Analysis Report SecuriteInfo.com.Variant.Razy.845229.13077.24263
Overview
General Information
Sample Name: | SecuriteInfo.com.Variant.Razy.845229.13077.24263 (renamed file extension from 24263 to exe) |
Analysis ID: | 356594 |
MD5: | 532e58083cf5638b05f617fcbbb5d63b |
SHA1: | 98058e52de678575ff2327d129a58313af4a3fc0 |
SHA256: | 75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511 |
Tags: | GuLoader |
Most interesting Screenshot: |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Sigma detected: Scheduled temp file as task from temp location | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Compliance: |
---|
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Uses new MSVCR Dlls | Show sources |
Source: | File opened: | Jump to behavior |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
System Summary: |
---|
Source: | Process Stats: |
Source: | Code function: | 0_2_00402BF2 | |
Source: | Code function: | 31_2_02A201C8 | |
Source: | Code function: | 34_2_00D001C8 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00407E24 | |
Source: | Code function: | 0_2_00407A9C | |
Source: | Code function: | 0_2_00405763 | |
Source: | Code function: | 0_2_00405DF1 |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules | Show sources |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Detected RDTSC dummy instruction sequence (likely for instruction hammering) | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scheduled Task/Job1 | Scheduled Task/Job1 | Process Injection11 | Masquerading2 | OS Credential Dumping | Security Software Discovery41 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | DLL Side-Loading1 | Scheduled Task/Job1 | Virtualization/Sandbox Evasion23 | LSASS Memory | Virtualization/Sandbox Evasion23 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | DLL Side-Loading1 | Disable or Modify Tools1 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection11 | NTDS | Remote System Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol12 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Hidden Files and Directories1 | LSA Secrets | System Information Discovery22 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | DLL Side-Loading1 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
33% | Virustotal | Browse | ||
36% | ReversingLabs | Win32.Trojan.Razy | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
12% | Virustotal | Browse | ||
1% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
15% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
mtspsmjeli.sch.id | 103.150.60.242 | true | true |
| unknown |
ghsgatvxbznmklopwagdhusvxbznxgtewuahjkop.ydns.eu | 10.2.118.40 | true | false |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356594 |
Start date: | 23.02.2021 |
Start time: | 11:52:47 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | SecuriteInfo.com.Variant.Razy.845229.13077.24263 (renamed file extension from 24263 to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 36 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.evad.winEXE@13/9@7/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
11:57:31 | Autostart | |
11:57:32 | Task Scheduler | |
11:57:33 | API Interceptor | |
11:57:34 | Task Scheduler |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
103.150.60.242 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
mtspsmjeli.sch.id | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
PC24NET-AS-IDPTPC24TelekomunikasiIndonesiaID | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53248 |
Entropy (8bit): | 4.490095782293901 |
Encrypted: | false |
SSDEEP: | 768:0P2Bbv+VazyoD2z9TU//1mz1+M9GnLEu+2wTFRJS8Ulg:HJv46yoD2BTNz1+M9GLfOw8UO |
MD5: | 529695608EAFBED00ACA9E61EF333A7C |
SHA1: | 68CA8B6D8E74FA4F4EE603EB862E36F2A73BC1E5 |
SHA-256: | 44F129DE312409D8A2DF55F655695E1D48D0DB6F20C5C7803EB0032D8E6B53D0 |
SHA-512: | 8FE476E0185B2B0C66F34E51899B932CB35600C753D36FE102BDA5894CDAA58410044E0A30FDBEF76A285C2C75018D7C5A9BA0763D45EC605C2BBD1EBB9ED674 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20 |
Entropy (8bit): | 3.6841837197791887 |
Encrypted: | false |
SSDEEP: | 3:QHXMKas:Q3Las |
MD5: | B3AC9D09E3A47D5FD00C37E075A70ECB |
SHA1: | AD14E6D0E07B00BD10D77A06D68841B20675680B |
SHA-256: | 7A23C6E7CCD8811ECDF038D3A89D5C7D68ED37324BAE2D4954125D9128FA9432 |
SHA-512: | 09B609EE1061205AA45B3C954EFC6C1A03C8FD6B3011FF88CF2C060E19B1D7FD51EE0CB9D02A39310125F3A66AA0146261BDEE3D804F472034DF711BC942E316 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20 |
Entropy (8bit): | 3.6841837197791887 |
Encrypted: | false |
SSDEEP: | 3:QHXMKas:Q3Las |
MD5: | B3AC9D09E3A47D5FD00C37E075A70ECB |
SHA1: | AD14E6D0E07B00BD10D77A06D68841B20675680B |
SHA-256: | 7A23C6E7CCD8811ECDF038D3A89D5C7D68ED37324BAE2D4954125D9128FA9432 |
SHA-512: | 09B609EE1061205AA45B3C954EFC6C1A03C8FD6B3011FF88CF2C060E19B1D7FD51EE0CB9D02A39310125F3A66AA0146261BDEE3D804F472034DF711BC942E316 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1319 |
Entropy (8bit): | 5.133606110275315 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0mne5xtn:cbk4oL600QydbQxIYODOLedq3Ze5j |
MD5: | C6F0625BF4C1CDFB699980C9243D3B22 |
SHA1: | 43DE1FE580576935516327F17B5DA0C656C72851 |
SHA-256: | 8DFC4E937F0B2374E3CED25FCE344B0731CF44B8854625B318D50ECE2DA8F576 |
SHA-512: | 9EF2DBD4142AD0E1E6006929376ECB8011E7FFC801EE2101E906787D70325AD82752DF65839DE9972391FA52E1E5974EC1A5C7465A88AA56257633EBB7D70969 |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310 |
Entropy (8bit): | 5.109425792877704 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j |
MD5: | 5C2F41CFC6F988C859DA7D727AC2B62A |
SHA1: | 68999C85FC7E37BAB9216E0099836D40D4545C1C |
SHA-256: | 98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B |
SHA-512: | B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 2.5 |
Encrypted: | false |
SSDEEP: | 3:39t:39t |
MD5: | 9C203C9B758291F4B1AF069610D92B5D |
SHA1: | D7B825402FFFD08C882A3B05129E92D0FE964CAE |
SHA-256: | 38D43DB6662484B3E873AC23026A9FE20E80B322579039F4B25AEB8E60318A42 |
SHA-512: | 37325EB6DB0F73E3225B962E7263F76E7102835DB54495F4A23D4B22B56906EFEE14A446374C48E0DEF60E4E590BF04E032129AD54D2680E72B5D2891C600853 |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 56 |
Entropy (8bit): | 4.787365359936823 |
Encrypted: | false |
SSDEEP: | 3:oMty8WbSXgL4A:oMLWuQL4A |
MD5: | EFD1636CFC3CC38FD7BABAE5CAC9EDE0 |
SHA1: | 4D7D378ABEB682EEFBD039930C0EA996FBF54178 |
SHA-256: | F827D5B11C1EB3902D601C3E0B59BA32FE11C0B573FBF22FB2AF86BFD4651BBA |
SHA-512: | 69B2B0AB1A6E13395EF52DCB903B8E17D842E6D0D44F801FF2659CFD5EC343C8CC57928B02961FC7099AD43FF05633BAF5AC39042A00C8676D4FA8F6F8C2A5D7 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 236 |
Entropy (8bit): | 4.932081504780073 |
Encrypted: | false |
SSDEEP: | 3:RGXKRjN3Mxm8fWWD2XBQFwuSaKwDDxRZjmKXVM8xUvAkIDaMAfFAqmV/l7pgechG:zx3M7J4BYRZBXVwLL0dxKaRFfnYJin |
MD5: | 3140AF53A08CE269E95F15F02653B5CA |
SHA1: | 1248AB171A7006A8972B07C8128E346C4E3C1E4E |
SHA-256: | 041D7B8A2F516085263D3022FCD2B716AD212FE564DC2CB5AC5D7E128BEAA257 |
SHA-512: | BB4DFF011D831D8CD6BA923E440B5B4C2A41BA118BA3D73AF0CC866C2FAD23003ACA86C27691E8CF9F37CA336A329D4B8683CFB70E3BF4BD8A5C5421E4DF62D3 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.174708300114262 |
TrID: |
|
File name: | SecuriteInfo.com.Variant.Razy.845229.13077.exe |
File size: | 106496 |
MD5: | 532e58083cf5638b05f617fcbbb5d63b |
SHA1: | 98058e52de678575ff2327d129a58313af4a3fc0 |
SHA256: | 75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511 |
SHA512: | eab390f92d05fcc3ba8d0474555c1db78becfdb81865d4fada0c292a3e50ea6ed00b875b99e5a4d6fd96fc3116416858b1c574e8d14b0564524e8eac849ed20a |
SSDEEP: | 1536:3qN/HQiDkZQzBkKgIYNP7dmoK2gKpKeBEYjBqN/HQi:gkZQzB6IY9dEKpKng |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.x.....................\...T...%.......Rich............................PE..L...\L.J.................@...p......x........P....@ |
File Icon |
---|
Icon Hash: | d8d490d4c4bcdef9 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401378 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x4A164C5C [Fri May 22 06:55:24 2009 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 5fb04c04dc9621084e24b4642ca2fed6 |
Entrypoint Preview |
---|
Instruction |
---|
push 004100F0h |
call 00007F46F8CA4D95h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax+4Dh], bh |
enter 4739h, E0h |
test byte ptr [eax-72h], FFFFFFDAh |
popad |
or eax, 06084A40h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
push ebx |
jo 00007F46F8CA4E07h |
popad |
imul esp, dword ptr [ebp+72h], 70h |
push 66656E6Fh |
popad |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
or eax, 337C8890h |
add edx, dword ptr [ebx] |
dec edx |
xchg edx, esp |
add eax, esp |
jmp 00007F46F8CA4D59h |
and eax, 50F2FD35h |
je 00007F46F8CA4D6Ch |
jnle 00007F46F8CA4DEFh |
xchg eax, ebp |
les eax, fword ptr [edx] |
wait |
lodsb |
stosd |
movsb |
lea edi, dword ptr [edx] |
dec edi |
lodsd |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
daa |
fld qword ptr [eax] |
add byte ptr [eax+2Dh], cl |
add byte ptr [eax], al |
add byte ptr [ecx], cl |
add byte ptr [ecx+70h], ah |
jo 00007F46F8CA4E14h |
outsd |
bound esp, dword ptr [ecx+74h] |
imul eax, dword ptr [eax], 000B010Dh |
inc esp |
outsb |
outsd |
insd |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x14124 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x18000 | 0x3084 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x238 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x114 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x135ec | 0x14000 | False | 0.337573242188 | data | 5.7034958497 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x15000 | 0x2560 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x18000 | 0x3084 | 0x4000 | False | 0.105895996094 | data | 3.23453967052 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x193dc | 0x1ca8 | data | ||
RT_ICON | 0x18734 | 0xca8 | data | ||
RT_ICON | 0x183cc | 0x368 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x1839c | 0x30 | data | ||
RT_VERSION | 0x18150 | 0x24c | data | Hungarian | Hungary |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaLateMemSt, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarTstLt, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaVarTstEq, __vbaObjVar, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaVarDup, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x040e 0x04b0 |
InternalName | Compurgato |
FileVersion | 1.00 |
CompanyName | ColdStone |
Comments | ColdStone |
ProductName | ColdStone |
ProductVersion | 1.00 |
OriginalFilename | Compurgato.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Hungarian | Hungary |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
02/23/21-11:57:30.237786 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.5 | 8.8.8.8 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 11:57:29.280534983 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.519085884 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.519177914 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.519809961 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.757846117 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.758059978 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.758138895 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.758244038 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.758263111 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.758280039 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.758291960 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.758296967 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.758323908 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.758330107 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.758371115 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.758378983 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.758399010 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.758440018 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.758719921 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.758763075 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.997093916 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997114897 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997128010 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997139931 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997268915 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.997319937 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.997556925 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997575045 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997591019 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997607946 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997611046 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.997625113 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997639894 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.997646093 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997663975 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997668982 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.997680902 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997698069 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997699976 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.997714996 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997723103 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.997730970 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997746944 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997761965 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.997761965 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997781992 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:29.997801065 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:29.997833014 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.238229036 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.238250971 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.238266945 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.238286018 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.238307953 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.238326073 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.238327026 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.238348961 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.238365889 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.238420010 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241105080 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241126060 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241143942 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241168022 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241188049 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241194963 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241208076 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241219044 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241240978 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241240978 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241265059 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241282940 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241288900 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241316080 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241322994 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241338968 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241352081 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241367102 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241410971 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241415024 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241422892 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241437912 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241451979 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241461039 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241477013 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241487026 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241498947 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241511106 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241525888 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241538048 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241549969 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241561890 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241573095 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241585016 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241597891 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241607904 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241624117 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241625071 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241641998 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241647959 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241660118 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241676092 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241677999 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241695881 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241714001 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241714001 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.241735935 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.241769075 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.242944002 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.242965937 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.243019104 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.243051052 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.477957010 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.477981091 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.477997065 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.478013039 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.478029966 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.478049040 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.478070021 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.478091002 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.478108883 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.478130102 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.478128910 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.478153944 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.478176117 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.478188992 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.478198051 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.478221893 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.478224039 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.478247881 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.478283882 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.479932070 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.479952097 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.479969025 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.479986906 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.480007887 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.480011940 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.480040073 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.480047941 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.480062962 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.480082989 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.480113029 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.480580091 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.480637074 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.480937958 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.480957985 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.480973959 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.480992079 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.480998039 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.481028080 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.481061935 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.481277943 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.481297016 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.481316090 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.481329918 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.481340885 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.481364965 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.481365919 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.481404066 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.481410980 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.481435061 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.481453896 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.481462002 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.481484890 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.481487036 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.481509924 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.481511116 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.481534004 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.481535912 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.481559038 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.481581926 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482372046 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482393026 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482412100 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482433081 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482439041 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482459068 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482481003 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482482910 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482511044 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482513905 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482534885 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482558012 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482558966 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482583046 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482595921 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482610941 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482625961 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482635975 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482641935 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482662916 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482677937 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482686043 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482712984 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482713938 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482733965 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482738972 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482760906 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482768059 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482781887 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482781887 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482803106 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482825041 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482845068 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482850075 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482856989 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482872963 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482897043 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482898951 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482920885 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482920885 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482943058 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482949972 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482969999 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482981920 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.482995987 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.482996941 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.483016014 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.483040094 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.483057976 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.483062029 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.483087063 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.483095884 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.483110905 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.483119011 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.483136892 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.483153105 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.483161926 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.483181000 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.483257055 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.718518972 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.718547106 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.718609095 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.718625069 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.718652010 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.718668938 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.718699932 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.718724966 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.718744040 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.718811035 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.718828917 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.718878031 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.718900919 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.718924046 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.718925953 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.718949080 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.718972921 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.718991995 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.719017029 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.719017982 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.719043016 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.719065905 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.719067097 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.719086885 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.719095945 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.719139099 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.719228983 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.719255924 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.719281912 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.719301939 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:30.719310045 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:30.719341993 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:31.732240915 CET | 80 | 49741 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 11:57:31.732336998 CET | 49741 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 11:57:34.409995079 CET | 49742 | 6932 | 192.168.2.5 | 10.2.118.40 |
Feb 23, 2021 11:57:37.416977882 CET | 49742 | 6932 | 192.168.2.5 | 10.2.118.40 |
Feb 23, 2021 11:57:44.551551104 CET | 49743 | 6932 | 192.168.2.5 | 10.2.118.40 |
Feb 23, 2021 11:57:47.636531115 CET | 49743 | 6932 | 192.168.2.5 | 10.2.118.40 |
Feb 23, 2021 11:57:52.565188885 CET | 49744 | 6932 | 192.168.2.5 | 10.2.118.40 |
Feb 23, 2021 11:57:55.574692965 CET | 49744 | 6932 | 192.168.2.5 | 10.2.118.40 |
Feb 23, 2021 11:58:00.590800047 CET | 49745 | 6932 | 192.168.2.5 | 10.2.118.40 |
Feb 23, 2021 11:58:03.606600046 CET | 49745 | 6932 | 192.168.2.5 | 10.2.118.40 |
Feb 23, 2021 11:58:08.652992964 CET | 49746 | 6932 | 192.168.2.5 | 10.2.118.40 |
Feb 23, 2021 11:58:11.654103041 CET | 49746 | 6932 | 192.168.2.5 | 10.2.118.40 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 11:53:27.402848005 CET | 54302 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:27.451468945 CET | 53 | 54302 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:53:27.548495054 CET | 53784 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:27.597136974 CET | 53 | 53784 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:53:27.601881981 CET | 65307 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:27.653352976 CET | 53 | 65307 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:53:27.753978014 CET | 64344 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:27.802653074 CET | 53 | 64344 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:53:27.810460091 CET | 62060 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:27.859040022 CET | 53 | 62060 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:53:27.919210911 CET | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:27.967927933 CET | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:53:30.684515953 CET | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:30.733191013 CET | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:53:30.863934040 CET | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:30.922516108 CET | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:53:31.931307077 CET | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:31.979897976 CET | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:53:33.173508883 CET | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:33.225016117 CET | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:53:34.183844090 CET | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:34.232310057 CET | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:53:37.819720030 CET | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:37.878554106 CET | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:53:54.709980011 CET | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:54.771769047 CET | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:53:59.117594004 CET | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:53:59.169214964 CET | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:54:00.076630116 CET | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:54:00.134829998 CET | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:54:03.667221069 CET | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:54:03.718749046 CET | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:54:04.970557928 CET | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:54:05.023955107 CET | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:54:06.463258028 CET | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:54:06.523981094 CET | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:54:22.320291996 CET | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:54:22.371752024 CET | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:54:23.040867090 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:54:23.091963053 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:54:23.203481913 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:54:23.252090931 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:54:41.438749075 CET | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:54:41.487498045 CET | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:55:27.035197020 CET | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:55:27.083903074 CET | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:55:45.315054893 CET | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:55:45.373301029 CET | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:56:22.429409981 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:56:22.497596979 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:56:23.086483002 CET | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:56:23.146323919 CET | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:56:23.750447035 CET | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:56:23.807349920 CET | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:56:24.334043980 CET | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:56:24.415599108 CET | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:56:24.975594044 CET | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:56:25.034773111 CET | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:56:25.765847921 CET | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:56:25.823873043 CET | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:56:26.480931997 CET | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:56:26.539541006 CET | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:56:26.806000948 CET | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:56:26.876113892 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:56:27.475321054 CET | 59261 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:56:27.524157047 CET | 53 | 59261 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:56:30.790479898 CET | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:56:30.894408941 CET | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:56:32.489547014 CET | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:56:32.541115046 CET | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:57:27.851294994 CET | 60516 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:57:28.869720936 CET | 60516 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:57:29.251405001 CET | 53 | 60516 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:57:30.237633944 CET | 53 | 60516 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:57:34.310029030 CET | 51649 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:57:34.393537045 CET | 53 | 51649 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:57:44.481472969 CET | 65086 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:57:44.550745964 CET | 53 | 65086 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:57:52.497247934 CET | 56432 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:57:52.563999891 CET | 53 | 56432 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:58:00.529602051 CET | 52929 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:58:00.589838982 CET | 53 | 52929 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 11:58:08.592498064 CET | 64317 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 11:58:08.652335882 CET | 53 | 64317 | 8.8.8.8 | 192.168.2.5 |
ICMP Packets |
---|
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Feb 23, 2021 11:57:30.237786055 CET | 192.168.2.5 | 8.8.8.8 | d006 | (Port unreachable) | Destination Unreachable |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 23, 2021 11:57:27.851294994 CET | 192.168.2.5 | 8.8.8.8 | 0xc660 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 11:57:28.869720936 CET | 192.168.2.5 | 8.8.8.8 | 0xc660 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 11:57:34.310029030 CET | 192.168.2.5 | 8.8.8.8 | 0x8e87 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 11:57:44.481472969 CET | 192.168.2.5 | 8.8.8.8 | 0x725f | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 11:57:52.497247934 CET | 192.168.2.5 | 8.8.8.8 | 0x9558 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 11:58:00.529602051 CET | 192.168.2.5 | 8.8.8.8 | 0x65e3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 11:58:08.592498064 CET | 192.168.2.5 | 8.8.8.8 | 0xfaca | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 23, 2021 11:57:29.251405001 CET | 8.8.8.8 | 192.168.2.5 | 0xc660 | No error (0) | 103.150.60.242 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 11:57:30.237633944 CET | 8.8.8.8 | 192.168.2.5 | 0xc660 | No error (0) | 103.150.60.242 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 11:57:34.393537045 CET | 8.8.8.8 | 192.168.2.5 | 0x8e87 | No error (0) | 10.2.118.40 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 11:57:44.550745964 CET | 8.8.8.8 | 192.168.2.5 | 0x725f | No error (0) | 10.2.118.40 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 11:57:52.563999891 CET | 8.8.8.8 | 192.168.2.5 | 0x9558 | No error (0) | 10.2.118.40 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 11:58:00.589838982 CET | 8.8.8.8 | 192.168.2.5 | 0x65e3 | No error (0) | 10.2.118.40 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 11:58:08.652335882 CET | 8.8.8.8 | 192.168.2.5 | 0xfaca | No error (0) | 10.2.118.40 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49741 | 103.150.60.242 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 23, 2021 11:57:29.519809961 CET | 9436 | OUT | |
Feb 23, 2021 11:57:29.758059978 CET | 9436 | IN | |
Feb 23, 2021 11:57:29.758244038 CET | 9438 | IN | |
Feb 23, 2021 11:57:29.758263111 CET | 9439 | IN | |
Feb 23, 2021 11:57:29.758280039 CET | 9441 | IN | |
Feb 23, 2021 11:57:29.758296967 CET | 9442 | IN | |
Feb 23, 2021 11:57:29.758330107 CET | 9443 | IN | |
Feb 23, 2021 11:57:29.758378983 CET | 9445 | IN | |
Feb 23, 2021 11:57:29.758399010 CET | 9446 | IN | |
Feb 23, 2021 11:57:29.758719921 CET | 9448 | IN | |
Feb 23, 2021 11:57:29.997093916 CET | 9449 | IN | |
Feb 23, 2021 11:57:29.997114897 CET | 9450 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 11:53:33 |
Start date: | 23/02/2021 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.845229.13077.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 106496 bytes |
MD5 hash: | 532E58083CF5638B05F617FCBBB5D63B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Reputation: | low |
General |
---|
Start time: | 11:57:14 |
Start date: | 23/02/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x780000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 11:57:15 |
Start date: | 23/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecfc0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:57:31 |
Start date: | 23/02/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa20000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:57:31 |
Start date: | 23/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecfc0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:57:32 |
Start date: | 23/02/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa20000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:57:32 |
Start date: | 23/02/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8c0000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 11:57:32 |
Start date: | 23/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecfc0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:57:32 |
Start date: | 23/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecfc0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:57:34 |
Start date: | 23/02/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2f0000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Antivirus matches: |
|
Reputation: | high |
General |
---|
Start time: | 11:57:35 |
Start date: | 23/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecfc0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 004126A0, Relevance: 118.0, APIs: 60, Strings: 7, Instructions: 780COMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413B40, Relevance: 105.4, APIs: 50, Strings: 10, Instructions: 434COMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00402BF2, Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004135B0, Relevance: 12.1, APIs: 8, Instructions: 94COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 02A201C8, Relevance: 2.1, Strings: 1, Instructions: 825COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A21540, Relevance: 1.3, Strings: 1, Instructions: 31COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A21550, Relevance: 1.3, Strings: 1, Instructions: 27COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A20E40, Relevance: .5, Instructions: 465COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A20E30, Relevance: .3, Instructions: 297COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A201B7, Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A200B9, Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A200C8, Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A20007, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A20D38, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A20CB0, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A20CC0, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A214E8, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A214D9, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A20070, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AD05F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A20D29, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A20C70, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A214B5, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 00D000B9, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D000C8, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|