Windows
Analysis Report
1DA2BAEDB633FD4884FCE89A2D9D8630C2E7AF359FE75.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 1DA2BAEDB633FD4884FCE89A2D9D8630C2E7AF359FE75.exe (PID: 6948 cmdline:
"C:\Users\ user\Deskt op\1DA2BAE DB633FD488 4FCE89A2D9 D8630C2E7A F359FE75.e xe" MD5: 7564920DF8FDAC8A30144D4297173194)
- dhcpmon.exe (PID: 4684 cmdline:
"C:\Progra m Files (x 86)\DHCP M onitor\dhc pmon.exe" MD5: 7564920DF8FDAC8A30144D4297173194)
- cleanup
{"Version": "1.2.2.0", "Mutex": "9b13b828-50a9-4487-af40-2faff161", "Group": "Default", "Domain1": "6.tcp.ngrok.io", "Domain2": "6.tcp.ngrok.io", "Port": 10715, "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen |
| |
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen |
| |
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Click to see the 14 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Click to see the 30 entries |
AV Detection |
---|
Source: | Author: Joe Security: |
E-Banking Fraud |
---|
Source: | Author: Joe Security: |
Stealing of Sensitive Information |
---|
Source: | Author: Joe Security: |
Remote Access Functionality |
---|
Source: | Author: Joe Security: |
Timestamp: | 192.168.2.318.189.106.4549758107152816718 05/14/22-18:53:45.756170 |
SID: | 2816718 |
Source Port: | 49758 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549757107152025019 05/14/22-18:53:40.189537 |
SID: | 2025019 |
Source Port: | 49757 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.132.159.15849794107152816766 05/14/22-18:54:36.688201 |
SID: | 2816766 |
Source Port: | 49794 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.210.3749806107152816766 05/14/22-18:54:41.730487 |
SID: | 2816766 |
Source Port: | 49806 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149848107152816766 05/14/22-18:54:51.648514 |
SID: | 2816766 |
Source Port: | 49848 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549854107152816766 05/14/22-18:55:01.842670 |
SID: | 2816766 |
Source Port: | 49854 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.210.3749883107152025019 05/14/22-18:55:26.161126 |
SID: | 2025019 |
Source Port: | 49883 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.140.223.749740107152025019 05/14/22-18:53:30.583587 |
SID: | 2025019 |
Source Port: | 49740 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149765107152025019 05/14/22-18:54:00.755092 |
SID: | 2025019 |
Source Port: | 49765 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.140.223.749740107152816766 05/14/22-18:53:30.746005 |
SID: | 2816766 |
Source Port: | 49740 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.210.3749806107152025019 05/14/22-18:54:41.230236 |
SID: | 2025019 |
Source Port: | 49806 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549759107152025019 05/14/22-18:53:50.228503 |
SID: | 2025019 |
Source Port: | 49759 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149756107152816766 05/14/22-18:53:35.773125 |
SID: | 2816766 |
Source Port: | 49756 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.177.149858107152025019 05/14/22-18:55:06.246494 |
SID: | 2025019 |
Source Port: | 49858 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549758107152025019 05/14/22-18:53:45.315185 |
SID: | 2025019 |
Source Port: | 49758 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.177.149858107152816766 05/14/22-18:55:06.694095 |
SID: | 2816766 |
Source Port: | 49858 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549854107152025019 05/14/22-18:55:01.397157 |
SID: | 2025019 |
Source Port: | 49854 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549886107152025019 05/14/22-18:55:35.481238 |
SID: | 2025019 |
Source Port: | 49886 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149770107152025019 05/14/22-18:54:06.080233 |
SID: | 2025019 |
Source Port: | 49770 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149781107152025019 05/14/22-18:54:15.860094 |
SID: | 2025019 |
Source Port: | 49781 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.210.3749884107152025019 05/14/22-18:55:30.861568 |
SID: | 2025019 |
Source Port: | 49884 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149785107152025019 05/14/22-18:54:25.617279 |
SID: | 2025019 |
Source Port: | 49785 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149836107152816766 05/14/22-18:54:46.608305 |
SID: | 2816766 |
Source Port: | 49836 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549791107152816766 05/14/22-18:54:31.286610 |
SID: | 2816766 |
Source Port: | 49791 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.132.159.15849853107152025019 05/14/22-18:54:56.252366 |
SID: | 2025019 |
Source Port: | 49853 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149783107152025019 05/14/22-18:54:20.769932 |
SID: | 2025019 |
Source Port: | 49783 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.132.159.15849874107152025019 05/14/22-18:55:11.701384 |
SID: | 2025019 |
Source Port: | 49874 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149756107152025019 05/14/22-18:53:35.332411 |
SID: | 2025019 |
Source Port: | 49756 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549880107152025019 05/14/22-18:55:16.679672 |
SID: | 2025019 |
Source Port: | 49880 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549880107152816766 05/14/22-18:55:17.122336 |
SID: | 2816766 |
Source Port: | 49880 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549882107152025019 05/14/22-18:55:21.440941 |
SID: | 2025019 |
Source Port: | 49882 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149836107152816718 05/14/22-18:54:46.418129 |
SID: | 2816718 |
Source Port: | 49836 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549882107152816766 05/14/22-18:55:21.882674 |
SID: | 2816766 |
Source Port: | 49882 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.210.3749776107152025019 05/14/22-18:54:11.046665 |
SID: | 2025019 |
Source Port: | 49776 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149765107152816766 05/14/22-18:54:00.902736 |
SID: | 2816766 |
Source Port: | 49765 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.210.3749760107152816766 05/14/22-18:53:55.476894 |
SID: | 2816766 |
Source Port: | 49760 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.132.159.15849794107152025019 05/14/22-18:54:36.540422 |
SID: | 2025019 |
Source Port: | 49794 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.132.159.15849874107152816766 05/14/22-18:55:12.139699 |
SID: | 2816766 |
Source Port: | 49874 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549757107152816766 05/14/22-18:53:40.555893 |
SID: | 2816766 |
Source Port: | 49757 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549758107152816766 05/14/22-18:53:45.756170 |
SID: | 2816766 |
Source Port: | 49758 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149785107152816766 05/14/22-18:54:25.912977 |
SID: | 2816766 |
Source Port: | 49785 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.210.3749776107152816766 05/14/22-18:54:11.487905 |
SID: | 2816766 |
Source Port: | 49776 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549759107152816766 05/14/22-18:53:50.666342 |
SID: | 2816766 |
Source Port: | 49759 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149783107152816766 05/14/22-18:54:21.223616 |
SID: | 2816766 |
Source Port: | 49783 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.210.3749760107152025019 05/14/22-18:53:55.034238 |
SID: | 2025019 |
Source Port: | 49760 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.132.159.15849853107152816766 05/14/22-18:54:56.699602 |
SID: | 2816766 |
Source Port: | 49853 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149781107152816766 05/14/22-18:54:16.302738 |
SID: | 2816766 |
Source Port: | 49781 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149770107152816766 05/14/22-18:54:06.525535 |
SID: | 2816766 |
Source Port: | 49770 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.210.3749884107152816766 05/14/22-18:55:31.304803 |
SID: | 2816766 |
Source Port: | 49884 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.318.189.106.4549791107152025019 05/14/22-18:54:30.845080 |
SID: | 2025019 |
Source Port: | 49791 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149836107152025019 05/14/22-18:54:46.122377 |
SID: | 2025019 |
Source Port: | 49836 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.142.21149848107152025019 05/14/22-18:54:51.048070 |
SID: | 2025019 |
Source Port: | 49848 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.33.141.210.3749883107152816766 05/14/22-18:55:26.602738 |
SID: | 2816766 |
Source Port: | 49883 |
Destination Port: | 10715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: |
Source: | Avira URL Cloud: |
Source: | Avira: |
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | Binary or memory string: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 4_2_00A3524A | |
Source: | Code function: | 4_2_05223850 | |
Source: | Code function: | 4_2_052223A0 | |
Source: | Code function: | 4_2_05222FA8 | |
Source: | Code function: | 4_2_0522306F |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_3_00A48A53 | |
Source: | Code function: | 0_3_00A48A53 | |
Source: | Code function: | 0_3_00A48A53 | |
Source: | Code function: | 0_3_00A4AF53 | |
Source: | Code function: | 0_3_00A4AF53 | |
Source: | Code function: | 0_3_00A4AF53 | |
Source: | Code function: | 0_3_00A48A53 | |
Source: | Code function: | 0_3_00A48A53 | |
Source: | Code function: | 0_3_00A48A53 | |
Source: | Code function: | 0_3_00A4AF53 | |
Source: | Code function: | 0_3_00A4AF53 | |
Source: | Code function: | 0_3_00A4AF53 | |
Source: | Code function: | 0_3_00A48A53 | |
Source: | Code function: | 0_3_00A48A53 | |
Source: | Code function: | 0_3_00A48A53 | |
Source: | Code function: | 0_3_00A4AF53 | |
Source: | Code function: | 0_3_00A4AF53 | |
Source: | Code function: | 0_3_00A4AF53 |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 2 Process Injection | 2 Masquerading | 11 Input Capture | 11 Security Software Discovery | Remote Services | 11 Input Capture | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 2 Process Discovery | Remote Desktop Protocol | 11 Archive Collected Data | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 21 Virtualization/Sandbox Evasion | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Remote Access Software | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 2 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Data Transfer Size Limits | 11 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Hidden Files and Directories | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Obfuscated Files or Information | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 12 Software Packing | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
83% | Metadefender | Browse | ||
100% | ReversingLabs | ByteCode-MSIL.Backdoor.NanoCore | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Dropper.MSIL.Gen7 | ||
100% | Joe Sandbox ML | |||
83% | Metadefender | Browse | ||
98% | ReversingLabs | ByteCode-MSIL.Backdoor.NanoCore |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
6.tcp.ngrok.io | 3.140.223.7 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
3.141.142.211 | unknown | United States | 16509 | AMAZON-02US | true | |
18.189.106.45 | unknown | United States | 16509 | AMAZON-02US | true | |
3.141.210.37 | unknown | United States | 16509 | AMAZON-02US | true | |
3.140.223.7 | 6.tcp.ngrok.io | United States | 16509 | AMAZON-02US | true | |
3.141.177.1 | unknown | United States | 16509 | AMAZON-02US | true | |
3.132.159.158 | unknown | United States | 16509 | AMAZON-02US | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 626643 |
Start date and time: 14/05/202218:52:25 | 2022-05-14 18:52:25 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 1DA2BAEDB633FD4884FCE89A2D9D8630C2E7AF359FE75.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 25 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@2/4@26/7 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Execution Graph export aborted for target 1DA2BAEDB633FD4884FCE89A2D9D8630C2E7AF359FE75.exe, PID 6948 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- VT rate limit hit for: 1DA2BAEDB633FD4884FCE89A2D9D8630C2E7AF359FE75.exe
Time | Type | Description |
---|---|---|
18:53:28 | API Interceptor | |
18:53:29 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
3.141.142.211 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
18.189.106.45 | Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
6.tcp.ngrok.io | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AMAZON-02US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
AMAZON-02US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Users\user\Desktop\1DA2BAEDB633FD4884FCE89A2D9D8630C2E7AF359FE75.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 207360 |
Entropy (8bit): | 7.44673871085536 |
Encrypted: | false |
SSDEEP: | 6144:gLV6Bta6dtJmakIM5HlWUu5LYkO0TrWSB:gLV6BtpmkIlM5LYkO0TKM |
MD5: | 7564920DF8FDAC8A30144D4297173194 |
SHA1: | 7E5451C6DE3E46983C22AB6FE70EB0C6E5FC21DA |
SHA-256: | 1DA2BAEDB633FD4884FCE89A2D9D8630C2E7AF359FE7519F677AD64BCC162A61 |
SHA-512: | A208A85DAB10B37E344D5EBED56C05DD09C93EACC6AAAE610DD5D4E8E395A3788CBE6342C7000A27CBDCBCABED6E5043FABF5D796853794A9498AFDF0332D6F6 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\1DA2BAEDB633FD4884FCE89A2D9D8630C2E7AF359FE75.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 525 |
Entropy (8bit): | 5.2874233355119316 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T |
MD5: | 61CCF53571C9ABA6511D696CB0D32E45 |
SHA1: | A13A42A20EC14942F52DB20FB16A0A520F8183CE |
SHA-256: | 3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B |
SHA-512: | 90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\1DA2BAEDB633FD4884FCE89A2D9D8630C2E7AF359FE75.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:Jtn:jn |
MD5: | 24DE9846E6AE08C5DCA9BCDA9F509FC1 |
SHA1: | CFA73A7289F9EC1FEC3DCDAB3B7D6FC788BF52B7 |
SHA-256: | 0EA4EE35E4DB371C1C0ACCC8D42C119750B93519D77263572574AD7EE2321E5B |
SHA-512: | BF56D6F04A2402E3B064ACE5B2FB0B3B8E201EBA90BF713430347063CE4D5736F23C07652B3E5FD0DC60BB533AF463A136BBB64DCC6ACE6EE98F7104A9D82B52 |
Malicious: | true |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.44673871085536 |
TrID: |
|
File name: | 1DA2BAEDB633FD4884FCE89A2D9D8630C2E7AF359FE75.exe |
File size: | 207360 |
MD5: | 7564920df8fdac8a30144d4297173194 |
SHA1: | 7e5451c6de3e46983c22ab6fe70eb0c6e5fc21da |
SHA256: | 1da2baedb633fd4884fce89a2d9d8630c2e7af359fe7519f677ad64bcc162a61 |
SHA512: | a208a85dab10b37e344d5ebed56c05dd09c93eacc6aaae610dd5d4e8e395a3788cbe6342c7000a27cbdcbcabed6e5043fabf5d796853794a9498afdf0332d6f6 |
SSDEEP: | 6144:gLV6Bta6dtJmakIM5HlWUu5LYkO0TrWSB:gLV6BtpmkIlM5LYkO0TKM |
TLSH: | 4914BF5677E94A2FE2DE86B9602211128379C2E3E8C3F7DE28D454F78B267E406071D3 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T.....................`........... ........@.. ..................................................................... |
Icon Hash: | 00828e8e8686b000 |
Entrypoint: | 0x41e792 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x54E927A1 [Sun Feb 22 00:49:37 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v2.0.50727 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1e738 | 0x57 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x22000 | 0x15d70 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x20000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x1c798 | 0x1c800 | False | 0.594503837719 | data | 6.59807178823 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.reloc | 0x20000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0x22000 | 0x15d70 | 0x15e00 | False | 0.999352678571 | data | 7.99767001734 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_RCDATA | 0x22058 | 0x15d18 | TIM image, (20535,52663) |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.318.189.106.4549758107152816718 05/14/22-18:53:45.756170 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49758 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.318.189.106.4549757107152025019 05/14/22-18:53:40.189537 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49757 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.33.132.159.15849794107152816766 05/14/22-18:54:36.688201 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49794 | 10715 | 192.168.2.3 | 3.132.159.158 |
192.168.2.33.141.210.3749806107152816766 05/14/22-18:54:41.730487 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49806 | 10715 | 192.168.2.3 | 3.141.210.37 |
192.168.2.33.141.142.21149848107152816766 05/14/22-18:54:51.648514 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49848 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.318.189.106.4549854107152816766 05/14/22-18:55:01.842670 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49854 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.33.141.210.3749883107152025019 05/14/22-18:55:26.161126 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49883 | 10715 | 192.168.2.3 | 3.141.210.37 |
192.168.2.33.140.223.749740107152025019 05/14/22-18:53:30.583587 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49740 | 10715 | 192.168.2.3 | 3.140.223.7 |
192.168.2.33.141.142.21149765107152025019 05/14/22-18:54:00.755092 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49765 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.33.140.223.749740107152816766 05/14/22-18:53:30.746005 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49740 | 10715 | 192.168.2.3 | 3.140.223.7 |
192.168.2.33.141.210.3749806107152025019 05/14/22-18:54:41.230236 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49806 | 10715 | 192.168.2.3 | 3.141.210.37 |
192.168.2.318.189.106.4549759107152025019 05/14/22-18:53:50.228503 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49759 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.33.141.142.21149756107152816766 05/14/22-18:53:35.773125 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49756 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.33.141.177.149858107152025019 05/14/22-18:55:06.246494 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49858 | 10715 | 192.168.2.3 | 3.141.177.1 |
192.168.2.318.189.106.4549758107152025019 05/14/22-18:53:45.315185 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49758 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.33.141.177.149858107152816766 05/14/22-18:55:06.694095 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49858 | 10715 | 192.168.2.3 | 3.141.177.1 |
192.168.2.318.189.106.4549854107152025019 05/14/22-18:55:01.397157 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49854 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.318.189.106.4549886107152025019 05/14/22-18:55:35.481238 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49886 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.33.141.142.21149770107152025019 05/14/22-18:54:06.080233 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49770 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.33.141.142.21149781107152025019 05/14/22-18:54:15.860094 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49781 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.33.141.210.3749884107152025019 05/14/22-18:55:30.861568 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49884 | 10715 | 192.168.2.3 | 3.141.210.37 |
192.168.2.33.141.142.21149785107152025019 05/14/22-18:54:25.617279 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49785 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.33.141.142.21149836107152816766 05/14/22-18:54:46.608305 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49836 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.318.189.106.4549791107152816766 05/14/22-18:54:31.286610 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49791 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.33.132.159.15849853107152025019 05/14/22-18:54:56.252366 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49853 | 10715 | 192.168.2.3 | 3.132.159.158 |
192.168.2.33.141.142.21149783107152025019 05/14/22-18:54:20.769932 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49783 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.33.132.159.15849874107152025019 05/14/22-18:55:11.701384 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49874 | 10715 | 192.168.2.3 | 3.132.159.158 |
192.168.2.33.141.142.21149756107152025019 05/14/22-18:53:35.332411 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49756 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.318.189.106.4549880107152025019 05/14/22-18:55:16.679672 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49880 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.318.189.106.4549880107152816766 05/14/22-18:55:17.122336 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49880 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.318.189.106.4549882107152025019 05/14/22-18:55:21.440941 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49882 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.33.141.142.21149836107152816718 05/14/22-18:54:46.418129 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49836 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.318.189.106.4549882107152816766 05/14/22-18:55:21.882674 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49882 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.33.141.210.3749776107152025019 05/14/22-18:54:11.046665 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49776 | 10715 | 192.168.2.3 | 3.141.210.37 |
192.168.2.33.141.142.21149765107152816766 05/14/22-18:54:00.902736 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49765 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.33.141.210.3749760107152816766 05/14/22-18:53:55.476894 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49760 | 10715 | 192.168.2.3 | 3.141.210.37 |
192.168.2.33.132.159.15849794107152025019 05/14/22-18:54:36.540422 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49794 | 10715 | 192.168.2.3 | 3.132.159.158 |
192.168.2.33.132.159.15849874107152816766 05/14/22-18:55:12.139699 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49874 | 10715 | 192.168.2.3 | 3.132.159.158 |
192.168.2.318.189.106.4549757107152816766 05/14/22-18:53:40.555893 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49757 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.318.189.106.4549758107152816766 05/14/22-18:53:45.756170 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49758 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.33.141.142.21149785107152816766 05/14/22-18:54:25.912977 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49785 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.33.141.210.3749776107152816766 05/14/22-18:54:11.487905 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49776 | 10715 | 192.168.2.3 | 3.141.210.37 |
192.168.2.318.189.106.4549759107152816766 05/14/22-18:53:50.666342 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49759 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.33.141.142.21149783107152816766 05/14/22-18:54:21.223616 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49783 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.33.141.210.3749760107152025019 05/14/22-18:53:55.034238 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49760 | 10715 | 192.168.2.3 | 3.141.210.37 |
192.168.2.33.132.159.15849853107152816766 05/14/22-18:54:56.699602 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49853 | 10715 | 192.168.2.3 | 3.132.159.158 |
192.168.2.33.141.142.21149781107152816766 05/14/22-18:54:16.302738 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49781 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.33.141.142.21149770107152816766 05/14/22-18:54:06.525535 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49770 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.33.141.210.3749884107152816766 05/14/22-18:55:31.304803 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49884 | 10715 | 192.168.2.3 | 3.141.210.37 |
192.168.2.318.189.106.4549791107152025019 05/14/22-18:54:30.845080 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49791 | 10715 | 192.168.2.3 | 18.189.106.45 |
192.168.2.33.141.142.21149836107152025019 05/14/22-18:54:46.122377 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49836 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.33.141.142.21149848107152025019 05/14/22-18:54:51.048070 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49848 | 10715 | 192.168.2.3 | 3.141.142.211 |
192.168.2.33.141.210.3749883107152816766 05/14/22-18:55:26.602738 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49883 | 10715 | 192.168.2.3 | 3.141.210.37 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 14, 2022 18:53:30.152717113 CEST | 49740 | 10715 | 192.168.2.3 | 3.140.223.7 |
May 14, 2022 18:53:30.300458908 CEST | 10715 | 49740 | 3.140.223.7 | 192.168.2.3 |
May 14, 2022 18:53:30.300592899 CEST | 49740 | 10715 | 192.168.2.3 | 3.140.223.7 |
May 14, 2022 18:53:30.583586931 CEST | 49740 | 10715 | 192.168.2.3 | 3.140.223.7 |
May 14, 2022 18:53:30.731373072 CEST | 10715 | 49740 | 3.140.223.7 | 192.168.2.3 |
May 14, 2022 18:53:30.731479883 CEST | 49740 | 10715 | 192.168.2.3 | 3.140.223.7 |
May 14, 2022 18:53:30.745915890 CEST | 10715 | 49740 | 3.140.223.7 | 192.168.2.3 |
May 14, 2022 18:53:30.746005058 CEST | 49740 | 10715 | 192.168.2.3 | 3.140.223.7 |
May 14, 2022 18:53:30.752690077 CEST | 49740 | 10715 | 192.168.2.3 | 3.140.223.7 |
May 14, 2022 18:53:30.893910885 CEST | 10715 | 49740 | 3.140.223.7 | 192.168.2.3 |
May 14, 2022 18:53:30.894033909 CEST | 49740 | 10715 | 192.168.2.3 | 3.140.223.7 |
May 14, 2022 18:53:35.177712917 CEST | 49756 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:53:35.325093985 CEST | 10715 | 49756 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:53:35.325269938 CEST | 49756 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:53:35.332411051 CEST | 49756 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:53:35.479594946 CEST | 10715 | 49756 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:53:35.480998039 CEST | 49756 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:53:35.628302097 CEST | 10715 | 49756 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:53:35.628876925 CEST | 49756 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:53:35.771130085 CEST | 10715 | 49756 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:53:35.773124933 CEST | 49756 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:53:35.773258924 CEST | 49756 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:53:35.776134968 CEST | 10715 | 49756 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:53:35.776266098 CEST | 49756 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:53:35.920591116 CEST | 10715 | 49756 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:53:35.920778036 CEST | 49756 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:53:40.026853085 CEST | 49757 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:40.174282074 CEST | 10715 | 49757 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:40.174491882 CEST | 49757 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:40.189537048 CEST | 49757 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:40.336873055 CEST | 10715 | 49757 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:40.336997986 CEST | 49757 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:40.484273911 CEST | 10715 | 49757 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:40.555892944 CEST | 49757 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:40.629710913 CEST | 10715 | 49757 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:40.629822016 CEST | 49757 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:40.631099939 CEST | 49757 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:40.703073025 CEST | 10715 | 49757 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:40.703206062 CEST | 49757 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:45.166917086 CEST | 49758 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:45.314317942 CEST | 10715 | 49758 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:45.314440012 CEST | 49758 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:45.315185070 CEST | 49758 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:45.462436914 CEST | 10715 | 49758 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:45.463409901 CEST | 49758 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:45.610654116 CEST | 10715 | 49758 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:45.618048906 CEST | 49758 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:45.755908012 CEST | 10715 | 49758 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:45.756170034 CEST | 49758 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:45.756222963 CEST | 49758 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:45.765223980 CEST | 10715 | 49758 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:45.767869949 CEST | 49758 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:45.903568029 CEST | 10715 | 49758 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:45.905920982 CEST | 49758 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:50.075531006 CEST | 49759 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:50.223118067 CEST | 10715 | 49759 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:50.223277092 CEST | 49759 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:50.228502989 CEST | 49759 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:50.375870943 CEST | 10715 | 49759 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:50.376728058 CEST | 49759 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:50.524233103 CEST | 10715 | 49759 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:50.524324894 CEST | 49759 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:50.664855957 CEST | 10715 | 49759 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:50.666342020 CEST | 49759 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:50.666410923 CEST | 49759 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:50.671622992 CEST | 10715 | 49759 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:50.673928976 CEST | 49759 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:50.813819885 CEST | 10715 | 49759 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:53:50.814275980 CEST | 49759 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:53:54.885710001 CEST | 49760 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:53:55.033107042 CEST | 10715 | 49760 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:53:55.033243895 CEST | 49760 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:53:55.034238100 CEST | 49760 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:53:55.181597948 CEST | 10715 | 49760 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:53:55.181685925 CEST | 49760 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:53:55.329044104 CEST | 10715 | 49760 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:53:55.329144955 CEST | 49760 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:53:55.476773977 CEST | 10715 | 49760 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:53:55.476893902 CEST | 49760 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:53:55.478843927 CEST | 10715 | 49760 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:53:55.478924990 CEST | 49760 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:53:55.479059935 CEST | 49760 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:00.582742929 CEST | 49765 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:00.730499029 CEST | 10715 | 49765 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:00.730712891 CEST | 49765 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:00.755091906 CEST | 49765 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:00.902534008 CEST | 10715 | 49765 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:00.902735949 CEST | 49765 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:01.050062895 CEST | 10715 | 49765 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:01.178420067 CEST | 10715 | 49765 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:01.353086948 CEST | 49765 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:01.642544985 CEST | 49765 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:05.931350946 CEST | 49770 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:06.078870058 CEST | 10715 | 49770 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:06.079674959 CEST | 49770 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:06.080233097 CEST | 49770 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:06.227596998 CEST | 10715 | 49770 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:06.230441093 CEST | 49770 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:06.377821922 CEST | 10715 | 49770 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:06.377979040 CEST | 49770 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:06.525372982 CEST | 10715 | 49770 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:06.525535107 CEST | 49770 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:06.535331964 CEST | 10715 | 49770 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:06.535423994 CEST | 49770 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:06.535541058 CEST | 49770 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:10.898956060 CEST | 49776 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:11.046062946 CEST | 10715 | 49776 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:54:11.046241045 CEST | 49776 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:11.046664953 CEST | 49776 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:11.193499088 CEST | 10715 | 49776 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:54:11.193628073 CEST | 49776 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:11.340677977 CEST | 10715 | 49776 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:54:11.340776920 CEST | 49776 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:11.487726927 CEST | 10715 | 49776 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:54:11.487905025 CEST | 49776 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:11.493426085 CEST | 10715 | 49776 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:54:11.493510008 CEST | 49776 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:11.495717049 CEST | 49776 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:15.711116076 CEST | 49781 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:15.858635902 CEST | 10715 | 49781 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:15.858788013 CEST | 49781 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:15.860094070 CEST | 49781 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:16.007469893 CEST | 10715 | 49781 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:16.007589102 CEST | 49781 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:16.155062914 CEST | 10715 | 49781 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:16.155308008 CEST | 49781 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:16.302632093 CEST | 10715 | 49781 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:16.302737951 CEST | 49781 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:16.319565058 CEST | 10715 | 49781 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:16.319669962 CEST | 49781 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:16.319828033 CEST | 49781 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:20.622067928 CEST | 49783 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:20.769227028 CEST | 10715 | 49783 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:20.769335032 CEST | 49783 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:20.769932032 CEST | 49783 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:20.917064905 CEST | 10715 | 49783 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:20.917179108 CEST | 49783 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:21.064358950 CEST | 10715 | 49783 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:21.064513922 CEST | 49783 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:21.211622000 CEST | 10715 | 49783 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:21.211724997 CEST | 49783 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:21.223522902 CEST | 10715 | 49783 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:21.223615885 CEST | 49783 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:21.223772049 CEST | 49783 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:21.370836973 CEST | 10715 | 49783 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:21.370956898 CEST | 49783 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:25.467544079 CEST | 49785 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:25.616609097 CEST | 10715 | 49785 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:25.616785049 CEST | 49785 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:25.617279053 CEST | 49785 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:25.764616966 CEST | 10715 | 49785 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:25.765403986 CEST | 49785 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:25.912751913 CEST | 10715 | 49785 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:25.912976980 CEST | 49785 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:26.060369015 CEST | 10715 | 49785 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:26.065615892 CEST | 10715 | 49785 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:26.097451925 CEST | 49785 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:30.697204113 CEST | 49791 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:54:30.844441891 CEST | 10715 | 49791 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:54:30.844556093 CEST | 49791 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:54:30.845079899 CEST | 49791 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:54:30.992130995 CEST | 10715 | 49791 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:54:30.992218018 CEST | 49791 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:54:31.139259100 CEST | 10715 | 49791 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:54:31.139334917 CEST | 49791 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:54:31.286462069 CEST | 10715 | 49791 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:54:31.286609888 CEST | 49791 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:54:31.291202068 CEST | 10715 | 49791 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:54:31.291393042 CEST | 49791 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:54:31.291455030 CEST | 49791 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:54:36.061460972 CEST | 49794 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:36.209315062 CEST | 10715 | 49794 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:54:36.209502935 CEST | 49794 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:36.540421963 CEST | 49794 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:36.688072920 CEST | 10715 | 49794 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:54:36.688200951 CEST | 49794 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:36.712532997 CEST | 10715 | 49794 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:54:36.712613106 CEST | 49794 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:36.712791920 CEST | 49794 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:41.082503080 CEST | 49806 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:41.229604006 CEST | 10715 | 49806 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:54:41.229779959 CEST | 49806 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:41.230236053 CEST | 49806 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:41.377199888 CEST | 10715 | 49806 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:54:41.377445936 CEST | 49806 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:41.524523973 CEST | 10715 | 49806 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:54:41.524694920 CEST | 49806 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:41.671823025 CEST | 10715 | 49806 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:54:41.671910048 CEST | 49806 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:41.730402946 CEST | 10715 | 49806 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:54:41.730487108 CEST | 49806 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:41.730675936 CEST | 49806 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:41.818886995 CEST | 10715 | 49806 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:54:41.818958998 CEST | 49806 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:41.877537012 CEST | 10715 | 49806 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:54:41.877680063 CEST | 49806 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:54:45.974740028 CEST | 49836 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:46.121725082 CEST | 10715 | 49836 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:46.121865988 CEST | 49836 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:46.122376919 CEST | 49836 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:46.269231081 CEST | 10715 | 49836 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:46.269344091 CEST | 49836 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:46.416407108 CEST | 10715 | 49836 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:46.418128967 CEST | 49836 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:46.565009117 CEST | 10715 | 49836 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:46.565114975 CEST | 49836 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:46.608200073 CEST | 10715 | 49836 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:46.608304977 CEST | 49836 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:46.608442068 CEST | 49836 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:46.713560104 CEST | 10715 | 49836 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:46.713654041 CEST | 49836 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:46.755424023 CEST | 10715 | 49836 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:46.755498886 CEST | 49836 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:50.898606062 CEST | 49848 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:51.047024965 CEST | 10715 | 49848 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:51.047182083 CEST | 49848 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:51.048069954 CEST | 49848 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:51.195002079 CEST | 10715 | 49848 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:51.198203087 CEST | 49848 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:51.345225096 CEST | 10715 | 49848 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:51.345316887 CEST | 49848 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:51.492129087 CEST | 10715 | 49848 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:51.492222071 CEST | 49848 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:51.639094114 CEST | 10715 | 49848 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:51.648514032 CEST | 49848 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:51.656124115 CEST | 10715 | 49848 | 3.141.142.211 | 192.168.2.3 |
May 14, 2022 18:54:51.656233072 CEST | 49848 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:51.668348074 CEST | 49848 | 10715 | 192.168.2.3 | 3.141.142.211 |
May 14, 2022 18:54:56.103430986 CEST | 49853 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:56.251785994 CEST | 10715 | 49853 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:54:56.251897097 CEST | 49853 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:56.252366066 CEST | 49853 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:56.400321960 CEST | 10715 | 49853 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:54:56.403075933 CEST | 49853 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:56.551284075 CEST | 10715 | 49853 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:54:56.551388979 CEST | 49853 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:56.699465990 CEST | 10715 | 49853 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:54:56.699601889 CEST | 49853 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:56.755795002 CEST | 10715 | 49853 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:54:56.755976915 CEST | 49853 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:56.756295919 CEST | 49853 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:54:56.847762108 CEST | 10715 | 49853 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:54:56.848031044 CEST | 49853 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:55:01.244637012 CEST | 49854 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:01.392872095 CEST | 10715 | 49854 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:01.396615028 CEST | 49854 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:01.397156954 CEST | 49854 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:01.545783043 CEST | 10715 | 49854 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:01.545939922 CEST | 49854 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:01.693589926 CEST | 10715 | 49854 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:01.693676949 CEST | 49854 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:01.841094017 CEST | 10715 | 49854 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:01.842669964 CEST | 49854 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:01.844084024 CEST | 10715 | 49854 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:01.844280005 CEST | 49854 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:01.844364882 CEST | 49854 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:06.098848104 CEST | 49858 | 10715 | 192.168.2.3 | 3.141.177.1 |
May 14, 2022 18:55:06.245791912 CEST | 10715 | 49858 | 3.141.177.1 | 192.168.2.3 |
May 14, 2022 18:55:06.245884895 CEST | 49858 | 10715 | 192.168.2.3 | 3.141.177.1 |
May 14, 2022 18:55:06.246494055 CEST | 49858 | 10715 | 192.168.2.3 | 3.141.177.1 |
May 14, 2022 18:55:06.393498898 CEST | 10715 | 49858 | 3.141.177.1 | 192.168.2.3 |
May 14, 2022 18:55:06.393634081 CEST | 49858 | 10715 | 192.168.2.3 | 3.141.177.1 |
May 14, 2022 18:55:06.540652037 CEST | 10715 | 49858 | 3.141.177.1 | 192.168.2.3 |
May 14, 2022 18:55:06.546610117 CEST | 49858 | 10715 | 192.168.2.3 | 3.141.177.1 |
May 14, 2022 18:55:06.694014072 CEST | 10715 | 49858 | 3.141.177.1 | 192.168.2.3 |
May 14, 2022 18:55:06.694094896 CEST | 49858 | 10715 | 192.168.2.3 | 3.141.177.1 |
May 14, 2022 18:55:06.702502012 CEST | 10715 | 49858 | 3.141.177.1 | 192.168.2.3 |
May 14, 2022 18:55:06.702673912 CEST | 49858 | 10715 | 192.168.2.3 | 3.141.177.1 |
May 14, 2022 18:55:06.703289986 CEST | 49858 | 10715 | 192.168.2.3 | 3.141.177.1 |
May 14, 2022 18:55:11.545707941 CEST | 49874 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:55:11.693553925 CEST | 10715 | 49874 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:55:11.693734884 CEST | 49874 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:55:11.701384068 CEST | 49874 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:55:11.849076986 CEST | 10715 | 49874 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:55:11.849241972 CEST | 49874 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:55:11.998168945 CEST | 10715 | 49874 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:55:11.998286963 CEST | 49874 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:55:12.139589071 CEST | 10715 | 49874 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:55:12.139698982 CEST | 49874 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:55:12.146002054 CEST | 10715 | 49874 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:55:12.153951883 CEST | 49874 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:55:12.287432909 CEST | 10715 | 49874 | 3.132.159.158 | 192.168.2.3 |
May 14, 2022 18:55:12.287574053 CEST | 49874 | 10715 | 192.168.2.3 | 3.132.159.158 |
May 14, 2022 18:55:16.531578064 CEST | 49880 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:16.678880930 CEST | 10715 | 49880 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:16.679081917 CEST | 49880 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:16.679672003 CEST | 49880 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:16.826948881 CEST | 10715 | 49880 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:16.827029943 CEST | 49880 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:16.974143982 CEST | 10715 | 49880 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:16.974239111 CEST | 49880 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:17.121455908 CEST | 10715 | 49880 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:17.122335911 CEST | 49880 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:17.189387083 CEST | 10715 | 49880 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:17.189476967 CEST | 49880 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:17.189632893 CEST | 49880 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:17.269768953 CEST | 10715 | 49880 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:17.269932985 CEST | 49880 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:21.292902946 CEST | 49882 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:21.440340996 CEST | 10715 | 49882 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:21.440438032 CEST | 49882 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:21.440941095 CEST | 49882 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:21.587969065 CEST | 10715 | 49882 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:21.588053942 CEST | 49882 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:21.735147953 CEST | 10715 | 49882 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:21.735349894 CEST | 49882 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:21.882435083 CEST | 10715 | 49882 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:21.882673979 CEST | 49882 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:21.925446987 CEST | 10715 | 49882 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:21.925698996 CEST | 49882 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:21.926047087 CEST | 49882 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:22.029849052 CEST | 10715 | 49882 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:22.029949903 CEST | 49882 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:26.013304949 CEST | 49883 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:26.160527945 CEST | 10715 | 49883 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:55:26.160655975 CEST | 49883 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:26.161125898 CEST | 49883 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:26.308079004 CEST | 10715 | 49883 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:55:26.308171034 CEST | 49883 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:26.455347061 CEST | 10715 | 49883 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:55:26.455454111 CEST | 49883 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:26.602622032 CEST | 10715 | 49883 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:55:26.602737904 CEST | 49883 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:26.629316092 CEST | 10715 | 49883 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:55:26.629520893 CEST | 49883 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:26.629789114 CEST | 49883 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:30.713726997 CEST | 49884 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:30.860913038 CEST | 10715 | 49884 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:55:30.861057043 CEST | 49884 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:30.861567974 CEST | 49884 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:31.010256052 CEST | 10715 | 49884 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:55:31.010420084 CEST | 49884 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:31.157593012 CEST | 10715 | 49884 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:55:31.157706976 CEST | 49884 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:31.304733038 CEST | 10715 | 49884 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:55:31.304802895 CEST | 49884 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:31.308790922 CEST | 10715 | 49884 | 3.141.210.37 | 192.168.2.3 |
May 14, 2022 18:55:31.308907032 CEST | 49884 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:31.309072971 CEST | 49884 | 10715 | 192.168.2.3 | 3.141.210.37 |
May 14, 2022 18:55:35.333070993 CEST | 49886 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:35.480417013 CEST | 10715 | 49886 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:35.480741978 CEST | 49886 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:35.481237888 CEST | 49886 | 10715 | 192.168.2.3 | 18.189.106.45 |
May 14, 2022 18:55:35.628556967 CEST | 10715 | 49886 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:35.924148083 CEST | 10715 | 49886 | 18.189.106.45 | 192.168.2.3 |
May 14, 2022 18:55:35.924930096 CEST | 49886 | 10715 | 192.168.2.3 | 18.189.106.45 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 14, 2022 18:53:30.123356104 CEST | 57421 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:53:30.139904022 CEST | 53 | 57421 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:53:35.043431997 CEST | 65358 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:53:35.062048912 CEST | 53 | 65358 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:53:39.983046055 CEST | 49873 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:53:40.001665115 CEST | 53 | 49873 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:53:45.130386114 CEST | 53802 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:53:45.148720980 CEST | 53 | 53802 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:53:50.055612087 CEST | 65266 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:53:50.074321032 CEST | 53 | 65266 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:53:54.865468025 CEST | 63332 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:53:54.884104013 CEST | 53 | 63332 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:54:00.538901091 CEST | 51391 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:54:00.557221889 CEST | 53 | 51391 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:54:05.910094976 CEST | 52985 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:54:05.930022001 CEST | 53 | 52985 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:54:10.878411055 CEST | 50778 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:54:10.896574020 CEST | 53 | 50778 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:54:15.692712069 CEST | 59390 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:54:15.709459066 CEST | 53 | 59390 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:54:20.602340937 CEST | 64996 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:54:20.620956898 CEST | 53 | 64996 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:54:25.447983980 CEST | 52096 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:54:25.466384888 CEST | 53 | 52096 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:54:30.676806927 CEST | 49844 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:54:30.695350885 CEST | 53 | 49844 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:54:36.010186911 CEST | 49723 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:54:36.031011105 CEST | 53 | 49723 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:54:41.064217091 CEST | 61877 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:54:41.080579042 CEST | 53 | 61877 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:54:45.954760075 CEST | 61555 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:54:45.973352909 CEST | 53 | 61555 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:54:50.838273048 CEST | 51557 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:54:50.856714964 CEST | 53 | 51557 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:54:56.082479000 CEST | 52487 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:54:56.100958109 CEST | 53 | 52487 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:55:01.203088045 CEST | 51994 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:55:01.223702908 CEST | 53 | 51994 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:55:06.072969913 CEST | 58950 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:55:06.091731071 CEST | 53 | 58950 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:55:11.520415068 CEST | 53883 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:55:11.539225101 CEST | 53 | 53883 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:55:16.511949062 CEST | 59065 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:55:16.530073881 CEST | 53 | 59065 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:55:21.275295019 CEST | 64589 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:55:21.291465998 CEST | 53 | 64589 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:55:25.990437984 CEST | 64934 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:55:26.008608103 CEST | 53 | 64934 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:55:30.696547031 CEST | 55795 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:55:30.712841988 CEST | 53 | 55795 | 8.8.8.8 | 192.168.2.3 |
May 14, 2022 18:55:35.315671921 CEST | 55269 | 53 | 192.168.2.3 | 8.8.8.8 |
May 14, 2022 18:55:35.332572937 CEST | 53 | 55269 | 8.8.8.8 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 14, 2022 18:53:30.123356104 CEST | 192.168.2.3 | 8.8.8.8 | 0xbdbb | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:53:35.043431997 CEST | 192.168.2.3 | 8.8.8.8 | 0x8498 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:53:39.983046055 CEST | 192.168.2.3 | 8.8.8.8 | 0xbd83 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:53:45.130386114 CEST | 192.168.2.3 | 8.8.8.8 | 0x78a9 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:53:50.055612087 CEST | 192.168.2.3 | 8.8.8.8 | 0x8955 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:53:54.865468025 CEST | 192.168.2.3 | 8.8.8.8 | 0xb083 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:54:00.538901091 CEST | 192.168.2.3 | 8.8.8.8 | 0xbc15 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:54:05.910094976 CEST | 192.168.2.3 | 8.8.8.8 | 0x5516 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:54:10.878411055 CEST | 192.168.2.3 | 8.8.8.8 | 0xf614 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:54:15.692712069 CEST | 192.168.2.3 | 8.8.8.8 | 0x4c7f | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:54:20.602340937 CEST | 192.168.2.3 | 8.8.8.8 | 0xd61f | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:54:25.447983980 CEST | 192.168.2.3 | 8.8.8.8 | 0x6a3e | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:54:30.676806927 CEST | 192.168.2.3 | 8.8.8.8 | 0xec3b | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:54:36.010186911 CEST | 192.168.2.3 | 8.8.8.8 | 0xe2ac | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:54:41.064217091 CEST | 192.168.2.3 | 8.8.8.8 | 0x4a9c | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:54:45.954760075 CEST | 192.168.2.3 | 8.8.8.8 | 0xab74 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:54:50.838273048 CEST | 192.168.2.3 | 8.8.8.8 | 0xf6e8 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:54:56.082479000 CEST | 192.168.2.3 | 8.8.8.8 | 0x64f0 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:55:01.203088045 CEST | 192.168.2.3 | 8.8.8.8 | 0xebf4 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:55:06.072969913 CEST | 192.168.2.3 | 8.8.8.8 | 0x67d5 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:55:11.520415068 CEST | 192.168.2.3 | 8.8.8.8 | 0x9d90 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:55:16.511949062 CEST | 192.168.2.3 | 8.8.8.8 | 0x4a6 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:55:21.275295019 CEST | 192.168.2.3 | 8.8.8.8 | 0xcd3e | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:55:25.990437984 CEST | 192.168.2.3 | 8.8.8.8 | 0xaee9 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:55:30.696547031 CEST | 192.168.2.3 | 8.8.8.8 | 0x371a | Standard query (0) | A (IP address) | IN (0x0001) | |
May 14, 2022 18:55:35.315671921 CEST | 192.168.2.3 | 8.8.8.8 | 0x6b7d | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 14, 2022 18:53:30.139904022 CEST | 8.8.8.8 | 192.168.2.3 | 0xbdbb | No error (0) | 3.140.223.7 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:53:35.062048912 CEST | 8.8.8.8 | 192.168.2.3 | 0x8498 | No error (0) | 3.141.142.211 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:53:40.001665115 CEST | 8.8.8.8 | 192.168.2.3 | 0xbd83 | No error (0) | 18.189.106.45 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:53:45.148720980 CEST | 8.8.8.8 | 192.168.2.3 | 0x78a9 | No error (0) | 18.189.106.45 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:53:50.074321032 CEST | 8.8.8.8 | 192.168.2.3 | 0x8955 | No error (0) | 18.189.106.45 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:53:54.884104013 CEST | 8.8.8.8 | 192.168.2.3 | 0xb083 | No error (0) | 3.141.210.37 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:54:00.557221889 CEST | 8.8.8.8 | 192.168.2.3 | 0xbc15 | No error (0) | 3.141.142.211 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:54:05.930022001 CEST | 8.8.8.8 | 192.168.2.3 | 0x5516 | No error (0) | 3.141.142.211 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:54:10.896574020 CEST | 8.8.8.8 | 192.168.2.3 | 0xf614 | No error (0) | 3.141.210.37 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:54:15.709459066 CEST | 8.8.8.8 | 192.168.2.3 | 0x4c7f | No error (0) | 3.141.142.211 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:54:20.620956898 CEST | 8.8.8.8 | 192.168.2.3 | 0xd61f | No error (0) | 3.141.142.211 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:54:25.466384888 CEST | 8.8.8.8 | 192.168.2.3 | 0x6a3e | No error (0) | 3.141.142.211 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:54:30.695350885 CEST | 8.8.8.8 | 192.168.2.3 | 0xec3b | No error (0) | 18.189.106.45 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:54:36.031011105 CEST | 8.8.8.8 | 192.168.2.3 | 0xe2ac | No error (0) | 3.132.159.158 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:54:41.080579042 CEST | 8.8.8.8 | 192.168.2.3 | 0x4a9c | No error (0) | 3.141.210.37 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:54:45.973352909 CEST | 8.8.8.8 | 192.168.2.3 | 0xab74 | No error (0) | 3.141.142.211 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:54:50.856714964 CEST | 8.8.8.8 | 192.168.2.3 | 0xf6e8 | No error (0) | 3.141.142.211 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:54:56.100958109 CEST | 8.8.8.8 | 192.168.2.3 | 0x64f0 | No error (0) | 3.132.159.158 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:55:01.223702908 CEST | 8.8.8.8 | 192.168.2.3 | 0xebf4 | No error (0) | 18.189.106.45 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:55:06.091731071 CEST | 8.8.8.8 | 192.168.2.3 | 0x67d5 | No error (0) | 3.141.177.1 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:55:11.539225101 CEST | 8.8.8.8 | 192.168.2.3 | 0x9d90 | No error (0) | 3.132.159.158 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:55:16.530073881 CEST | 8.8.8.8 | 192.168.2.3 | 0x4a6 | No error (0) | 18.189.106.45 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:55:21.291465998 CEST | 8.8.8.8 | 192.168.2.3 | 0xcd3e | No error (0) | 18.189.106.45 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:55:26.008608103 CEST | 8.8.8.8 | 192.168.2.3 | 0xaee9 | No error (0) | 3.141.210.37 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:55:30.712841988 CEST | 8.8.8.8 | 192.168.2.3 | 0x371a | No error (0) | 3.141.210.37 | A (IP address) | IN (0x0001) | ||
May 14, 2022 18:55:35.332572937 CEST | 8.8.8.8 | 192.168.2.3 | 0x6b7d | No error (0) | 18.189.106.45 | A (IP address) | IN (0x0001) |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 18:53:25 |
Start date: | 14/05/2022 |
Path: | C:\Users\user\Desktop\1DA2BAEDB633FD4884FCE89A2D9D8630C2E7AF359FE75.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x300000 |
File size: | 207360 bytes |
MD5 hash: | 7564920DF8FDAC8A30144D4297173194 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 4 |
Start time: | 18:53:37 |
Start date: | 14/05/2022 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa30000 |
File size: | 207360 bytes |
MD5 hash: | 7564920DF8FDAC8A30144D4297173194 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Analysis Process: 1DA2BAEDB633FD4884FCE89A2D9D8630C2E7AF359FE75.exePID: 6948, Parent PID: 6012COMMON
Function 00A45B00 Relevance: 5.4, Strings: 4, Instructions: 379COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 21.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 57 |
Total number of Limit Nodes: | 6 |
Graph
Function 05223850 Relevance: .8, Instructions: 760COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052223A0 Relevance: .5, Instructions: 505COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05222FA8 Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFAB2D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFAF50 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFB7CA Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFA51F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFBB4F Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFBE05 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFB71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFA75B Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFA8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFA546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFB746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFAF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFBB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFA78A Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFB806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFA8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AFBE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052220D0 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05220BC0 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05222D58 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052205BA Relevance: 1.3, Strings: 1, Instructions: 50COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052205C8 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052212A0 Relevance: .5, Instructions: 460COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052209A5 Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052202E8 Relevance: .2, Instructions: 172COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05220682 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05221458 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052202DA Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05221292 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05220006 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05222C58 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052221E8 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052225DE Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05224190 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA087C Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA084C Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052211DF Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05221209 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA05CF Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05221218 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA0821 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05220918 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05224180 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05220908 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA0938 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA05F6 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052202A1 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05222D20 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0522016F Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05220650 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AF23F4 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AF23BC Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05220180 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05222EC0 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05220660 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A3524A Relevance: .6, Instructions: 585COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0522306F Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |