25, Relevance: 4.7, APIs: 3, Instructions: 223COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3F7C, Relevance: 4.7, APIs: 3, Instructions: 213COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE3FD3, Relevance: 4.7, APIs: 3, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE402A, Relevance: 4.7, APIs: 3, Instructions: 193COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE408D, Relevance: 4.7, APIs: 3, Instructions: 180COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA114F, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 89threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE40E4, Relevance: 3.2, APIs: 2, Instructions: 170COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE413B, Relevance: 3.2, APIs: 2, Instructions: 160COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE4192, Relevance: 3.2, APIs: 2, Instructions: 150COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20512504, Relevance: 3.1, APIs: 2, Instructions: 113synchronizationCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2247D, Relevance: 2.8, Strings: 2, Instructions: 341COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE64E8, Relevance: 1.8, APIs: 1, Instructions: 261COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1FEE41E9, Relevance: 1.6, APIs: 1, Instructions: 140COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20510E82, Relevance: 1.6, APIs: 1, Instructions: 105COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 2051285B, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20510C48, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20511EC0, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2B464, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20512158, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 2051288A, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2A120, Relevance: 1.6, APIs: 1, Instructions: 82fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2B55D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2B654, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 205125E8, Relevance: 1.6, APIs: 1, Instructions: 79timeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20512076, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20510C6A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20511EE6, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20512A3A, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 2051104A, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20512DD4, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2ACEF, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2AAFB, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20512096, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2B58A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20512196, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20511BA3, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20512612, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2B4A2, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2A836, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2A78B, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 2051106A, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20512A6A, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 2051168E, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20512542, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20512E0A, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2A44B, Relevance: 1.6, APIs: 1, Instructions: 54comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2AD22, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20510EDA, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2B6AA, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2A172, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2A7B2, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2AB2E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20511BE2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 205116BA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2A47A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB2A876, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA1C2F, Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B14CE9, Relevance: 1.5, Strings: 1, Instructions: 231COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B14CF8, Relevance: 1.5, Strings: 1, Instructions: 227COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B13B88, Relevance: 1.4, Strings: 1, Instructions: 199COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B14548, Relevance: 1.4, Strings: 1, Instructions: 123COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB0025D, Relevance: .4, Instructions: 424COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B130F0, Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B15390, Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B1501D, Relevance: .3, Instructions: 281COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B134E8, Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B13548, Relevance: .3, Instructions: 251COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B13918, Relevance: .2, Instructions: 181COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B138B8, Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20522F8A, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B12FC1, Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 205239FC, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB0075C, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B12FD0, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 205238A0, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB005CF, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B152DE, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB0075B, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB00818, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB005F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20523A67, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20523313, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20522FFF, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 205238EF, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 20B1302F, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB223F4, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DB223BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00FA3135, Relevance: .2, Instructions: 241COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA2D79, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA19C4, Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA2B62, Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |