Windows
Analysis Report
Roqwnrsun.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Roqwnrsun.exe (PID: 1020 cmdline:
C:\Users\u ser\Deskto p\Roqwnrsu n.exe MD5: 1D261C332666240F0713F05E3B92DE0D) - powershell.exe (PID: 6100 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" -ENC cwB0A GEAcgB0AC0 AcwBsAGUAZ QBwACAALQB zAGUAYwBvA G4AZABzACA AMgAwAA== MD5: DBA3E6449E97D4E3DF64527EF7012A10) - conhost.exe (PID: 6076 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - MSBuild.exe (PID: 4024 cmdline:
C:\Windows \Microsoft .NET\Frame work\v4.0. 30319\MSBu ild.exe MD5: D621FD77BD585874F9686D3A76462EF1)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Click to see the 8 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth (Nextron Systems) |
| |
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security |
Timestamp: | 162.159.130.233192.168.2.3443497002022640 02/07/23-18:31:24.294252 |
SID: | 2022640 |
Source Port: | 443 |
Destination Port: | 49700 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.3132.226.247.7349703802039190 02/07/23-18:31:57.442136 |
SID: | 2039190 |
Source Port: | 49703 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 162.159.130.233192.168.2.3443497002017962 02/07/23-18:31:24.294252 |
SID: | 2017962 |
Source Port: | 443 |
Destination Port: | 49700 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 12_2_053725F8 | |
Source: | Code function: | 12_2_05DBF418 |
Networking |
---|
Source: | File source: |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_02AB4238 | |
Source: | Code function: | 0_2_02AB2400 | |
Source: | Code function: | 0_2_02AB1172 | |
Source: | Code function: | 0_2_02AB1F40 | |
Source: | Code function: | 0_2_02AB2002 | |
Source: | Code function: | 0_2_02AB18E3 | |
Source: | Code function: | 0_2_02AB1878 | |
Source: | Code function: | 0_2_02AB196C | |
Source: | Code function: | 0_2_06B53278 | |
Source: | Code function: | 0_2_06B5D8C4 | |
Source: | Code function: | 0_2_06B90ED8 | |
Source: | Code function: | 0_2_06B968F1 | |
Source: | Code function: | 12_2_00EF29F3 | |
Source: | Code function: | 12_2_00EFF2C0 | |
Source: | Code function: | 12_2_00EF9A20 | |
Source: | Code function: | 12_2_00EF9430 | |
Source: | Code function: | 12_2_00EFDEE0 | |
Source: | Code function: | 12_2_00EF38E8 | |
Source: | Code function: | 12_2_00EF38D8 | |
Source: | Code function: | 12_2_00EF9A13 | |
Source: | Code function: | 12_2_00EF9420 | |
Source: | Code function: | 12_2_00EF3ED7 | |
Source: | Code function: | 12_2_053725F8 | |
Source: | Code function: | 12_2_053725E8 | |
Source: | Code function: | 12_2_05376780 | |
Source: | Code function: | 12_2_05DB19A0 | |
Source: | Code function: | 12_2_05DBEBB0 | |
Source: | Code function: | 12_2_05DBE330 | |
Source: | Code function: | 12_2_05DB7AF8 | |
Source: | Code function: | 12_2_05DB2618 | |
Source: | Code function: | 12_2_05DB1DAC | |
Source: | Code function: | 12_2_05DB1978 | |
Source: | Code function: | 12_2_05DB9098 | |
Source: | Code function: | 12_2_05DB1BC1 | |
Source: | Code function: | 12_2_05DB178C | |
Source: | Code function: | 12_2_05DB1B1E | |
Source: | Code function: | 12_2_05DB7AE3 | |
Source: | Code function: | 12_2_05DB66E6 | |
Source: | Code function: | 12_2_05DC1968 | |
Source: | Code function: | 12_2_05DC1110 | |
Source: | Code function: | 12_2_05DC0040 | |
Source: | Code function: | 12_2_05DC33E8 | |
Source: | Code function: | 12_2_05DC1958 | |
Source: | Code function: | 12_2_05DC10E8 | |
Source: | Code function: | 12_2_05DC5C1C | |
Source: | Code function: | 12_2_05DC6F60 | |
Source: | Code function: | 12_2_05DC6F30 | |
Source: | Code function: | 12_2_05DFE5B8 | |
Source: | Code function: | 12_2_05DFA011 | |
Source: | Code function: | 12_2_05DF7314 | |
Source: | Code function: | 12_2_05DF8360 | |
Source: | Code function: | 12_2_05DF5B28 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Static file information: | |||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: |
Source: | Code function: | 0_2_02ABFBA9 | |
Source: | Code function: | 0_2_06B59762 | |
Source: | Code function: | 0_2_06B5D573 | |
Source: | Code function: | 0_2_06B5D583 | |
Source: | Code function: | 0_2_06B5C82F | |
Source: | Code function: | 12_2_00EFC9FF | |
Source: | Code function: | 12_2_00EF7462 | |
Source: | Code function: | 12_2_00EF6DE8 | |
Source: | Code function: | 12_2_05DC21CD |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Key value created or modified: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 11 Registry Run Keys / Startup Folder | 311 Process Injection | 1 Disable or Modify Tools | 2 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 11 Registry Run Keys / Startup Folder | 11 Deobfuscate/Decode Files or Information | LSASS Memory | 13 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | Exfiltration Over Bluetooth | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 11 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 21 Software Packing | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 13 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Masquerading | LSA Secrets | 21 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 21 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 311 Process Injection | DCSync | 1 Remote System Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 1 System Network Configuration Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | ReversingLabs | Win32.Trojan.Woreflint | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
26% | ReversingLabs | Win32.Trojan.Woreflint |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/ATRAPS.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cdn.discordapp.com | 162.159.130.233 | true | false | high | |
checkip.dyndns.com | 132.226.247.73 | true | true | unknown | |
checkip.dyndns.org | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.159.130.233 | cdn.discordapp.com | United States | 13335 | CLOUDFLARENETUS | false | |
132.226.247.73 | checkip.dyndns.com | United States | 16989 | UTMEMUS | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 800709 |
Start date and time: | 2023-02-07 18:30:25 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 13s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | Roqwnrsun.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@6/7@3/3 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.211.4.90, 209.197.3.8
- Excluded domains from analysis (whitelisted): fs.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu-bg-shim.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: Roqwnrsun.exe
Time | Type | Description |
---|---|---|
18:31:22 | API Interceptor | |
18:31:30 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
162.159.130.233 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
cdn.discordapp.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Users\user\Desktop\Roqwnrsun.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1476 |
Entropy (8bit): | 5.363352874313625 |
Encrypted: | false |
SSDEEP: | 24:ML9E4Ks2wKDE4KhK3VZ9pKhwE4BKIE4oKFKHKoZAE4Kzr7UE4KdE4KBLWE4Ks:MxHKXwYHKhQnowHBtHoxHhAHKzvUHKdn |
MD5: | C3FB06CD3D168BE14FE3E521130B9D12 |
SHA1: | 57894248590FB01DDFA2041DD20759156F765948 |
SHA-256: | AC10A0553135ECCF30E8B3127C0C30B956038E5CE2FAD95B5916DD3708FBDA32 |
SHA-512: | D23917C715937C88A60B4002BCAC6E03214BEEFBBA87E53AAD482B5E84D953BE2C854F098063CCCA1741A8A40865F62E73259EA113BE7CC555FDA8299FCC0D5B |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5829 |
Entropy (8bit): | 4.8968676994158 |
Encrypted: | false |
SSDEEP: | 96:WCJ2Woe5o2k6Lm5emmXIGvgyg12jDs+un/iQLEYFjDaeWJ6KGcmXx9smyFRLcU6f:5xoe5oVsm5emd0gkjDt4iWN3yBGHh9s6 |
MD5: | 36DE9155D6C265A1DE62A448F3B5B66E |
SHA1: | 02D21946CBDD01860A0DE38D7EEC6CDE3A964FC3 |
SHA-256: | 8BA38D55AA8F1E4F959E7223FDF653ABB9BE5B8B5DE9D116604E1ABB371C1C87 |
SHA-512: | C734ADE161FB89472B1DF9B9F062F4A53E7010D3FF99EDC0BD564540A56BC35743625C50A00635C31D165A74DCDBB330FFB878C5919D7B267F6F33D2AAB328E7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16460 |
Entropy (8bit): | 5.5559997954038085 |
Encrypted: | false |
SSDEEP: | 384:nte/1TzdH1SS1TC7nBSjn4ju1RiJ9gCSJ3uzp18Yv:MES1+zBo4S11Ccutv |
MD5: | AC0F39AEF4ABDD421F9EE1762849D33B |
SHA1: | 7920C5517E675B34C5973F9ADBC46B693A8086BD |
SHA-256: | 7EDF014DAE3538D3E674D7A0769F7CE7F6D60F7EE3297B33963D79F8B5F3D8A9 |
SHA-512: | D57063AEF543902B2F296DDAA5CD5817EE52A3F016E4756444FF2B910DBED036A046201252B49C20C60D55AE43D965FD5D217AC7A0AE69F2E8D7C17B0CC53F91 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Roqwnrsun.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6656 |
Entropy (8bit): | 4.627314818643665 |
Encrypted: | false |
SSDEEP: | 96:JpG2OqkYgoVnGMDr0hZt2UJKtEk+Mx9JbFnU:1OfoVG5h1Kz+MrQ |
MD5: | 1D261C332666240F0713F05E3B92DE0D |
SHA1: | 7F95EA4FBB56C5286D9016A4BCD156BA0425F814 |
SHA-256: | DFA4B25BB9A1534192D30DC3F10ACD6A72C21A36BFAECAE14C5D7A22DFF88FD5 |
SHA-512: | 1853CB78443C92E27A14F958D3A2F790B477F170868A6C25FBE5946A71CB4A5E41C129F949AF7320BF87A6F1EF0BA396A94AE183D534572C9956CF2D7DACD0D6 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nnnnn\nnnnn.exe:Zone.Identifier
Download File
Process: | C:\Users\user\Desktop\Roqwnrsun.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 4.627314818643665 |
TrID: |
|
File name: | Roqwnrsun.exe |
File size: | 6656 |
MD5: | 1d261c332666240f0713f05e3b92de0d |
SHA1: | 7f95ea4fbb56c5286d9016a4bcd156ba0425f814 |
SHA256: | dfa4b25bb9a1534192d30dc3f10acd6a72c21a36bfaecae14c5d7a22dff88fd5 |
SHA512: | 1853cb78443c92e27a14f958d3a2f790b477f170868a6c25fbe5946a71cb4a5e41c129f949af7320bf87a6f1ef0ba396a94ae183d534572c9956cf2d7dacd0d6 |
SSDEEP: | 96:JpG2OqkYgoVnGMDr0hZt2UJKtEk+Mx9JbFnU:1OfoVG5h1Kz+MrQ |
TLSH: | D7D1B721A3998733ED764BFA98B363830338E7809D63CF5D58C4521F6C02B694F61BA0 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3.c............................N/... ...@....@.. ....................................`................................ |
Icon Hash: | 00828e8e8686b000 |
Entrypoint: | 0x402f4e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x63E233DC [Tue Feb 7 11:19:56 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2f04 | 0x4a | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4000 | 0x528 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xf54 | 0x1000 | False | 0.56689453125 | data | 5.3590882274556675 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x4000 | 0x528 | 0x600 | False | 0.3912760416666667 | data | 3.7761268130161816 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x6000 | 0xc | 0x200 | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x405c | 0x2dc | data | ||
RT_MANIFEST | 0x4374 | 0x1b4 | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
162.159.130.233192.168.2.3443497002022640 02/07/23-18:31:24.294252 | TCP | 2022640 | ET TROJAN PE EXE or DLL Windows file download Text M2 | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
192.168.2.3132.226.247.7349703802039190 02/07/23-18:31:57.442136 | TCP | 2039190 | ET TROJAN 404/Snake/Matiex Keylogger Style External IP Check | 49703 | 80 | 192.168.2.3 | 132.226.247.73 |
162.159.130.233192.168.2.3443497002017962 02/07/23-18:31:24.294252 | TCP | 2017962 | ET TROJAN PE EXE or DLL Windows file download disguised as ASCII | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 7, 2023 18:31:20.688244104 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.688311100 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.688489914 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.688791990 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.688813925 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.758440018 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.762222052 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.763124943 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.763166904 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.766772032 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.766803026 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.766918898 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.766944885 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.766990900 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.767009020 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.767235041 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.767260075 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.767363071 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.767386913 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.767574072 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.767599106 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.767687082 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.767714024 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.767901897 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.767920971 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.869976997 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.870095968 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.870280027 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.870414019 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.870443106 CET | 443 | 49699 | 204.79.197.200 | 192.168.2.3 |
Feb 7, 2023 18:31:20.870459080 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:20.870526075 CET | 49699 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:31:23.601237059 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:23.601295948 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:23.601392984 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:23.639513969 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:23.639579058 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:23.698740959 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:23.698944092 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:23.711602926 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:23.711630106 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:23.712198973 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:23.758083105 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.244970083 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.245013952 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.294044971 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.294210911 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.294259071 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.294302940 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.294313908 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.294342041 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.294364929 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.294450045 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.294509888 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.294523954 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.298019886 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.298125982 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.298209906 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.298218012 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.298268080 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.298310041 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.298355103 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.298423052 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.298432112 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.298456907 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.298523903 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.299168110 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.299309015 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.299391031 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.299392939 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.299417973 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.299514055 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.299936056 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.300093889 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.300174952 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.300182104 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.300219059 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.300301075 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.300724030 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.300868988 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.300944090 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.300968885 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.301628113 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.301718950 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.301744938 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.301784039 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.301856995 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.301877975 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.311939001 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.312016010 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.312069893 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.312076092 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.312103033 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.312124968 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.312391996 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.312443018 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.312446117 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.312463045 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.312506914 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.312519073 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.313287973 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.313344955 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.313354969 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.313369036 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.313416958 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.313426971 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.315491915 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.315607071 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.315623045 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.315670967 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.316442966 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.316517115 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.316557884 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.316570997 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.316589117 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.316633940 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.317404985 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.317506075 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.318186998 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.318269014 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.318845987 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.318922997 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.319644928 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.319772005 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.320476055 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.320590019 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.321372986 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.321455002 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.321468115 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.321486950 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.321515083 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.322179079 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.322324038 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.322344065 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.322401047 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.329685926 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.329844952 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.330029964 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.330029964 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.330071926 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.330135107 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.330461025 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.330557108 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.331343889 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.331448078 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.331455946 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.331486940 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.331553936 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.332314968 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.332514048 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.332549095 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.332614899 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.333089113 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.333182096 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.333189011 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.333213091 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.333271027 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.333271027 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.334116936 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.334233999 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.334958076 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.335047007 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.335093021 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.335176945 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.335779905 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.335881948 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.336587906 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.336684942 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.336688995 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.336725950 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.336755037 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.336786985 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.337529898 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.337621927 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.337658882 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.337681055 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.337704897 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.337730885 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.338409901 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.338506937 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.338964939 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.339040041 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.339078903 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.339122057 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.339159012 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.339737892 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.339793921 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.339818001 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.339833975 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.339900970 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.340560913 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.340626955 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.340641975 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.340657949 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.340692043 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.341391087 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.341458082 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.341471910 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.341486931 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.341519117 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.342428923 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.342490911 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.342514038 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.342533112 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.342556953 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.342556953 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.343300104 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.343364000 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.343386889 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.343410015 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.343445063 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.343487978 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.344981909 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.345020056 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.345089912 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.345109940 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.345136881 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.345161915 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.347709894 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.347810030 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.347819090 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.347851992 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.347881079 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.348612070 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.348684072 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.348705053 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.348774910 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.349720955 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.349756002 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.349818945 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.349838018 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.349867105 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.349885941 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.350545883 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.350668907 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.350682020 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.350720882 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.350759029 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.352229118 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.352264881 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.352322102 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.352341890 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.352375031 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.354053974 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.354109049 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.354168892 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.354196072 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.354219913 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.354954004 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.354983091 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.355055094 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.355079889 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.355103016 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.356132984 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.356163025 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.356215954 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.356240988 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.356264114 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.357831955 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.357917070 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.362190962 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.362219095 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.362313986 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.362518072 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.362533092 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.362555027 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.362572908 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.362634897 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.362653017 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.362710953 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.362816095 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.363776922 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.363797903 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.363903046 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.364053965 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.364067078 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.364183903 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.364443064 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.364480019 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.364533901 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.364552975 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.364582062 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.364612103 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.365025997 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.365153074 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.365356922 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.365389109 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.365453005 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.365475893 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.365499973 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.365526915 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.365781069 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.366394997 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.366422892 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.366485119 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.366503000 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.366529942 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.366564989 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.366589069 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.366616011 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.366677046 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.366712093 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.366744041 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.366774082 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.367765903 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.367796898 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.367865086 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.367894888 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.367918015 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.367918968 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.367945910 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.367954016 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.367973089 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.367974043 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.368024111 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.368046045 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.368814945 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.368875980 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.368901014 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.368922949 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.368957043 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.368974924 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.369685888 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.369714975 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.369771957 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.369795084 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.369817972 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.369854927 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.370524883 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.370557070 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.370613098 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.370634079 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.370656967 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.370683908 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.370755911 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.370785952 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.370831966 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.370846987 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.370874882 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.370901108 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.371682882 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.371714115 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.371764898 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.371793032 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.371817112 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.371840954 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.372538090 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.372580051 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.372638941 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.372659922 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.372687101 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.372710943 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.373193026 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.373233080 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.373280048 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.373297930 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.373332024 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.373351097 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.373353958 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.373377085 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.373413086 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.373416901 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.373440027 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.373455048 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.373482943 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.373507023 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.374243021 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.374272108 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.374367952 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.374387980 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.374469042 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.374469042 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.375076056 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.375114918 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.375184059 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.375202894 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.375228882 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.375252008 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.375922918 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.375935078 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.376025915 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.376035929 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.376064062 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.376087904 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.376100063 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.376112938 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.376136065 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.376148939 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.376198053 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.376225948 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.376820087 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.376857042 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.376940012 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.376962900 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.376990080 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.377024889 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.377473116 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.377516031 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.377587080 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.377608061 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.377635956 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.377667904 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.378181934 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.378232956 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.378289938 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.378318071 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.378364086 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.378365040 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.378397942 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.378411055 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.378439903 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.378452063 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.378473043 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.378485918 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.378532887 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.378554106 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.379067898 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.379106998 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.379175901 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.379194975 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.379221916 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.379245996 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.379476070 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.379513979 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.379565001 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.379579067 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.379616976 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.379631042 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.380408049 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.380445957 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.380515099 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.380530119 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.380551100 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.380567074 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.380580902 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.380592108 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.380604982 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.380625963 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.380666018 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.381548882 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.381586075 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.381670952 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.381685972 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.381709099 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.381747007 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.381748915 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.381769896 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.381788969 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.381818056 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.381849051 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.382392883 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.382426023 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.382509947 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.382524967 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.382565975 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.382606030 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.382607937 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.382627010 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.382661104 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.382680893 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.382716894 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.383378029 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.383414030 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.383497000 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.383512020 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.383533001 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.383609056 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.383678913 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.383713961 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.383780003 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.383793116 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.383831978 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.383846998 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.384169102 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.384202957 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.384253025 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.384267092 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.384299040 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.384345055 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.384449005 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.384485006 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.384531975 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.384546995 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.384579897 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.384599924 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.385135889 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.385180950 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.385242939 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.385257959 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.385299921 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.385320902 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.385354042 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.385401011 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.385428905 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.385453939 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.385482073 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.385503054 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.385951996 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.385983944 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.386051893 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.386066914 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.386106968 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.386122942 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.386226892 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.386257887 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.386305094 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.386322021 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.386354923 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.386377096 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.386583090 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.386626005 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.386703014 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.386718988 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.386746883 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.386796951 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.387761116 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.387799025 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.387867928 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.387877941 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.387896061 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.387916088 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.387929916 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.387948990 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.387990952 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.388008118 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.388039112 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.388057947 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.388065100 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.388081074 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.388098001 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.388143063 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.389041901 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.389071941 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.389147997 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.389163017 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.389180899 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.389204025 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.389313936 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.389337063 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.389389038 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.389400005 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.389432907 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.389462948 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.390065908 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.390109062 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.390187025 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.390198946 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.390232086 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.390255928 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.390340090 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.390362978 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.390410900 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.390422106 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.390461922 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.390492916 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.390767097 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.390790939 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.390851021 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.390861988 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.390897036 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.390928984 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.391149998 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.391174078 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.391227007 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.391238928 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.391268969 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.391290903 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.391530991 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.391554117 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.391624928 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.391638041 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.391680002 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.391705990 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.391887903 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.391910076 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.391971111 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.391983032 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.392014027 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.392043114 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.392430067 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.392453909 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.392505884 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.392518997 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.392554998 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.392577887 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.393033028 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.393058062 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.393134117 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.393148899 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.393199921 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.393342018 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.393366098 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.393415928 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.393429041 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.393464088 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.393604994 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.393651962 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.393678904 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.393737078 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.393748999 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.393830061 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.394110918 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.394135952 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.394229889 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.394246101 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.394320011 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.394391060 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.394419909 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.394504070 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.394516945 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.394566059 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.394619942 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.394881964 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.394911051 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.395008087 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.395024061 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.395097971 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.395330906 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.395354033 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.395441055 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.395456076 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.395525932 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.395540953 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.395562887 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.395647049 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.395658016 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.395735979 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.395797014 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.395807981 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.395828962 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.395881891 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.395891905 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.395962000 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.396020889 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.396059990 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.396090984 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.396177053 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.396188974 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.396274090 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.396275043 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.396289110 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.396339893 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.396349907 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.396411896 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.396424055 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.396517992 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.396519899 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.396533966 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.396576881 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.396614075 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.396636963 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.396709919 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.396780014 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.396847963 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.396869898 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.396971941 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.396985054 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.397067070 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.397078991 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.397095919 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.397109985 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.397154093 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.397237062 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.397279024 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.397300959 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.397389889 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.397402048 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.397485971 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.397533894 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.397566080 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.397656918 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.397670984 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.397802114 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.397954941 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.397994041 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.398077965 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.398092985 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.398158073 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.398168087 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.398185968 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.398221016 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.398260117 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.398272991 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.398305893 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.398351908 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.398365974 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.398416996 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.398437023 CET | 443 | 49700 | 162.159.130.233 | 192.168.2.3 |
Feb 7, 2023 18:31:24.398569107 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.399245977 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:24.403510094 CET | 49700 | 443 | 192.168.2.3 | 162.159.130.233 |
Feb 7, 2023 18:31:57.207214117 CET | 49703 | 80 | 192.168.2.3 | 132.226.247.73 |
Feb 7, 2023 18:31:57.422785997 CET | 80 | 49703 | 132.226.247.73 | 192.168.2.3 |
Feb 7, 2023 18:31:57.422926903 CET | 49703 | 80 | 192.168.2.3 | 132.226.247.73 |
Feb 7, 2023 18:31:57.442136049 CET | 49703 | 80 | 192.168.2.3 | 132.226.247.73 |
Feb 7, 2023 18:31:57.657741070 CET | 80 | 49703 | 132.226.247.73 | 192.168.2.3 |
Feb 7, 2023 18:31:57.658673048 CET | 80 | 49703 | 132.226.247.73 | 192.168.2.3 |
Feb 7, 2023 18:31:57.854597092 CET | 49703 | 80 | 192.168.2.3 | 132.226.247.73 |
Feb 7, 2023 18:32:00.183896065 CET | 80 | 49726 | 34.104.35.123 | 192.168.2.3 |
Feb 7, 2023 18:32:00.184065104 CET | 49726 | 80 | 192.168.2.3 | 34.104.35.123 |
Feb 7, 2023 18:32:06.431859970 CET | 80 | 49685 | 93.184.220.29 | 192.168.2.3 |
Feb 7, 2023 18:32:06.435113907 CET | 49685 | 80 | 192.168.2.3 | 93.184.220.29 |
Feb 7, 2023 18:32:06.552017927 CET | 80 | 49684 | 93.184.220.29 | 192.168.2.3 |
Feb 7, 2023 18:32:06.552154064 CET | 49684 | 80 | 192.168.2.3 | 93.184.220.29 |
Feb 7, 2023 18:32:07.503336906 CET | 80 | 49690 | 93.184.220.29 | 192.168.2.3 |
Feb 7, 2023 18:32:07.504076958 CET | 49690 | 80 | 192.168.2.3 | 93.184.220.29 |
Feb 7, 2023 18:32:08.312602043 CET | 49690 | 80 | 192.168.2.3 | 93.184.220.29 |
Feb 7, 2023 18:32:10.065851927 CET | 80 | 49693 | 41.63.96.128 | 192.168.2.3 |
Feb 7, 2023 18:32:10.066246986 CET | 49693 | 80 | 192.168.2.3 | 41.63.96.128 |
Feb 7, 2023 18:32:10.316276073 CET | 49692 | 443 | 192.168.2.3 | 23.211.5.146 |
Feb 7, 2023 18:32:10.316471100 CET | 49694 | 80 | 192.168.2.3 | 93.184.220.29 |
Feb 7, 2023 18:32:10.317054033 CET | 49693 | 80 | 192.168.2.3 | 41.63.96.128 |
Feb 7, 2023 18:32:10.358292103 CET | 80 | 49695 | 41.63.96.128 | 192.168.2.3 |
Feb 7, 2023 18:32:10.358521938 CET | 49695 | 80 | 192.168.2.3 | 41.63.96.128 |
Feb 7, 2023 18:32:10.358521938 CET | 49695 | 80 | 192.168.2.3 | 41.63.96.128 |
Feb 7, 2023 18:32:10.381222010 CET | 80 | 49695 | 41.63.96.128 | 192.168.2.3 |
Feb 7, 2023 18:32:10.448283911 CET | 49696 | 80 | 192.168.2.3 | 173.222.108.226 |
Feb 7, 2023 18:32:10.460344076 CET | 80 | 49696 | 173.222.108.226 | 192.168.2.3 |
Feb 7, 2023 18:32:10.460432053 CET | 49696 | 80 | 192.168.2.3 | 173.222.108.226 |
Feb 7, 2023 18:32:10.517575026 CET | 80 | 49697 | 41.63.96.128 | 192.168.2.3 |
Feb 7, 2023 18:32:10.517895937 CET | 49697 | 80 | 192.168.2.3 | 41.63.96.128 |
Feb 7, 2023 18:32:10.517896891 CET | 49697 | 80 | 192.168.2.3 | 41.63.96.128 |
Feb 7, 2023 18:32:10.540433884 CET | 80 | 49697 | 41.63.96.128 | 192.168.2.3 |
Feb 7, 2023 18:32:23.632813931 CET | 80 | 49693 | 8.238.190.126 | 192.168.2.3 |
Feb 7, 2023 18:32:23.632925034 CET | 49693 | 80 | 192.168.2.3 | 8.238.190.126 |
Feb 7, 2023 18:33:02.658854008 CET | 80 | 49703 | 132.226.247.73 | 192.168.2.3 |
Feb 7, 2023 18:33:02.659029007 CET | 49703 | 80 | 192.168.2.3 | 132.226.247.73 |
Feb 7, 2023 18:33:02.813287020 CET | 49674 | 443 | 192.168.2.3 | 20.190.159.4 |
Feb 7, 2023 18:33:02.985263109 CET | 49675 | 443 | 192.168.2.3 | 20.190.159.4 |
Feb 7, 2023 18:33:02.985265970 CET | 49676 | 443 | 192.168.2.3 | 20.190.159.4 |
Feb 7, 2023 18:33:06.149127007 CET | 443 | 49683 | 13.107.5.88 | 192.168.2.3 |
Feb 7, 2023 18:33:06.809211016 CET | 443 | 49681 | 13.107.42.16 | 192.168.2.3 |
Feb 7, 2023 18:33:07.188716888 CET | 49688 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:33:07.188725948 CET | 49686 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:33:07.188762903 CET | 49687 | 443 | 192.168.2.3 | 204.79.197.200 |
Feb 7, 2023 18:33:07.878842115 CET | 80 | 49685 | 93.184.220.29 | 192.168.2.3 |
Feb 7, 2023 18:33:07.879017115 CET | 49685 | 80 | 192.168.2.3 | 93.184.220.29 |
Feb 7, 2023 18:33:07.991882086 CET | 80 | 49684 | 93.184.220.29 | 192.168.2.3 |
Feb 7, 2023 18:33:07.992083073 CET | 49684 | 80 | 192.168.2.3 | 93.184.220.29 |
Feb 7, 2023 18:33:08.300565004 CET | 443 | 49682 | 13.107.5.88 | 192.168.2.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 7, 2023 18:31:23.553014994 CET | 58921 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 7, 2023 18:31:23.575284004 CET | 53 | 58921 | 8.8.8.8 | 192.168.2.3 |
Feb 7, 2023 18:31:56.600816965 CET | 49977 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 7, 2023 18:31:56.620296001 CET | 53 | 49977 | 8.8.8.8 | 192.168.2.3 |
Feb 7, 2023 18:31:56.634592056 CET | 57840 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 7, 2023 18:31:56.653799057 CET | 53 | 57840 | 8.8.8.8 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Feb 7, 2023 18:31:23.553014994 CET | 192.168.2.3 | 8.8.8.8 | 0xfdd0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:31:56.600816965 CET | 192.168.2.3 | 8.8.8.8 | 0x9cf2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:31:56.634592056 CET | 192.168.2.3 | 8.8.8.8 | 0xea71 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Feb 7, 2023 18:31:23.575284004 CET | 8.8.8.8 | 192.168.2.3 | 0xfdd0 | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:23.575284004 CET | 8.8.8.8 | 192.168.2.3 | 0xfdd0 | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:23.575284004 CET | 8.8.8.8 | 192.168.2.3 | 0xfdd0 | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:23.575284004 CET | 8.8.8.8 | 192.168.2.3 | 0xfdd0 | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:23.575284004 CET | 8.8.8.8 | 192.168.2.3 | 0xfdd0 | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:56.620296001 CET | 8.8.8.8 | 192.168.2.3 | 0x9cf2 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:56.620296001 CET | 8.8.8.8 | 192.168.2.3 | 0x9cf2 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:56.620296001 CET | 8.8.8.8 | 192.168.2.3 | 0x9cf2 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:56.620296001 CET | 8.8.8.8 | 192.168.2.3 | 0x9cf2 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:56.620296001 CET | 8.8.8.8 | 192.168.2.3 | 0x9cf2 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:56.620296001 CET | 8.8.8.8 | 192.168.2.3 | 0x9cf2 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:56.653799057 CET | 8.8.8.8 | 192.168.2.3 | 0xea71 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:56.653799057 CET | 8.8.8.8 | 192.168.2.3 | 0xea71 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:56.653799057 CET | 8.8.8.8 | 192.168.2.3 | 0xea71 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:56.653799057 CET | 8.8.8.8 | 192.168.2.3 | 0xea71 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:56.653799057 CET | 8.8.8.8 | 192.168.2.3 | 0xea71 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:31:56.653799057 CET | 8.8.8.8 | 192.168.2.3 | 0xea71 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49700 | 162.159.130.233 | 443 | C:\Users\user\Desktop\Roqwnrsun.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49703 | 132.226.247.73 | 80 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 7, 2023 18:31:57.442136049 CET | 1684 | OUT | |
Feb 7, 2023 18:31:57.658673048 CET | 1685 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49700 | 162.159.130.233 | 443 | C:\Users\user\Desktop\Roqwnrsun.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-02-07 17:31:24 UTC | 0 | OUT | |
2023-02-07 17:31:24 UTC | 0 | IN | |
2023-02-07 17:31:24 UTC | 1 | IN | |
2023-02-07 17:31:24 UTC | 1 | IN | |
2023-02-07 17:31:24 UTC | 3 | IN | |
2023-02-07 17:31:24 UTC | 4 | IN | |
2023-02-07 17:31:24 UTC | 5 | IN | |
2023-02-07 17:31:24 UTC | 7 | IN | |
2023-02-07 17:31:24 UTC | 8 | IN | |
2023-02-07 17:31:24 UTC | 9 | IN | |
2023-02-07 17:31:24 UTC | 11 | IN | |
2023-02-07 17:31:24 UTC | 12 | IN | |
2023-02-07 17:31:24 UTC | 13 | IN | |
2023-02-07 17:31:24 UTC | 15 | IN | |
2023-02-07 17:31:24 UTC | 16 | IN | |
2023-02-07 17:31:24 UTC | 17 | IN | |
2023-02-07 17:31:24 UTC | 19 | IN | |
2023-02-07 17:31:24 UTC | 20 | IN | |
2023-02-07 17:31:24 UTC | 21 | IN | |
2023-02-07 17:31:24 UTC | 23 | IN | |
2023-02-07 17:31:24 UTC | 24 | IN | |
2023-02-07 17:31:24 UTC | 25 | IN | |
2023-02-07 17:31:24 UTC | 27 | IN | |
2023-02-07 17:31:24 UTC | 28 | IN | |
2023-02-07 17:31:24 UTC | 29 | IN | |
2023-02-07 17:31:24 UTC | 31 | IN | |
2023-02-07 17:31:24 UTC | 32 | IN | |
2023-02-07 17:31:24 UTC | 33 | IN | |
2023-02-07 17:31:24 UTC | 35 | IN | |
2023-02-07 17:31:24 UTC | 36 | IN | |
2023-02-07 17:31:24 UTC | 37 | IN | |
2023-02-07 17:31:24 UTC | 39 | IN | |
2023-02-07 17:31:24 UTC | 40 | IN | |
2023-02-07 17:31:24 UTC | 41 | IN | |
2023-02-07 17:31:24 UTC | 43 | IN | |
2023-02-07 17:31:24 UTC | 44 | IN | |
2023-02-07 17:31:24 UTC | 45 | IN | |
2023-02-07 17:31:24 UTC | 47 | IN | |
2023-02-07 17:31:24 UTC | 48 | IN | |
2023-02-07 17:31:24 UTC | 49 | IN | |
2023-02-07 17:31:24 UTC | 51 | IN | |
2023-02-07 17:31:24 UTC | 52 | IN | |
2023-02-07 17:31:24 UTC | 53 | IN | |
2023-02-07 17:31:24 UTC | 57 | IN | |
2023-02-07 17:31:24 UTC | 61 | IN | |
2023-02-07 17:31:24 UTC | 65 | IN | |
2023-02-07 17:31:24 UTC | 69 | IN | |
2023-02-07 17:31:24 UTC | 73 | IN | |
2023-02-07 17:31:24 UTC | 78 | IN | |
2023-02-07 17:31:24 UTC | 82 | IN | |
2023-02-07 17:31:24 UTC | 86 | IN | |
2023-02-07 17:31:24 UTC | 90 | IN | |
2023-02-07 17:31:24 UTC | 94 | IN | |
2023-02-07 17:31:24 UTC | 97 | IN | |
2023-02-07 17:31:24 UTC | 101 | IN | |
2023-02-07 17:31:24 UTC | 105 | IN | |
2023-02-07 17:31:24 UTC | 110 | IN | |
2023-02-07 17:31:24 UTC | 114 | IN | |
2023-02-07 17:31:24 UTC | 118 | IN | |
2023-02-07 17:31:24 UTC | 122 | IN | |
2023-02-07 17:31:24 UTC | 126 | IN | |
2023-02-07 17:31:24 UTC | 129 | IN | |
2023-02-07 17:31:24 UTC | 133 | IN | |
2023-02-07 17:31:24 UTC | 137 | IN | |
2023-02-07 17:31:24 UTC | 142 | IN | |
2023-02-07 17:31:24 UTC | 146 | IN | |
2023-02-07 17:31:24 UTC | 150 | IN | |
2023-02-07 17:31:24 UTC | 154 | IN | |
2023-02-07 17:31:24 UTC | 158 | IN | |
2023-02-07 17:31:24 UTC | 161 | IN | |
2023-02-07 17:31:24 UTC | 165 | IN | |
2023-02-07 17:31:24 UTC | 169 | IN | |
2023-02-07 17:31:24 UTC | 174 | IN | |
2023-02-07 17:31:24 UTC | 178 | IN | |
2023-02-07 17:31:24 UTC | 182 | IN | |
2023-02-07 17:31:24 UTC | 186 | IN | |
2023-02-07 17:31:24 UTC | 190 | IN | |
2023-02-07 17:31:24 UTC | 193 | IN | |
2023-02-07 17:31:24 UTC | 197 | IN | |
2023-02-07 17:31:24 UTC | 201 | IN | |
2023-02-07 17:31:24 UTC | 206 | IN | |
2023-02-07 17:31:24 UTC | 208 | IN | |
2023-02-07 17:31:24 UTC | 212 | IN | |
2023-02-07 17:31:24 UTC | 228 | IN | |
2023-02-07 17:31:24 UTC | 240 | IN | |
2023-02-07 17:31:24 UTC | 244 | IN | |
2023-02-07 17:31:24 UTC | 260 | IN | |
2023-02-07 17:31:24 UTC | 272 | IN | |
2023-02-07 17:31:24 UTC | 288 | IN | |
2023-02-07 17:31:24 UTC | 304 | IN | |
2023-02-07 17:31:24 UTC | 320 | IN | |
2023-02-07 17:31:24 UTC | 336 | IN | |
2023-02-07 17:31:24 UTC | 352 | IN | |
2023-02-07 17:31:24 UTC | 368 | IN | |
2023-02-07 17:31:24 UTC | 384 | IN | |
2023-02-07 17:31:24 UTC | 400 | IN | |
2023-02-07 17:31:24 UTC | 416 | IN | |
2023-02-07 17:31:24 UTC | 432 | IN | |
2023-02-07 17:31:24 UTC | 448 | IN | |
2023-02-07 17:31:24 UTC | 464 | IN | |
2023-02-07 17:31:24 UTC | 480 | IN | |
2023-02-07 17:31:24 UTC | 496 | IN | |
2023-02-07 17:31:24 UTC | 512 | IN | |
2023-02-07 17:31:24 UTC | 528 | IN | |
2023-02-07 17:31:24 UTC | 544 | IN | |
2023-02-07 17:31:24 UTC | 560 | IN | |
2023-02-07 17:31:24 UTC | 576 | IN | |
2023-02-07 17:31:24 UTC | 592 | IN | |
2023-02-07 17:31:24 UTC | 608 | IN | |
2023-02-07 17:31:24 UTC | 624 | IN | |
2023-02-07 17:31:24 UTC | 640 | IN | |
2023-02-07 17:31:24 UTC | 656 | IN | |
2023-02-07 17:31:24 UTC | 672 | IN | |
2023-02-07 17:31:24 UTC | 688 | IN | |
2023-02-07 17:31:24 UTC | 704 | IN | |
2023-02-07 17:31:24 UTC | 720 | IN | |
2023-02-07 17:31:24 UTC | 736 | IN | |
2023-02-07 17:31:24 UTC | 752 | IN | |
2023-02-07 17:31:24 UTC | 768 | IN | |
2023-02-07 17:31:24 UTC | 784 | IN | |
2023-02-07 17:31:24 UTC | 800 | IN | |
2023-02-07 17:31:24 UTC | 816 | IN | |
2023-02-07 17:31:24 UTC | 832 | IN | |
2023-02-07 17:31:24 UTC | 843 | IN | |
2023-02-07 17:31:24 UTC | 859 | IN | |
2023-02-07 17:31:24 UTC | 875 | IN | |
2023-02-07 17:31:24 UTC | 891 | IN | |
2023-02-07 17:31:24 UTC | 907 | IN | |
2023-02-07 17:31:24 UTC | 923 | IN | |
2023-02-07 17:31:24 UTC | 939 | IN | |
2023-02-07 17:31:24 UTC | 955 | IN | |
2023-02-07 17:31:24 UTC | 971 | IN | |
2023-02-07 17:31:24 UTC | 987 | IN | |
2023-02-07 17:31:24 UTC | 1003 | IN | |
2023-02-07 17:31:24 UTC | 1019 | IN | |
2023-02-07 17:31:24 UTC | 1035 | IN | |
2023-02-07 17:31:24 UTC | 1051 | IN | |
2023-02-07 17:31:24 UTC | 1067 | IN | |
2023-02-07 17:31:24 UTC | 1083 | IN | |
2023-02-07 17:31:24 UTC | 1099 | IN | |
2023-02-07 17:31:24 UTC | 1115 | IN | |
2023-02-07 17:31:24 UTC | 1131 | IN | |
2023-02-07 17:31:24 UTC | 1147 | IN | |
2023-02-07 17:31:24 UTC | 1163 | IN | |
2023-02-07 17:31:24 UTC | 1179 | IN | |
2023-02-07 17:31:24 UTC | 1195 | IN | |
2023-02-07 17:31:24 UTC | 1211 | IN | |
2023-02-07 17:31:24 UTC | 1227 | IN | |
2023-02-07 17:31:24 UTC | 1243 | IN | |
2023-02-07 17:31:24 UTC | 1259 | IN | |
2023-02-07 17:31:24 UTC | 1275 | IN | |
2023-02-07 17:31:24 UTC | 1291 | IN | |
2023-02-07 17:31:24 UTC | 1307 | IN | |
2023-02-07 17:31:24 UTC | 1323 | IN | |
2023-02-07 17:31:24 UTC | 1339 | IN | |
2023-02-07 17:31:24 UTC | 1355 | IN | |
2023-02-07 17:31:24 UTC | 1371 | IN | |
2023-02-07 17:31:24 UTC | 1387 | IN | |
2023-02-07 17:31:24 UTC | 1403 | IN | |
2023-02-07 17:31:24 UTC | 1419 | IN | |
2023-02-07 17:31:24 UTC | 1435 | IN | |
2023-02-07 17:31:24 UTC | 1451 | IN | |
2023-02-07 17:31:24 UTC | 1467 | IN | |
2023-02-07 17:31:24 UTC | 1483 | IN | |
2023-02-07 17:31:24 UTC | 1499 | IN | |
2023-02-07 17:31:24 UTC | 1515 | IN | |
2023-02-07 17:31:24 UTC | 1531 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 18:31:22 |
Start date: | 07/02/2023 |
Path: | C:\Users\user\Desktop\Roqwnrsun.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9e0000 |
File size: | 6656 bytes |
MD5 hash: | 1D261C332666240F0713F05E3B92DE0D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 1 |
Start time: | 18:31:27 |
Start date: | 07/02/2023 |
Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 430592 bytes |
MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
Target ID: | 2 |
Start time: | 18:31:27 |
Start date: | 07/02/2023 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff745070000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 12 |
Start time: | 18:31:53 |
Start date: | 07/02/2023 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x570000 |
File size: | 261728 bytes |
MD5 hash: | D621FD77BD585874F9686D3A76462EF1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | high |
Execution Graph
Execution Coverage: | 13.4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 3.4% |
Total number of Nodes: | 87 |
Total number of Limit Nodes: | 4 |
Graph
Function 06B90ED8 Relevance: 2.0, Strings: 1, Instructions: 729COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AB4238 Relevance: 1.6, Strings: 1, Instructions: 336COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AB2400 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B968F1 Relevance: .9, Instructions: 887COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B53278 Relevance: .6, Instructions: 611COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AB1F40 Relevance: .2, Instructions: 248COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AB1172 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B97E23 Relevance: 10.7, APIs: 7, Instructions: 184COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B97E38 Relevance: 10.7, APIs: 7, Instructions: 175COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B93A48 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B93A50 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B96819 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B96820 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B96171 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ABEBB9 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ABE909 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ABE918 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B96178 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B95FE8 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B95FF0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B56B08 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B53CA8 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B53C98 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B59090 Relevance: .5, Instructions: 522COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B51850 Relevance: .4, Instructions: 359COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5CC20 Relevance: .3, Instructions: 318COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B50941 Relevance: .3, Instructions: 301COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B55D40 Relevance: .3, Instructions: 271COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B55570 Relevance: .2, Instructions: 238COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5B848 Relevance: .2, Instructions: 226COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5B030 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5C9CA Relevance: .2, Instructions: 208COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B51EB9 Relevance: .2, Instructions: 194COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5B3B0 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B58680 Relevance: .2, Instructions: 168COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B558E0 Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B57710 Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B59080 Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5DEE0 Relevance: .2, Instructions: 154COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B51AA0 Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B52CD0 Relevance: .1, Instructions: 139COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B52EC1 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B51841 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B52ED0 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B59E18 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B57701 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B50491 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B504A0 Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5760E Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B50839 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B50848 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B56FC6 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B56350 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B56340 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5E110 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5D490 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B56160 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B50188 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5B8BF Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B51338 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5A09C Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5CC0F Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5D4A0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B52C08 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B59E08 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B53C40 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5A04F Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B59DC0 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5A060 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5AFEA Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B58C00 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B58C10 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B57590 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5AFF0 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B59EF5 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B501E8 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5583F Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5199A Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B59880 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5E1C8 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B56140 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5A890 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AB18E3 Relevance: .3, Instructions: 314COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AB1878 Relevance: .3, Instructions: 257COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B5D8C4 Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AB196C Relevance: .2, Instructions: 216COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AB2002 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B98157 Relevance: 10.7, APIs: 7, Instructions: 151COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B981B0 Relevance: 10.6, APIs: 7, Instructions: 146COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B981A0 Relevance: 10.6, APIs: 7, Instructions: 142COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06B98400 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 11.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 179 |
Total number of Limit Nodes: | 15 |
Graph
Function 00EF29F3 Relevance: 41.7, Strings: 33, Instructions: 479COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFDEE0 Relevance: 8.9, Strings: 7, Instructions: 158COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB2618 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC33E8 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB19A0 Relevance: 2.8, Strings: 2, Instructions: 260COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB1978 Relevance: 2.7, Strings: 2, Instructions: 239COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB1B1E Relevance: 2.7, Strings: 2, Instructions: 178COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB1BC1 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB1DAC Relevance: 2.7, Strings: 2, Instructions: 176COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFF2C0 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF9A20 Relevance: 2.3, Strings: 1, Instructions: 1014COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DFE5B8 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF9430 Relevance: 1.7, Strings: 1, Instructions: 460COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC1968 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC1958 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB178C Relevance: 1.4, Strings: 1, Instructions: 101COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC10E8 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC1110 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC0040 Relevance: .2, Instructions: 181COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF9420 Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB7AE3 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB7AF8 Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBF418 Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBE330 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBEBB0 Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFAB3B Relevance: 6.4, Strings: 5, Instructions: 102COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFB778 Relevance: 6.3, Strings: 5, Instructions: 90COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFB788 Relevance: 6.3, Strings: 5, Instructions: 85COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DF0839 Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DF0848 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC33D8 Relevance: 3.9, Strings: 3, Instructions: 152COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB6202 Relevance: 2.6, Strings: 2, Instructions: 100COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB6238 Relevance: 2.6, Strings: 2, Instructions: 77COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF0468 Relevance: 2.5, Strings: 2, Instructions: 48COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC4093 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC4458 Relevance: 2.5, Strings: 2, Instructions: 35COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF0E5C Relevance: 2.5, Strings: 2, Instructions: 29COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DF9C20 Relevance: 1.7, APIs: 1, Instructions: 223COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DF7C69 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DF9D38 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DF7414 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DF0A69 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DF0A70 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DF80D9 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DF7188 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DF7E58 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DFD4E8 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DFE398 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC2A92 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC2B24 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC5282 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF2670 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DCA188 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC5FAD Relevance: 1.3, Strings: 1, Instructions: 29COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF0869 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF35EC Relevance: 1.3, Strings: 1, Instructions: 13COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB4E90 Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB5350 Relevance: .2, Instructions: 212COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF3BA0 Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC7C9D Relevance: .2, Instructions: 157COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF3B90 Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC7ECE Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFDA00 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC0890 Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC08B8 Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB45B8 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC0007 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBC0B8 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBD1D8 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB10E0 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0537E598 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFBE58 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C7D404 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF269D Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E9D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBC948 Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB45A8 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB1108 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E9D005 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFACE8 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C7D3FF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB845D Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DCA550 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB1B55 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB4E00 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB5C00 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB4DF0 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFC314 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB5B68 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC665B Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFB914 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFBD0D Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF5817 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFC144 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF26E3 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB4548 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF292A Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFACA0 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFBF81 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFEBF0 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFBDF0 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFBD67 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB4558 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB00AC Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC6A5F Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB5BF0 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC27F6 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFB8D0 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF99C8 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFC2CB Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFBDA7 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC70E9 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFC100 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF7CDE Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC4708 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB7330 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC4DE3 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DCA500 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DCF8D0 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF3832 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFD9B0 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFC2D8 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFE798 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFF750 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DC4718 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFE830 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFFA38 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF26B6 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF3383 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFE4C8 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF3440 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFBD78 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB7340 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DCBA30 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFB8E0 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF99D8 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFC110 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFACF8 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFACB0 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFE5E8 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFBDB8 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFE558 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF37BC Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF2778 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB101D Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF288C Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF37AE Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DCBA78 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF38AB Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFAB00 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF6381 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF3355 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EF0448 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053725F8 Relevance: 35.9, Strings: 28, Instructions: 905COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053725E8 Relevance: 5.2, Strings: 4, Instructions: 243COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB63C9 Relevance: 6.4, Strings: 5, Instructions: 121COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFAEF8 Relevance: 5.1, Strings: 4, Instructions: 116COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB6A3C Relevance: 5.1, Strings: 4, Instructions: 113COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFAEE8 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFB498 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFAD90 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |