Windows Analysis Report 72CA3E2F8479A075C8E089F543F79C4F1CF868D66D327.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Njrat |
---|
{"Host": "System.exe", "Port": "13467", "Mutex": "9156ea52d892a71a5c604fdd4141de82", "Registry Value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Campaign ID": "HacKed", "Version": "im523", "Network Seprator": "|'|'|"}
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
njrat1 | Identify njRat | Brian Wallace @botnet_hunter |
|
Dropped Files |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
njrat1 | Identify njRat | Brian Wallace @botnet_hunter |
| |
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
njrat1 | Identify njRat | Brian Wallace @botnet_hunter |
| |
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
Click to see the 1 entries |
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
njrat1 | Identify njRat | Brian Wallace @botnet_hunter |
| |
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
njrat1 | Identify njRat | Brian Wallace @botnet_hunter |
| |
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
Click to see the 26 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
njrat1 | Identify njRat | Brian Wallace @botnet_hunter |
| |
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
njrat1 | Identify njRat | Brian Wallace @botnet_hunter |
| |
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
Click to see the 21 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Netsh Port or Application Allowed | Show sources |
Source: | Author: Markus Neis, Sander Wiebing: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Sigma detected: Drops fake system file at system root drive | Show sources |
Source: | Author: Joe Security: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Yara detected Njrat | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Antivirus detection for dropped file | Show sources |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Spreading: |
---|
Creates autorun.inf (USB autostart) | Show sources |
Source: | File created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Connects to many ports of the same IP (likely port scanning) | Show sources |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality to log keystrokes (.Net Source) | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
E-Banking Fraud: |
---|
Yara detected Njrat | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Operating System Destruction: |
---|
Protects its processes via BreakOnTermination flag | Show sources |
Source: | Process information set: | Jump to behavior |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00846B5E | |
Source: | Code function: | 4_2_00C76B5E | |
Source: | Code function: | 9_2_00F56B5E | |
Source: | Code function: | 11_2_00056B5E | |
Source: | Code function: | 12_2_00516B5E |
Source: | Code function: | 4_2_057E026A | |
Source: | Code function: | 4_2_057E0032 | |
Source: | Code function: | 4_2_057E022F | |
Source: | Code function: | 4_2_057E0007 |
Source: | Binary or memory string: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 9_2_016126C2 | |
Source: | Code function: | 11_2_009226C2 | |
Source: | Code function: | 12_2_00E126C2 |
Persistence and Installation Behavior: |
---|
Drops PE files with benign system names | Show sources |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Drops PE files to the startup folder | Show sources |
Source: | File created: | Jump to dropped file |
Creates autostart registry keys with suspicious names | Show sources |
Source: | Registry value created or modified: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
.NET source code references suspicious native API functions | Show sources |
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Uses netsh to modify the Windows network and firewall settings | Show sources |
Source: | Process created: |
Modifies the windows firewall | Show sources |
Source: | Process created: |
Stealing of Sensitive Information: |
---|
Yara detected Njrat | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Detected njRat | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Yara detected Njrat | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Replication Through Removable Media11 | Native API1 | Registry Run Keys / Startup Folder221 | Process Injection12 | Masquerading11 | Input Capture11 | Security Software Discovery11 | Replication Through Removable Media11 | Input Capture11 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Registry Run Keys / Startup Folder221 | Disable or Modify Tools21 | LSASS Memory | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion21 | Security Account Manager | Virtualization/Sandbox Evasion21 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Remote Access Software1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection12 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | Peripheral Device Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol11 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Software Packing11 | Cached Domain Credentials | Remote System Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | File and Directory Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Information Discovery12 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
77% | Virustotal | Browse | ||
86% | Metadefender | Browse | ||
95% | ReversingLabs | ByteCode-MSIL.Backdoor.Bladabhindi | ||
100% | Avira | TR/ATRAPS.Gen | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/ATRAPS.Gen | ||
100% | Avira | TR/ATRAPS.Gen | ||
100% | Avira | TR/ATRAPS.Gen | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
77% | Virustotal | Browse | ||
86% | Metadefender | Browse | ||
95% | ReversingLabs | ByteCode-MSIL.Backdoor.Bladabhindi | ||
77% | Virustotal | Browse | ||
86% | Metadefender | Browse | ||
95% | ReversingLabs | ByteCode-MSIL.Backdoor.Bladabhindi | ||
77% | Virustotal | Browse | ||
86% | Metadefender | Browse | ||
95% | ReversingLabs | ByteCode-MSIL.Backdoor.Bladabhindi |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
14% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
0.tcp.ngrok.io | 3.17.7.232 | true | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
3.134.125.175 | unknown | United States | 16509 | AMAZON-02US | true | |
3.17.7.232 | 0.tcp.ngrok.io | United States | 16509 | AMAZON-02US | true | |
3.22.30.40 | unknown | United States | 16509 | AMAZON-02US | true | |
3.14.182.203 | unknown | United States | 16509 | AMAZON-02US | true | |
3.13.191.225 | unknown | United States | 16509 | AMAZON-02US | true |
Private |
---|
IP |
---|
192.168.2.1 |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 553248 |
Start date: | 14.01.2022 |
Start time: | 14:54:23 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 72CA3E2F8479A075C8E089F543F79C4F1CF868D66D327.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 27 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.spre.troj.adwa.spyw.evad.winEXE@9/10@42/6 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
14:55:43 | Autostart | |
14:55:51 | Autostart | |
14:55:59 | Autostart | |
14:56:07 | Autostart |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
3.134.125.175 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
3.17.7.232 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
0.tcp.ngrok.io | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AMAZON-02US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
AMAZON-02US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
AMAZON-02US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\72CA3E2F8479A075C8E089F543F79C4F1CF868D66D327.exe |
File Type: | |
Category: | modified |
Size (bytes): | 525 |
Entropy (8bit): | 5.2874233355119316 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk7v:MLF20NaL3z2p29hJ5g522r0 |
MD5: | 80EFBEC081D7836D240503C4C9465FEC |
SHA1: | 6AF398E08A359457083727BAF296445030A55AC3 |
SHA-256: | C73F730EB5E05D15FAD6BE10AB51FE4D8A80B5E88B89D8BC80CC1DF09ACE1523 |
SHA-512: | DEC3B1D9403894418AFD4433629CA6476C7BD359963328D17B93283B52EEC18B3725D2F02F0E9A142E705398DDDCE244D53829570E9DE1A87060A7DABFDCE5B3 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\AppData\Roaming\System.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 525 |
Entropy (8bit): | 5.2874233355119316 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk7v:MLF20NaL3z2p29hJ5g522r0 |
MD5: | 80EFBEC081D7836D240503C4C9465FEC |
SHA1: | 6AF398E08A359457083727BAF296445030A55AC3 |
SHA-256: | C73F730EB5E05D15FAD6BE10AB51FE4D8A80B5E88B89D8BC80CC1DF09ACE1523 |
SHA-512: | DEC3B1D9403894418AFD4433629CA6476C7BD359963328D17B93283B52EEC18B3725D2F02F0E9A142E705398DDDCE244D53829570E9DE1A87060A7DABFDCE5B3 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\AppData\Roaming\System.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 37888 |
Entropy (8bit): | 5.575659694964963 |
Encrypted: | false |
SSDEEP: | 384:3IhqBkiyrnDNGRn5IyUv6IzfDhW/6wFbbrAF+rMRTyN/0L+EcoinblneHQM3epz3:If5M5jUvPzQCw1rM+rMRa8Nu1pt |
MD5: | 70ACA878BFAAC1EAF7019EDDD97FC877 |
SHA1: | 4997C055B582C71CBB3863C9523986B51A339797 |
SHA-256: | 72CA3E2F8479A075C8E089F543F79C4F1CF868D66D3272B2E6B0F0FDED1BDB60 |
SHA-512: | 17BEDCD516BA8F18B5E4D8A2A8C9D1B6E95BE2158D654B3B15FE2D379CDCE682C609801E1B5C01487FA732EF1591D7CDE1460448FFD4FFE8A50F6C3C82CB36C2 |
Malicious: | true |
Yara Hits: |
|
Antivirus: | |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\AppData\Roaming\System.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\72CA3E2F8479A075C8E089F543F79C4F1CF868D66D327.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 37888 |
Entropy (8bit): | 5.575659694964963 |
Encrypted: | false |
SSDEEP: | 384:3IhqBkiyrnDNGRn5IyUv6IzfDhW/6wFbbrAF+rMRTyN/0L+EcoinblneHQM3epz3:If5M5jUvPzQCw1rM+rMRa8Nu1pt |
MD5: | 70ACA878BFAAC1EAF7019EDDD97FC877 |
SHA1: | 4997C055B582C71CBB3863C9523986B51A339797 |
SHA-256: | 72CA3E2F8479A075C8E089F543F79C4F1CF868D66D3272B2E6B0F0FDED1BDB60 |
SHA-512: | 17BEDCD516BA8F18B5E4D8A2A8C9D1B6E95BE2158D654B3B15FE2D379CDCE682C609801E1B5C01487FA732EF1591D7CDE1460448FFD4FFE8A50F6C3C82CB36C2 |
Malicious: | true |
Yara Hits: |
|
Antivirus: | |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\72CA3E2F8479A075C8E089F543F79C4F1CF868D66D327.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\AppData\Roaming\System.exe |
File Type: | |
Category: | modified |
Size (bytes): | 50 |
Entropy (8bit): | 4.320240000427043 |
Encrypted: | false |
SSDEEP: | 3:It1KV2LKMACovK0x:e1KzxvD |
MD5: | 5B0B50BADE67C5EC92D42E971287A5D9 |
SHA1: | 90D5C99143E7A56AD6E5EE401015F8ECC093D95A |
SHA-256: | 04DDE2489D2D2E6846D42250D813AB90B5CA847D527F8F2C022E6C327DC6DB53 |
SHA-512: | C064DC3C4185A38D1CAEBD069ACB9FDBB85DFB650D6A241036E501A09BC89FD06E267BE9D400D20E6C14B4068473D1C6557962E8D82FDFD191DB7EABB6E66821 |
Malicious: | true |
Preview: |
|
Process: | C:\Users\user\AppData\Roaming\System.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 37888 |
Entropy (8bit): | 5.575659694964963 |
Encrypted: | false |
SSDEEP: | 384:3IhqBkiyrnDNGRn5IyUv6IzfDhW/6wFbbrAF+rMRTyN/0L+EcoinblneHQM3epz3:If5M5jUvPzQCw1rM+rMRa8Nu1pt |
MD5: | 70ACA878BFAAC1EAF7019EDDD97FC877 |
SHA1: | 4997C055B582C71CBB3863C9523986B51A339797 |
SHA-256: | 72CA3E2F8479A075C8E089F543F79C4F1CF868D66D3272B2E6B0F0FDED1BDB60 |
SHA-512: | 17BEDCD516BA8F18B5E4D8A2A8C9D1B6E95BE2158D654B3B15FE2D379CDCE682C609801E1B5C01487FA732EF1591D7CDE1460448FFD4FFE8A50F6C3C82CB36C2 |
Malicious: | true |
Yara Hits: |
|
Antivirus: | |
Preview: |
|
Process: | C:\Users\user\AppData\Roaming\System.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\SysWOW64\netsh.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 313 |
Entropy (8bit): | 4.971939296804078 |
Encrypted: | false |
SSDEEP: | 6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha |
MD5: | 689E2126A85BF55121488295EE068FA1 |
SHA1: | 09BAAA253A49D80C18326DFBCA106551EBF22DD6 |
SHA-256: | D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25 |
SHA-512: | C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.575659694964963 |
TrID: |
|
File name: | 72CA3E2F8479A075C8E089F543F79C4F1CF868D66D327.exe |
File size: | 37888 |
MD5: | 70aca878bfaac1eaf7019eddd97fc877 |
SHA1: | 4997c055b582c71cbb3863c9523986b51a339797 |
SHA256: | 72ca3e2f8479a075c8e089f543f79c4f1cf868d66d3272b2e6b0f0fded1bdb60 |
SHA512: | 17bedcd516ba8f18b5e4d8a2a8c9d1b6e95be2158d654b3b15fe2d379cdce682c609801e1b5c01487fa732ef1591d7cde1460448ffd4ffe8a50f6c3c82cb36c2 |
SSDEEP: | 384:3IhqBkiyrnDNGRn5IyUv6IzfDhW/6wFbbrAF+rMRTyN/0L+EcoinblneHQM3epz3:If5M5jUvPzQCw1rM+rMRa8Nu1pt |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.`................................. ........@.. ....................................@................................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x40abbe |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x60AB6F12 [Mon May 24 09:17:06 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v2.0.50727 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xab70 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc000 | 0x240 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x8bc4 | 0x8c00 | False | 0.463895089286 | data | 5.60730804361 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xc000 | 0x240 | 0x400 | False | 0.3134765625 | data | 4.96877165952 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xe000 | 0xc | 0x200 | False | 0.044921875 | data | 0.0815394123432 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_MANIFEST | 0xc058 | 0x1e7 | XML 1.0 document, ASCII text, with CRLF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
01/14/22-14:55:46.343993 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49753 | 13467 | 192.168.2.3 | 3.17.7.232 |
01/14/22-14:55:48.595556 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 60784 | 8.8.8.8 | 192.168.2.3 |
01/14/22-14:55:48.762801 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49754 | 13467 | 192.168.2.3 | 3.17.7.232 |
01/14/22-14:55:51.454912 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49755 | 13467 | 192.168.2.3 | 3.17.7.232 |
01/14/22-14:55:54.224128 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49758 | 13467 | 192.168.2.3 | 3.17.7.232 |
01/14/22-14:55:57.123895 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49759 | 13467 | 192.168.2.3 | 3.14.182.203 |
01/14/22-14:56:00.006211 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49760 | 13467 | 192.168.2.3 | 3.13.191.225 |
01/14/22-14:56:03.177148 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49761 | 13467 | 192.168.2.3 | 3.14.182.203 |
01/14/22-14:56:05.935422 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 55102 | 8.8.8.8 | 192.168.2.3 |
01/14/22-14:56:06.098596 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49762 | 13467 | 192.168.2.3 | 3.14.182.203 |
01/14/22-14:56:08.812231 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 56236 | 8.8.8.8 | 192.168.2.3 |
01/14/22-14:56:08.974929 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49763 | 13467 | 192.168.2.3 | 3.14.182.203 |
01/14/22-14:56:11.736334 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 49559 | 8.8.8.8 | 192.168.2.3 |
01/14/22-14:56:11.904970 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49765 | 13467 | 192.168.2.3 | 3.22.30.40 |
01/14/22-14:56:14.639656 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49767 | 13467 | 192.168.2.3 | 3.14.182.203 |
01/14/22-14:56:17.749487 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49770 | 13467 | 192.168.2.3 | 3.14.182.203 |
01/14/22-14:56:20.375566 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49771 | 13467 | 192.168.2.3 | 3.17.7.232 |
01/14/22-14:56:23.288901 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49773 | 13467 | 192.168.2.3 | 3.22.30.40 |
01/14/22-14:56:26.086507 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49778 | 13467 | 192.168.2.3 | 3.17.7.232 |
01/14/22-14:56:28.732206 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49799 | 13467 | 192.168.2.3 | 3.17.7.232 |
01/14/22-14:56:31.478555 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49803 | 13467 | 192.168.2.3 | 3.22.30.40 |
01/14/22-14:56:34.195822 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49813 | 13467 | 192.168.2.3 | 3.14.182.203 |
01/14/22-14:56:36.993737 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49816 | 13467 | 192.168.2.3 | 3.14.182.203 |
01/14/22-14:56:39.740921 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49818 | 13467 | 192.168.2.3 | 3.134.125.175 |
01/14/22-14:56:42.427424 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49819 | 13467 | 192.168.2.3 | 3.17.7.232 |
01/14/22-14:56:45.091298 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49820 | 13467 | 192.168.2.3 | 3.17.7.232 |
01/14/22-14:56:47.745365 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49821 | 13467 | 192.168.2.3 | 3.22.30.40 |
01/14/22-14:56:50.337717 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 50824 | 8.8.8.8 | 192.168.2.3 |
01/14/22-14:56:50.506419 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49822 | 13467 | 192.168.2.3 | 3.14.182.203 |
01/14/22-14:56:53.280011 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49823 | 13467 | 192.168.2.3 | 3.134.125.175 |
01/14/22-14:56:55.918054 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 62855 | 8.8.8.8 | 192.168.2.3 |
01/14/22-14:56:56.085319 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49825 | 13467 | 192.168.2.3 | 3.14.182.203 |
01/14/22-14:56:58.776496 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49826 | 13467 | 192.168.2.3 | 3.22.30.40 |
01/14/22-14:57:01.289281 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 49290 | 8.8.8.8 | 192.168.2.3 |
01/14/22-14:57:01.456784 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49840 | 13467 | 192.168.2.3 | 3.22.30.40 |
01/14/22-14:57:04.185000 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49851 | 13467 | 192.168.2.3 | 3.14.182.203 |
01/14/22-14:57:06.846067 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49852 | 13467 | 192.168.2.3 | 3.134.125.175 |
01/14/22-14:57:09.672363 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49857 | 13467 | 192.168.2.3 | 3.22.30.40 |
01/14/22-14:57:12.379810 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49858 | 13467 | 192.168.2.3 | 3.134.125.175 |
01/14/22-14:57:15.052356 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49859 | 13467 | 192.168.2.3 | 3.13.191.225 |
01/14/22-14:57:17.712854 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49860 | 13467 | 192.168.2.3 | 3.13.191.225 |
01/14/22-14:57:20.383404 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49861 | 13467 | 192.168.2.3 | 3.134.125.175 |
01/14/22-14:57:23.134241 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49862 | 13467 | 192.168.2.3 | 3.14.182.203 |
01/14/22-14:57:25.811740 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49864 | 13467 | 192.168.2.3 | 3.134.125.175 |
01/14/22-14:57:28.851831 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49865 | 13467 | 192.168.2.3 | 3.22.30.40 |
01/14/22-14:57:31.155906 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49866 | 13467 | 192.168.2.3 | 3.22.30.40 |
01/14/22-14:57:33.794104 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49867 | 13467 | 192.168.2.3 | 3.13.191.225 |
01/14/22-14:57:36.531249 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49868 | 13467 | 192.168.2.3 | 3.13.191.225 |
01/14/22-14:57:39.326499 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49869 | 13467 | 192.168.2.3 | 3.22.30.40 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 14, 2022 14:55:45.856554985 CET | 49753 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:46.004971981 CET | 13467 | 49753 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:46.005089045 CET | 49753 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:46.343992949 CET | 49753 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:46.492089033 CET | 13467 | 49753 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:46.493834972 CET | 49753 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:46.541907072 CET | 13467 | 49753 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:46.585673094 CET | 49753 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:46.641864061 CET | 13467 | 49753 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:46.951797962 CET | 13467 | 49753 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:46.952209949 CET | 13467 | 49753 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:46.952291965 CET | 49753 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:48.557099104 CET | 49753 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:48.598484039 CET | 49754 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:48.746646881 CET | 13467 | 49754 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:48.746752977 CET | 49754 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:48.762800932 CET | 49754 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:48.911252975 CET | 13467 | 49754 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:48.911369085 CET | 49754 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:49.060733080 CET | 13467 | 49754 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:49.239238024 CET | 13467 | 49754 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:49.289077044 CET | 49754 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:49.341176033 CET | 13467 | 49754 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:49.342351913 CET | 13467 | 49754 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:49.342453957 CET | 49754 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:51.242801905 CET | 49754 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:51.271502018 CET | 49755 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:51.420833111 CET | 13467 | 49755 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:51.422240973 CET | 49755 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:51.454911947 CET | 49755 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:51.602993965 CET | 13467 | 49755 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:51.603136063 CET | 49755 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:51.751168966 CET | 13467 | 49755 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:51.759263039 CET | 49755 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:51.907783031 CET | 13467 | 49755 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:52.019689083 CET | 13467 | 49755 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:52.052608967 CET | 13467 | 49755 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:52.052696943 CET | 49755 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:52.053304911 CET | 13467 | 49755 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:52.053371906 CET | 49755 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:54.024209023 CET | 49755 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:54.060008049 CET | 49758 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:54.208894014 CET | 13467 | 49758 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:54.210483074 CET | 49758 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:54.224128008 CET | 49758 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:54.373317003 CET | 13467 | 49758 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:54.373409033 CET | 49758 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:54.521255970 CET | 13467 | 49758 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:54.910993099 CET | 13467 | 49758 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:54.911032915 CET | 13467 | 49758 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:55:54.911148071 CET | 49758 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:56.915455103 CET | 49758 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:55:56.951477051 CET | 49759 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:55:57.101223946 CET | 13467 | 49759 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:55:57.101358891 CET | 49759 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:55:57.123894930 CET | 49759 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:55:57.273524046 CET | 13467 | 49759 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:55:57.273648024 CET | 49759 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:55:57.424532890 CET | 13467 | 49759 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:55:57.618554115 CET | 13467 | 49759 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:55:57.664696932 CET | 49759 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:55:57.731481075 CET | 13467 | 49759 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:55:57.732249975 CET | 13467 | 49759 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:55:57.732328892 CET | 49759 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:55:59.634694099 CET | 49759 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:55:59.833179951 CET | 49760 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:55:59.981893063 CET | 13467 | 49760 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:55:59.982150078 CET | 49760 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:56:00.006211042 CET | 49760 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:56:00.154989958 CET | 13467 | 49760 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:56:00.155174971 CET | 49760 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:56:00.305074930 CET | 13467 | 49760 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:56:00.503254890 CET | 13467 | 49760 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:56:00.555558920 CET | 49760 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:56:00.617573977 CET | 13467 | 49760 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:56:00.617634058 CET | 13467 | 49760 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:56:00.617763042 CET | 49760 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:56:02.915493011 CET | 49760 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:56:03.007220984 CET | 49761 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:03.155801058 CET | 13467 | 49761 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:03.155880928 CET | 49761 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:03.177148104 CET | 49761 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:03.326867104 CET | 13467 | 49761 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:03.326941967 CET | 49761 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:03.475833893 CET | 13467 | 49761 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:03.884612083 CET | 13467 | 49761 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:03.884649038 CET | 13467 | 49761 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:03.884733915 CET | 49761 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:05.900490046 CET | 49761 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:05.936701059 CET | 49762 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:06.086052895 CET | 13467 | 49762 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:06.086170912 CET | 49762 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:06.098596096 CET | 49762 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:06.247594118 CET | 13467 | 49762 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:06.247698069 CET | 49762 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:06.397921085 CET | 13467 | 49762 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:06.767045021 CET | 13467 | 49762 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:06.767075062 CET | 13467 | 49762 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:06.767631054 CET | 49762 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:08.775754929 CET | 49762 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:08.813993931 CET | 49763 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:08.963634014 CET | 13467 | 49763 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:08.963727951 CET | 49763 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:08.974929094 CET | 49763 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:09.123676062 CET | 13467 | 49763 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:09.123754025 CET | 49763 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:09.272448063 CET | 13467 | 49763 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:09.615272999 CET | 13467 | 49763 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:09.615313053 CET | 13467 | 49763 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:09.615416050 CET | 49763 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:11.625684023 CET | 49763 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:11.737842083 CET | 49765 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:11.888254881 CET | 13467 | 49765 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:11.888465881 CET | 49765 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:11.904969931 CET | 49765 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:12.054227114 CET | 13467 | 49765 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:12.054327011 CET | 49765 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:12.203599930 CET | 13467 | 49765 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:12.440706968 CET | 13467 | 49765 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:12.494102001 CET | 49765 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:12.545068026 CET | 13467 | 49765 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:12.545097113 CET | 13467 | 49765 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:12.546008110 CET | 49765 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:14.447813988 CET | 49765 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:14.475697041 CET | 49767 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:14.625844955 CET | 13467 | 49767 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:14.626884937 CET | 49767 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:14.639656067 CET | 49767 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:14.788434029 CET | 13467 | 49767 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:14.788629055 CET | 49767 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:14.937830925 CET | 13467 | 49767 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:15.204236984 CET | 13467 | 49767 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:15.244251966 CET | 49767 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:15.383178949 CET | 13467 | 49767 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:15.383214951 CET | 13467 | 49767 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:15.383349895 CET | 49767 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:17.213562965 CET | 49767 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:17.266782999 CET | 49770 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:17.415743113 CET | 13467 | 49770 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:17.416572094 CET | 49770 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:17.749486923 CET | 49770 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:17.897804022 CET | 13467 | 49770 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:17.897927046 CET | 49770 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:18.001857042 CET | 13467 | 49770 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:18.041354895 CET | 49770 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:18.046664953 CET | 13467 | 49770 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:18.318001986 CET | 13467 | 49770 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:18.318051100 CET | 13467 | 49770 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:18.318197012 CET | 49770 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:20.010759115 CET | 49770 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:20.214725018 CET | 49771 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:20.364236116 CET | 13467 | 49771 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:20.364345074 CET | 49771 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:20.375566006 CET | 49771 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:20.523838997 CET | 13467 | 49771 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:20.523919106 CET | 49771 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:20.672972918 CET | 13467 | 49771 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:20.884959936 CET | 13467 | 49771 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:20.932238102 CET | 49771 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:20.946546078 CET | 13467 | 49771 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:20.946604967 CET | 13467 | 49771 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:20.946660042 CET | 49771 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:22.906924963 CET | 49771 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:23.128177881 CET | 49773 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:23.277667999 CET | 13467 | 49773 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:23.277800083 CET | 49773 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:23.288901091 CET | 49773 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:23.438060045 CET | 13467 | 49773 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:23.438178062 CET | 49773 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:23.586961031 CET | 13467 | 49773 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:23.788249016 CET | 13467 | 49773 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:23.887778997 CET | 13467 | 49773 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:23.887868881 CET | 49773 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:23.888468027 CET | 13467 | 49773 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:23.888529062 CET | 49773 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:25.839668036 CET | 49773 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:25.869586945 CET | 49778 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:26.018043041 CET | 13467 | 49778 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:26.018136024 CET | 49778 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:26.086507082 CET | 49778 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:26.235605955 CET | 13467 | 49778 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:26.235682011 CET | 49778 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:26.384140968 CET | 13467 | 49778 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:26.537439108 CET | 13467 | 49778 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:26.692147970 CET | 13467 | 49778 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:26.692218065 CET | 13467 | 49778 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:26.692241907 CET | 49778 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:26.692265034 CET | 49778 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:28.542478085 CET | 49778 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:28.570031881 CET | 49799 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:28.718650103 CET | 13467 | 49799 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:28.718753099 CET | 49799 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:28.732206106 CET | 49799 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:28.880507946 CET | 13467 | 49799 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:28.880604029 CET | 49799 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:29.029941082 CET | 13467 | 49799 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:29.223679066 CET | 13467 | 49799 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:29.330427885 CET | 13467 | 49799 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:29.330447912 CET | 13467 | 49799 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:29.330498934 CET | 49799 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:31.230338097 CET | 49799 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:31.264995098 CET | 49803 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:31.413213015 CET | 13467 | 49803 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:31.413340092 CET | 49803 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:31.478554964 CET | 49803 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:31.626991034 CET | 13467 | 49803 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:31.627573013 CET | 49803 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:31.776942968 CET | 13467 | 49803 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:31.925545931 CET | 13467 | 49803 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:31.980043888 CET | 49803 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:32.076556921 CET | 13467 | 49803 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:32.076787949 CET | 13467 | 49803 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:32.076862097 CET | 49803 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:33.934036970 CET | 49803 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:33.971385956 CET | 49813 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:34.121014118 CET | 13467 | 49813 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:34.121889114 CET | 49813 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:34.195822001 CET | 49813 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:34.345889091 CET | 13467 | 49813 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:34.345998049 CET | 49813 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:34.496643066 CET | 13467 | 49813 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:34.627521992 CET | 13467 | 49813 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:34.683475018 CET | 49813 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:34.787466049 CET | 13467 | 49813 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:34.787513971 CET | 13467 | 49813 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:34.787620068 CET | 49813 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:36.667517900 CET | 49813 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:36.827167988 CET | 49816 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:36.976691008 CET | 13467 | 49816 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:36.977701902 CET | 49816 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:36.993736982 CET | 49816 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:37.143310070 CET | 13467 | 49816 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:37.143668890 CET | 49816 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:37.293864965 CET | 13467 | 49816 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:37.468312979 CET | 13467 | 49816 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:37.512466908 CET | 49816 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:37.574076891 CET | 13467 | 49816 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:37.574351072 CET | 13467 | 49816 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:37.574928999 CET | 49816 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:39.542098999 CET | 49816 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:39.574153900 CET | 49818 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:39.723277092 CET | 13467 | 49818 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:56:39.723524094 CET | 49818 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:39.740921021 CET | 49818 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:39.888979912 CET | 13467 | 49818 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:56:39.889053106 CET | 49818 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:40.040402889 CET | 13467 | 49818 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:56:40.216300011 CET | 13467 | 49818 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:56:40.261969090 CET | 49818 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:40.314594984 CET | 13467 | 49818 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:56:40.314676046 CET | 13467 | 49818 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:56:40.316945076 CET | 49818 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:42.231137991 CET | 49818 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:42.256027937 CET | 49819 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:42.405697107 CET | 13467 | 49819 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:42.405886889 CET | 49819 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:42.427423954 CET | 49819 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:42.575541973 CET | 13467 | 49819 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:42.576255083 CET | 49819 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:42.724261045 CET | 13467 | 49819 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:42.866415024 CET | 13467 | 49819 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:42.918659925 CET | 49819 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:42.968957901 CET | 13467 | 49819 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:42.969007015 CET | 13467 | 49819 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:42.969106913 CET | 49819 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:44.903422117 CET | 49819 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:44.933501959 CET | 49820 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:45.083110094 CET | 13467 | 49820 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:45.083230972 CET | 49820 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:45.091298103 CET | 49820 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:45.242011070 CET | 13467 | 49820 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:45.242124081 CET | 49820 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:45.393203974 CET | 13467 | 49820 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:45.544006109 CET | 13467 | 49820 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:45.590559959 CET | 49820 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:45.639209032 CET | 13467 | 49820 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:45.640237093 CET | 13467 | 49820 | 3.17.7.232 | 192.168.2.3 |
Jan 14, 2022 14:56:45.640310049 CET | 49820 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:47.559775114 CET | 49820 | 13467 | 192.168.2.3 | 3.17.7.232 |
Jan 14, 2022 14:56:47.588242054 CET | 49821 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:47.736836910 CET | 13467 | 49821 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:47.737030029 CET | 49821 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:47.745364904 CET | 49821 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:47.894793987 CET | 13467 | 49821 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:47.894951105 CET | 49821 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:48.042984962 CET | 13467 | 49821 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:48.240365982 CET | 13467 | 49821 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:48.282761097 CET | 13467 | 49821 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:48.282898903 CET | 49821 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:48.283854008 CET | 13467 | 49821 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:48.284064054 CET | 49821 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:50.294591904 CET | 49821 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:50.339847088 CET | 49822 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:50.490030050 CET | 13467 | 49822 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:50.491406918 CET | 49822 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:50.506418943 CET | 49822 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:50.655863047 CET | 13467 | 49822 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:50.655982018 CET | 49822 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:50.805308104 CET | 13467 | 49822 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:50.949506044 CET | 13467 | 49822 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:50.997353077 CET | 49822 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:51.046550035 CET | 13467 | 49822 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:51.046588898 CET | 13467 | 49822 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:51.046660900 CET | 49822 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:52.966859102 CET | 49822 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:53.103064060 CET | 49823 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:53.251183987 CET | 13467 | 49823 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:56:53.251293898 CET | 49823 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:53.280010939 CET | 49823 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:53.429203033 CET | 13467 | 49823 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:56:53.431643963 CET | 49823 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:53.580948114 CET | 13467 | 49823 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:56:53.735677004 CET | 13467 | 49823 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:56:53.794426918 CET | 49823 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:53.878997087 CET | 13467 | 49823 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:56:53.879054070 CET | 13467 | 49823 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:56:53.879175901 CET | 49823 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:55.888577938 CET | 49823 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:56:55.919542074 CET | 49825 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:56.068867922 CET | 13467 | 49825 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:56.068957090 CET | 49825 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:56.085319042 CET | 49825 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:56.237842083 CET | 13467 | 49825 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:56.237957001 CET | 49825 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:56.387898922 CET | 13467 | 49825 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:56.544210911 CET | 13467 | 49825 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:56.591474056 CET | 49825 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:56.731281042 CET | 13467 | 49825 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:56.731333971 CET | 13467 | 49825 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:56:56.731381893 CET | 49825 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:58.577136993 CET | 49825 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:56:58.611886024 CET | 49826 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:58.760361910 CET | 13467 | 49826 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:58.760550976 CET | 49826 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:58.776495934 CET | 49826 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:58.925617933 CET | 13467 | 49826 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:58.925697088 CET | 49826 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:59.073448896 CET | 13467 | 49826 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:59.243772984 CET | 13467 | 49826 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:59.294843912 CET | 49826 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:56:59.433795929 CET | 13467 | 49826 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:59.434016943 CET | 13467 | 49826 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:56:59.434086084 CET | 49826 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:01.248769045 CET | 49826 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:01.292131901 CET | 49840 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:01.441229105 CET | 13467 | 49840 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:01.441431999 CET | 49840 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:01.456784010 CET | 49840 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:01.605844975 CET | 13467 | 49840 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:01.605973959 CET | 49840 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:01.755194902 CET | 13467 | 49840 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:01.920366049 CET | 13467 | 49840 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:01.967009068 CET | 49840 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:01.994836092 CET | 13467 | 49840 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:01.994862080 CET | 13467 | 49840 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:01.994939089 CET | 49840 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:03.936264992 CET | 49840 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:03.968389034 CET | 49851 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:04.118103027 CET | 13467 | 49851 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:57:04.118232012 CET | 49851 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:04.184999943 CET | 49851 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:04.334923029 CET | 13467 | 49851 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:57:04.335092068 CET | 49851 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:04.484425068 CET | 13467 | 49851 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:57:04.578169107 CET | 13467 | 49851 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:57:04.623488903 CET | 49851 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:04.726304054 CET | 13467 | 49851 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:57:04.727257013 CET | 13467 | 49851 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:57:04.727353096 CET | 49851 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:06.597639084 CET | 49851 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:06.682106018 CET | 49852 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:06.831762075 CET | 13467 | 49852 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:06.831931114 CET | 49852 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:06.846066952 CET | 49852 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:06.996845007 CET | 13467 | 49852 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:06.996959925 CET | 49852 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:07.144865990 CET | 13467 | 49852 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:07.288036108 CET | 13467 | 49852 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:07.342412949 CET | 49852 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:07.391819000 CET | 13467 | 49852 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:07.393424034 CET | 13467 | 49852 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:07.393484116 CET | 49852 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:09.306349039 CET | 49852 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:09.477884054 CET | 49857 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:09.626111031 CET | 13467 | 49857 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:09.629101038 CET | 49857 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:09.672363043 CET | 49857 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:09.820550919 CET | 13467 | 49857 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:09.820625067 CET | 49857 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:09.969440937 CET | 13467 | 49857 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:10.136903048 CET | 13467 | 49857 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:10.187722921 CET | 49857 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:10.211730003 CET | 13467 | 49857 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:10.213141918 CET | 13467 | 49857 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:10.217284918 CET | 49857 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:12.195146084 CET | 49857 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:12.222390890 CET | 49858 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:12.371764898 CET | 13467 | 49858 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:12.371877909 CET | 49858 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:12.379810095 CET | 49858 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:12.529593945 CET | 13467 | 49858 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:12.529719114 CET | 49858 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:12.677889109 CET | 13467 | 49858 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:12.842143059 CET | 13467 | 49858 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:12.927910089 CET | 13467 | 49858 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:12.927933931 CET | 13467 | 49858 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:12.928009033 CET | 49858 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:14.859451056 CET | 49858 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:14.894783020 CET | 49859 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:15.044862032 CET | 13467 | 49859 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:15.044970989 CET | 49859 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:15.052356005 CET | 49859 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:15.203074932 CET | 13467 | 49859 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:15.203237057 CET | 49859 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:15.353569984 CET | 13467 | 49859 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:15.497052908 CET | 13467 | 49859 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:15.546277046 CET | 49859 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:15.593873978 CET | 13467 | 49859 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:15.594454050 CET | 13467 | 49859 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:15.594548941 CET | 49859 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:17.505371094 CET | 49859 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:17.555666924 CET | 49860 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:17.704787970 CET | 13467 | 49860 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:17.704937935 CET | 49860 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:17.712853909 CET | 49860 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:17.862019062 CET | 13467 | 49860 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:17.862117052 CET | 49860 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:18.012576103 CET | 13467 | 49860 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:18.153377056 CET | 13467 | 49860 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:18.202678919 CET | 49860 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:18.253457069 CET | 13467 | 49860 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:18.254405022 CET | 13467 | 49860 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:18.255052090 CET | 49860 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:20.171401024 CET | 49860 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:20.205161095 CET | 49861 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:20.354484081 CET | 13467 | 49861 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:20.359708071 CET | 49861 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:20.383404016 CET | 49861 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:20.531452894 CET | 13467 | 49861 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:20.531692982 CET | 49861 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:20.680902958 CET | 13467 | 49861 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:20.815593004 CET | 13467 | 49861 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:20.872159004 CET | 49861 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:20.922147036 CET | 13467 | 49861 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:20.922171116 CET | 13467 | 49861 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:20.923648119 CET | 49861 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:22.922624111 CET | 49861 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:22.953860998 CET | 49862 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:23.102494955 CET | 13467 | 49862 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:57:23.102730036 CET | 49862 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:23.134241104 CET | 49862 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:23.283987045 CET | 13467 | 49862 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:57:23.284220934 CET | 49862 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:23.434010983 CET | 13467 | 49862 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:57:23.587218046 CET | 13467 | 49862 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:57:23.627883911 CET | 49862 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:23.672132015 CET | 13467 | 49862 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:57:23.672179937 CET | 13467 | 49862 | 3.14.182.203 | 192.168.2.3 |
Jan 14, 2022 14:57:23.672395945 CET | 49862 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:25.603193998 CET | 49862 | 13467 | 192.168.2.3 | 3.14.182.203 |
Jan 14, 2022 14:57:25.650895119 CET | 49864 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:25.798964024 CET | 13467 | 49864 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:25.800141096 CET | 49864 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:25.811739922 CET | 49864 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:25.960921049 CET | 13467 | 49864 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:25.961035013 CET | 49864 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:26.109395981 CET | 13467 | 49864 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:26.277720928 CET | 13467 | 49864 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:26.320991993 CET | 49864 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:26.373708963 CET | 13467 | 49864 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:26.373766899 CET | 13467 | 49864 | 3.134.125.175 | 192.168.2.3 |
Jan 14, 2022 14:57:26.374031067 CET | 49864 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:28.305177927 CET | 49864 | 13467 | 192.168.2.3 | 3.134.125.175 |
Jan 14, 2022 14:57:28.334876060 CET | 49865 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:28.482990026 CET | 13467 | 49865 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:28.486665010 CET | 49865 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:28.851830959 CET | 49865 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:28.935770988 CET | 13467 | 49865 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:28.935954094 CET | 49865 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:29.000933886 CET | 13467 | 49865 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:29.083980083 CET | 13467 | 49865 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:29.331485033 CET | 13467 | 49865 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:29.331649065 CET | 13467 | 49865 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:29.332684040 CET | 49865 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:30.968499899 CET | 49865 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:31.001785994 CET | 49866 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:31.151562929 CET | 13467 | 49866 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:31.151684999 CET | 49866 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:31.155905962 CET | 49866 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:31.304626942 CET | 13467 | 49866 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:31.304698944 CET | 49866 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:31.453993082 CET | 13467 | 49866 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:31.611686945 CET | 13467 | 49866 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:31.664241076 CET | 49866 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:31.700320959 CET | 13467 | 49866 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:31.700858116 CET | 13467 | 49866 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:31.700938940 CET | 49866 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:33.618360996 CET | 49866 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:33.640954018 CET | 49867 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:33.789655924 CET | 13467 | 49867 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:33.791275024 CET | 49867 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:33.794104099 CET | 49867 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:33.942908049 CET | 13467 | 49867 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:33.949666023 CET | 49867 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:34.099528074 CET | 13467 | 49867 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:34.336123943 CET | 13467 | 49867 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:34.345657110 CET | 13467 | 49867 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:34.345771074 CET | 49867 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:34.441003084 CET | 13467 | 49867 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:34.441072941 CET | 49867 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:36.352360964 CET | 49867 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:36.379312038 CET | 49868 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:36.529062986 CET | 13467 | 49868 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:36.529194117 CET | 49868 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:36.531249046 CET | 49868 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:36.680871964 CET | 13467 | 49868 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:36.681094885 CET | 49868 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:36.830693007 CET | 13467 | 49868 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:37.118520975 CET | 13467 | 49868 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:37.118561029 CET | 13467 | 49868 | 3.13.191.225 | 192.168.2.3 |
Jan 14, 2022 14:57:37.118671894 CET | 49868 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:39.135499954 CET | 49868 | 13467 | 192.168.2.3 | 3.13.191.225 |
Jan 14, 2022 14:57:39.165522099 CET | 49869 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:39.313790083 CET | 13467 | 49869 | 3.22.30.40 | 192.168.2.3 |
Jan 14, 2022 14:57:39.314306021 CET | 49869 | 13467 | 192.168.2.3 | 3.22.30.40 |
Jan 14, 2022 14:57:39.326498985 CET | 49869 | 13467 | 192.168.2.3 | 3.22.30.40 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 14, 2022 14:55:45.826014996 CET | 64021 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:55:45.845385075 CET | 53 | 64021 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:55:48.573869944 CET | 60784 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:55:48.595556021 CET | 53 | 60784 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:55:51.250332117 CET | 51143 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:55:51.267457962 CET | 53 | 51143 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:55:54.034359932 CET | 59026 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:55:54.053494930 CET | 53 | 59026 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:55:56.930083036 CET | 49572 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:55:56.949445963 CET | 53 | 49572 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:55:59.640835047 CET | 60823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:55:59.660417080 CET | 53 | 60823 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:02.986785889 CET | 52130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:03.006030083 CET | 53 | 52130 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:05.912566900 CET | 55102 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:05.935421944 CET | 53 | 55102 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:08.785914898 CET | 56236 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:08.812231064 CET | 53 | 56236 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:11.714885950 CET | 49559 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:11.736334085 CET | 53 | 49559 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:14.454736948 CET | 63297 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:14.474361897 CET | 53 | 63297 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:17.219274998 CET | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:17.238837957 CET | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:20.142657042 CET | 53615 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:20.162110090 CET | 53 | 53615 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:23.108827114 CET | 53777 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:23.126688004 CET | 53 | 53777 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:25.848159075 CET | 60982 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:25.867337942 CET | 53 | 60982 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:28.549057961 CET | 63456 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:28.568577051 CET | 53 | 63456 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:31.243753910 CET | 55108 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:31.262999058 CET | 53 | 55108 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:33.952836037 CET | 58942 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:33.969996929 CET | 53 | 58942 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:36.805179119 CET | 64432 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:36.825191021 CET | 53 | 64432 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:39.552303076 CET | 63490 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:39.572302103 CET | 53 | 63490 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:42.237478018 CET | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:42.254549980 CET | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:44.912789106 CET | 61120 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:44.930639029 CET | 53 | 61120 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:47.566504002 CET | 53079 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:47.586004019 CET | 53 | 53079 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:50.310465097 CET | 50824 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:50.337717056 CET | 53 | 50824 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:53.083189011 CET | 56706 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:53.101566076 CET | 53 | 56706 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:55.895234108 CET | 62855 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:55.918054104 CET | 53 | 62855 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:56:58.591355085 CET | 51046 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:56:58.608932018 CET | 53 | 51046 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:01.259596109 CET | 49290 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:01.289280891 CET | 53 | 49290 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:03.945168972 CET | 59754 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:03.965209007 CET | 53 | 59754 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:06.660762072 CET | 49234 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:06.680274010 CET | 53 | 49234 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:09.400335073 CET | 57447 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:09.419737101 CET | 53 | 57447 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:12.201404095 CET | 63583 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:12.220947981 CET | 53 | 63583 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:14.870506048 CET | 64099 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:14.890022993 CET | 53 | 64099 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:17.534580946 CET | 64610 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:17.553966999 CET | 53 | 64610 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:20.180349112 CET | 51989 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:20.201327085 CET | 53 | 51989 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:22.931205988 CET | 53152 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:22.950678110 CET | 53 | 53152 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:25.630670071 CET | 56077 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:25.649379969 CET | 53 | 56077 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:28.312005997 CET | 57951 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:28.331880093 CET | 53 | 57951 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:30.979021072 CET | 53276 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:30.998452902 CET | 53 | 53276 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:33.620198011 CET | 60135 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:33.639610052 CET | 53 | 60135 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:36.354939938 CET | 49849 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:36.375444889 CET | 53 | 49849 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 14:57:39.139276981 CET | 60253 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 14:57:39.159666061 CET | 53 | 60253 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 14, 2022 14:55:45.826014996 CET | 192.168.2.3 | 8.8.8.8 | 0x354d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:55:48.573869944 CET | 192.168.2.3 | 8.8.8.8 | 0x7217 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:55:51.250332117 CET | 192.168.2.3 | 8.8.8.8 | 0x1e2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:55:54.034359932 CET | 192.168.2.3 | 8.8.8.8 | 0x5d28 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:55:56.930083036 CET | 192.168.2.3 | 8.8.8.8 | 0xc746 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:55:59.640835047 CET | 192.168.2.3 | 8.8.8.8 | 0x47a0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:02.986785889 CET | 192.168.2.3 | 8.8.8.8 | 0x53ee | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:05.912566900 CET | 192.168.2.3 | 8.8.8.8 | 0x1b23 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:08.785914898 CET | 192.168.2.3 | 8.8.8.8 | 0x7451 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:11.714885950 CET | 192.168.2.3 | 8.8.8.8 | 0xa4dd | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:14.454736948 CET | 192.168.2.3 | 8.8.8.8 | 0xb74 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:17.219274998 CET | 192.168.2.3 | 8.8.8.8 | 0xd3e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:20.142657042 CET | 192.168.2.3 | 8.8.8.8 | 0x4e7a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:23.108827114 CET | 192.168.2.3 | 8.8.8.8 | 0x900e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:25.848159075 CET | 192.168.2.3 | 8.8.8.8 | 0xa643 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:28.549057961 CET | 192.168.2.3 | 8.8.8.8 | 0x1087 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:31.243753910 CET | 192.168.2.3 | 8.8.8.8 | 0x990c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:33.952836037 CET | 192.168.2.3 | 8.8.8.8 | 0x8d4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:36.805179119 CET | 192.168.2.3 | 8.8.8.8 | 0xf5b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:39.552303076 CET | 192.168.2.3 | 8.8.8.8 | 0x135d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:42.237478018 CET | 192.168.2.3 | 8.8.8.8 | 0x8ce5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:44.912789106 CET | 192.168.2.3 | 8.8.8.8 | 0x1565 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:47.566504002 CET | 192.168.2.3 | 8.8.8.8 | 0xfe29 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:50.310465097 CET | 192.168.2.3 | 8.8.8.8 | 0xecf | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:53.083189011 CET | 192.168.2.3 | 8.8.8.8 | 0xa4dd | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:55.895234108 CET | 192.168.2.3 | 8.8.8.8 | 0x6f54 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:56:58.591355085 CET | 192.168.2.3 | 8.8.8.8 | 0x3abe | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:01.259596109 CET | 192.168.2.3 | 8.8.8.8 | 0xa299 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:03.945168972 CET | 192.168.2.3 | 8.8.8.8 | 0x5d9f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:06.660762072 CET | 192.168.2.3 | 8.8.8.8 | 0x7ff4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:09.400335073 CET | 192.168.2.3 | 8.8.8.8 | 0x296d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:12.201404095 CET | 192.168.2.3 | 8.8.8.8 | 0xcb98 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:14.870506048 CET | 192.168.2.3 | 8.8.8.8 | 0x7190 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:17.534580946 CET | 192.168.2.3 | 8.8.8.8 | 0x2b1b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:20.180349112 CET | 192.168.2.3 | 8.8.8.8 | 0x732d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:22.931205988 CET | 192.168.2.3 | 8.8.8.8 | 0xff31 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:25.630670071 CET | 192.168.2.3 | 8.8.8.8 | 0x3ef9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:28.312005997 CET | 192.168.2.3 | 8.8.8.8 | 0x5e29 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:30.979021072 CET | 192.168.2.3 | 8.8.8.8 | 0xf575 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:33.620198011 CET | 192.168.2.3 | 8.8.8.8 | 0xec81 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:36.354939938 CET | 192.168.2.3 | 8.8.8.8 | 0x2c4c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 14:57:39.139276981 CET | 192.168.2.3 | 8.8.8.8 | 0x4984 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 14, 2022 14:55:45.845385075 CET | 8.8.8.8 | 192.168.2.3 | 0x354d | No error (0) | 3.17.7.232 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:55:48.595556021 CET | 8.8.8.8 | 192.168.2.3 | 0x7217 | No error (0) | 3.17.7.232 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:55:51.267457962 CET | 8.8.8.8 | 192.168.2.3 | 0x1e2 | No error (0) | 3.17.7.232 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:55:54.053494930 CET | 8.8.8.8 | 192.168.2.3 | 0x5d28 | No error (0) | 3.17.7.232 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:55:56.949445963 CET | 8.8.8.8 | 192.168.2.3 | 0xc746 | No error (0) | 3.14.182.203 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:55:59.660417080 CET | 8.8.8.8 | 192.168.2.3 | 0x47a0 | No error (0) | 3.13.191.225 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:03.006030083 CET | 8.8.8.8 | 192.168.2.3 | 0x53ee | No error (0) | 3.14.182.203 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:05.935421944 CET | 8.8.8.8 | 192.168.2.3 | 0x1b23 | No error (0) | 3.14.182.203 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:08.812231064 CET | 8.8.8.8 | 192.168.2.3 | 0x7451 | No error (0) | 3.14.182.203 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:11.736334085 CET | 8.8.8.8 | 192.168.2.3 | 0xa4dd | No error (0) | 3.22.30.40 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:14.474361897 CET | 8.8.8.8 | 192.168.2.3 | 0xb74 | No error (0) | 3.14.182.203 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:17.238837957 CET | 8.8.8.8 | 192.168.2.3 | 0xd3e | No error (0) | 3.14.182.203 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:20.162110090 CET | 8.8.8.8 | 192.168.2.3 | 0x4e7a | No error (0) | 3.17.7.232 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:23.126688004 CET | 8.8.8.8 | 192.168.2.3 | 0x900e | No error (0) | 3.22.30.40 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:25.867337942 CET | 8.8.8.8 | 192.168.2.3 | 0xa643 | No error (0) | 3.17.7.232 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:28.568577051 CET | 8.8.8.8 | 192.168.2.3 | 0x1087 | No error (0) | 3.17.7.232 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:31.262999058 CET | 8.8.8.8 | 192.168.2.3 | 0x990c | No error (0) | 3.22.30.40 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:33.969996929 CET | 8.8.8.8 | 192.168.2.3 | 0x8d4 | No error (0) | 3.14.182.203 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:36.825191021 CET | 8.8.8.8 | 192.168.2.3 | 0xf5b | No error (0) | 3.14.182.203 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:39.572302103 CET | 8.8.8.8 | 192.168.2.3 | 0x135d | No error (0) | 3.134.125.175 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:42.254549980 CET | 8.8.8.8 | 192.168.2.3 | 0x8ce5 | No error (0) | 3.17.7.232 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:44.930639029 CET | 8.8.8.8 | 192.168.2.3 | 0x1565 | No error (0) | 3.17.7.232 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:47.586004019 CET | 8.8.8.8 | 192.168.2.3 | 0xfe29 | No error (0) | 3.22.30.40 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:50.337717056 CET | 8.8.8.8 | 192.168.2.3 | 0xecf | No error (0) | 3.14.182.203 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:53.101566076 CET | 8.8.8.8 | 192.168.2.3 | 0xa4dd | No error (0) | 3.134.125.175 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:55.918054104 CET | 8.8.8.8 | 192.168.2.3 | 0x6f54 | No error (0) | 3.14.182.203 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:56:58.608932018 CET | 8.8.8.8 | 192.168.2.3 | 0x3abe | No error (0) | 3.22.30.40 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:01.289280891 CET | 8.8.8.8 | 192.168.2.3 | 0xa299 | No error (0) | 3.22.30.40 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:03.965209007 CET | 8.8.8.8 | 192.168.2.3 | 0x5d9f | No error (0) | 3.14.182.203 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:06.680274010 CET | 8.8.8.8 | 192.168.2.3 | 0x7ff4 | No error (0) | 3.134.125.175 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:09.419737101 CET | 8.8.8.8 | 192.168.2.3 | 0x296d | No error (0) | 3.22.30.40 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:12.220947981 CET | 8.8.8.8 | 192.168.2.3 | 0xcb98 | No error (0) | 3.134.125.175 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:14.890022993 CET | 8.8.8.8 | 192.168.2.3 | 0x7190 | No error (0) | 3.13.191.225 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:17.553966999 CET | 8.8.8.8 | 192.168.2.3 | 0x2b1b | No error (0) | 3.13.191.225 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:20.201327085 CET | 8.8.8.8 | 192.168.2.3 | 0x732d | No error (0) | 3.134.125.175 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:22.950678110 CET | 8.8.8.8 | 192.168.2.3 | 0xff31 | No error (0) | 3.14.182.203 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:25.649379969 CET | 8.8.8.8 | 192.168.2.3 | 0x3ef9 | No error (0) | 3.134.125.175 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:28.331880093 CET | 8.8.8.8 | 192.168.2.3 | 0x5e29 | No error (0) | 3.22.30.40 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:30.998452902 CET | 8.8.8.8 | 192.168.2.3 | 0xf575 | No error (0) | 3.22.30.40 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:33.639610052 CET | 8.8.8.8 | 192.168.2.3 | 0xec81 | No error (0) | 3.13.191.225 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:36.375444889 CET | 8.8.8.8 | 192.168.2.3 | 0x2c4c | No error (0) | 3.13.191.225 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 14:57:39.159666061 CET | 8.8.8.8 | 192.168.2.3 | 0x4984 | No error (0) | 3.22.30.40 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 14:55:24 |
Start date: | 14/01/2022 |
Path: | C:\Users\user\Desktop\72CA3E2F8479A075C8E089F543F79C4F1CF868D66D327.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x840000 |
File size: | 37888 bytes |
MD5 hash: | 70ACA878BFAAC1EAF7019EDDD97FC877 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 14:55:32 |
Start date: | 14/01/2022 |
Path: | C:\Users\user\AppData\Roaming\System.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc70000 |
File size: | 37888 bytes |
MD5 hash: | 70ACA878BFAAC1EAF7019EDDD97FC877 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: | |
Reputation: | low |
General |
---|
Start time: | 14:55:40 |
Start date: | 14/01/2022 |
Path: | C:\Windows\SysWOW64\netsh.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe40000 |
File size: | 82944 bytes |
MD5 hash: | A0AA3322BB46BBFC36AB9DC1DBBBB807 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 14:55:41 |
Start date: | 14/01/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f20f0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 14:55:51 |
Start date: | 14/01/2022 |
Path: | C:\Users\user\AppData\Roaming\System.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf50000 |
File size: | 37888 bytes |
MD5 hash: | 70ACA878BFAAC1EAF7019EDDD97FC877 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 14:55:59 |
Start date: | 14/01/2022 |
Path: | C:\Users\user\AppData\Roaming\System.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x50000 |
File size: | 37888 bytes |
MD5 hash: | 70ACA878BFAAC1EAF7019EDDD97FC877 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 14:56:07 |
Start date: | 14/01/2022 |
Path: | C:\Users\user\AppData\Roaming\System.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x510000 |
File size: | 37888 bytes |
MD5 hash: | 70ACA878BFAAC1EAF7019EDDD97FC877 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 04FD0310, Relevance: 2.7, Strings: 2, Instructions: 190COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04FD03BD, Relevance: 2.6, Strings: 2, Instructions: 135COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04FD0968, Relevance: 1.8, Strings: 1, Instructions: 507COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04FD0889, Relevance: 1.3, Strings: 1, Instructions: 42COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04FD0958, Relevance: .3, Instructions: 300COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04FD0080, Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E705D2, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04FD001B, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E705F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00846B5E, Relevance: 1.0, Instructions: 958COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 25.1% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 8.3% |
Total number of Nodes: | 168 |
Total number of Limit Nodes: | 3 |
Graph
Executed Functions |
---|
Function 057E022F, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E0007, Relevance: 1.6, APIs: 1, Instructions: 53nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E026A, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E0032, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730968, Relevance: 1.8, Strings: 1, Instructions: 506COMMON
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E1BAC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E1E3A, Relevance: 1.6, APIs: 1, Instructions: 92COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E1498, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E1730, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E316C, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E1BCE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E309D, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E1AB8, Relevance: 1.6, APIs: 1, Instructions: 79timeCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01731660, Relevance: 1.6, Strings: 1, Instructions: 329COMMON
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E164E, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E0160, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E14BE, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E326B, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E19E5, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E2FD7, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E166E, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E176E, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E1AE2, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E31AA, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E328E, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E02E4, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01731653, Relevance: 1.6, Strings: 1, Instructions: 309COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E2FFA, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E1A12, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E30D6, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E01A6, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E1EAA, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057E0312, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017316C1, Relevance: 1.5, Strings: 1, Instructions: 280COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017316DF, Relevance: 1.5, Strings: 1, Instructions: 277COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017316F2, Relevance: 1.5, Strings: 1, Instructions: 276COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730E55, Relevance: 1.3, Strings: 1, Instructions: 63COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01731ED7, Relevance: .4, Instructions: 393COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017327C0, Relevance: .3, Instructions: 327COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730958, Relevance: .3, Instructions: 298COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0173275F, Relevance: .3, Instructions: 295COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01731238, Relevance: .3, Instructions: 283COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017328C5, Relevance: .2, Instructions: 228COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01732915, Relevance: .2, Instructions: 217COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017323E0, Relevance: .2, Instructions: 213COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01732957, Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730310, Relevance: .2, Instructions: 195COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730B03, Relevance: .2, Instructions: 194COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017329CB, Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017305C5, Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730BA8, Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01731227, Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730634, Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01732AAD, Relevance: .1, Instructions: 142COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017303BD, Relevance: .1, Instructions: 135COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01731608, Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730080, Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730C22, Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E31F43, Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01733228, Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01731BF0, Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01731BE1, Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01733078, Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01733238, Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730C8D, Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01732BC8, Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017326A0, Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017323D1, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730773, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730D40, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E32738, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030E0924, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030E08ED, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01732EF8, Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01732DD8, Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01732FA0, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01731D60, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730014, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730509, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01731D70, Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01732DE8, Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01732EE8, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030E05CF, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730D98, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730894, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01732370, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01732F90, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030E09E0, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030E05F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E327A3, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E3204F, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01733038, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01733048, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Execution Graph |
---|
Execution Coverage: | 5.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 12 |
Total number of Limit Nodes: | 0 |
Graph
Callgraph |
---|
Executed Functions |
---|
Function 05700310, Relevance: 2.7, Strings: 2, Instructions: 195COMMON
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057003BD, Relevance: 2.6, Strings: 2, Instructions: 135COMMON
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05700080, Relevance: .1, Instructions: 129COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05700007, Relevance: .1, Instructions: 63COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031605D0, Relevance: .0, Instructions: 45COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031605F6, Relevance: .0, Instructions: 27COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016123F4, Relevance: .0, Instructions: 15COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016123BC, Relevance: .0, Instructions: 14COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Execution Graph |
---|
Execution Coverage: | 6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 22 |
Total number of Limit Nodes: | 2 |
Graph
Callgraph |
---|
Executed Functions |
---|
Function 0092A710, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0092A74E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04800310, Relevance: .2, Instructions: 188COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 048003BD, Relevance: .1, Instructions: 135COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04800080, Relevance: .1, Instructions: 129COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04800007, Relevance: .0, Instructions: 45COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009505D1, Relevance: .0, Instructions: 43COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009505F6, Relevance: .0, Instructions: 27COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009223F4, Relevance: .0, Instructions: 15COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009223BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Execution Graph |
---|
Execution Coverage: | 10.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 19 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph |
---|
Executed Functions |
---|
Function 00E1A710, Relevance: 3.1, APIs: 2, Instructions: 115COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CC0310, Relevance: 2.7, Strings: 2, Instructions: 193COMMON
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CC03BD, Relevance: 2.6, Strings: 2, Instructions: 135COMMON
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1A74E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CC0080, Relevance: .1, Instructions: 132COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CC0007, Relevance: .1, Instructions: 51COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E005CF, Relevance: .0, Instructions: 44COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E005F6, Relevance: .0, Instructions: 27COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E123F4, Relevance: .0, Instructions: 15COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E123BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|