Windows Analysis Report DOCUMENTS.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "Http", "HTTP method": "Post", "Post URL": "http://161.129.64.49/webpanel-dawn2/mawa/0fcd1ef3ebe94dad1463.php", "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 10 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 1 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Possible Applocker Bypass | Show sources |
Source: | Author: juju4: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: |
Source: | Avira: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Installs a global keyboard hook | Show sources |
Source: | Windows user hook set: | Jump to behavior |
Source: | Window created: | Jump to behavior |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Modifies the hosts file | Show sources |
Source: | File written: | Jump to behavior |
System Summary: |
---|
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: |
.NET source code contains very large strings | Show sources |
Source: | Long String: | ||
Source: | Long String: | ||
Source: | Long String: | ||
Source: | Long String: |
Source: | Static PE information: |
Source: | Code function: | 0_2_019EBBD0 | |
Source: | Code function: | 0_2_019E5FC9 | |
Source: | Code function: | 0_2_019E49C0 | |
Source: | Code function: | 0_2_019E69C0 | |
Source: | Code function: | 0_2_019E5948 | |
Source: | Code function: | 0_2_019EED60 | |
Source: | Code function: | 0_2_019E7880 | |
Source: | Code function: | 0_2_019E40B8 | |
Source: | Code function: | 0_2_019E64C1 | |
Source: | Code function: | 0_2_019EE8F8 | |
Source: | Code function: | 0_2_019E4608 | |
Source: | Code function: | 0_2_019EE43C | |
Source: | Code function: | 0_2_019EFC31 | |
Source: | Code function: | 0_2_019EC078 | |
Source: | Code function: | 0_2_019E8580 | |
Source: | Code function: | 0_2_019EC380 | |
Source: | Code function: | 0_2_019E49B0 | |
Source: | Code function: | 0_2_019EB3B1 | |
Source: | Code function: | 0_2_019EE5D6 | |
Source: | Code function: | 0_2_019E4DC0 | |
Source: | Code function: | 0_2_019EBBC0 | |
Source: | Code function: | 0_2_019EADFF | |
Source: | Code function: | 0_2_019E45F9 | |
Source: | Code function: | 0_2_019EB3F0 | |
Source: | Code function: | 0_2_019E4318 | |
Source: | Code function: | 0_2_019E9710 | |
Source: | Code function: | 0_2_019E4309 | |
Source: | Code function: | 0_2_019E9701 | |
Source: | Code function: | 0_2_019E8F50 | |
Source: | Code function: | 0_2_019E9950 | |
Source: | Code function: | 0_2_019EED51 | |
Source: | Code function: | 0_2_019E8F40 | |
Source: | Code function: | 0_2_019E8570 | |
Source: | Code function: | 0_2_019EC36F | |
Source: | Code function: | 0_2_019E9960 | |
Source: | Code function: | 0_2_019E5890 | |
Source: | Code function: | 0_2_019ECAB2 | |
Source: | Code function: | 0_2_019ECAC0 | |
Source: | Code function: | 0_2_019E94F8 | |
Source: | Code function: | 0_2_019E94E8 | |
Source: | Code function: | 0_2_019EE8E8 | |
Source: | Code function: | 0_2_019E9AE9 | |
Source: | Code function: | 0_2_019E7832 | |
Source: | Code function: | 0_2_019ED02E | |
Source: | Code function: | 0_2_019ED048 | |
Source: | Code function: | 0_2_019EAE68 | |
Source: | Code function: | 0_2_019EC069 | |
Source: | Code function: | 0_2_0B9F0006 | |
Source: | Code function: | 0_2_0B9F0070 | |
Source: | Code function: | 9_2_011FC301 | |
Source: | Code function: | 9_2_011F1F58 | |
Source: | Code function: | 9_2_011F0070 | |
Source: | Code function: | 9_2_011F4088 | |
Source: | Code function: | 9_2_011F5C80 | |
Source: | Code function: | 9_2_011F0024 | |
Source: | Code function: | 9_2_02EDF6FF | |
Source: | Code function: | 9_2_02EDAE68 | |
Source: | Code function: | 9_2_02EDD620 | |
Source: | Code function: | 9_2_02EDDFB1 | |
Source: | Code function: | 9_2_02EDAE08 | |
Source: | Code function: | 9_2_05AB0EE8 | |
Source: | Code function: | 9_2_05AB76F8 | |
Source: | Code function: | 9_2_05AB0070 | |
Source: | Code function: | 9_2_05AB1D90 | |
Source: | Code function: | 9_2_05AB6FF0 |
Source: | Code function: | 0_2_058A0D72 | |
Source: | Code function: | 0_2_058A0D41 | |
Source: | Code function: | 9_2_0122B0BA | |
Source: | Code function: | 9_2_0122B089 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_058A0BF6 | |
Source: | Code function: | 0_2_058A0BBF | |
Source: | Code function: | 9_2_0122AF3E | |
Source: | Code function: | 9_2_0122AF07 |
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_00E32992 | |
Source: | Code function: | 0_2_016E30F2 | |
Source: | Code function: | 0_2_016E2EE6 | |
Source: | Code function: | 0_2_016E2D56 | |
Source: | Code function: | 0_2_019ECD70 | |
Source: | Code function: | 0_2_019EA2D6 | |
Source: | Code function: | 9_2_01222982 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules | Show sources |
Source: | Process created: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM3 | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Found evasive API chain (trying to detect sleep duration tampering with parallel thread) | Show sources |
Source: | Function Chain: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 9_2_05C02EF6 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 9_2_02EDD2B8 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Modifies the hosts file | Show sources |
Source: | File written: | Jump to behavior |
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior |
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Modifies the hosts file | Show sources |
Source: | File written: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | Scheduled Task/Job1 | Access Token Manipulation1 | File and Directory Permissions Modification1 | OS Credential Dumping2 | File and Directory Discovery1 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Process Injection312 | Disable or Modify Tools11 | Input Capture11 | System Information Discovery115 | Remote Desktop Protocol | Data from Local System2 | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Scheduled Task/Job1 | Logon Script (Windows) | Scheduled Task/Job1 | Deobfuscate/Decode Files or Information1 | Credentials in Registry1 | Query Registry1 | SMB/Windows Admin Shares | Email Collection1 | Automated Exfiltration | Application Layer Protocol12 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information2 | NTDS | Security Software Discovery311 | Distributed Component Object Model | Input Capture11 | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing13 | LSA Secrets | Process Discovery2 | SSH | Clipboard Data1 | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Masquerading1 | Cached Domain Credentials | Virtualization/Sandbox Evasion131 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Virtualization/Sandbox Evasion131 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Access Token Manipulation1 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Process Injection312 | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | ReversingLabs | ByteCode-MSIL.Trojan.SnakeKeylogger |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | ReversingLabs | ByteCode-MSIL.Trojan.SnakeKeylogger |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Spy.Gen8 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
true |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
161.129.64.49 | unknown | United States | 8100 | ASN-QUADRANET-GLOBALUS | true |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 483808 |
Start date: | 15.09.2021 |
Start time: | 14:11:35 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | DOCUMENTS.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 25 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.adwa.spyw.evad.winEXE@6/6@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
14:12:45 | API Interceptor | |
14:13:01 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
161.129.64.49 | Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ASN-QUADRANET-GLOBALUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\DOCUMENTS.exe |
File Type: | |
Category: | modified |
Size (bytes): | 525 |
Entropy (8bit): | 5.2874233355119316 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T |
MD5: | 61CCF53571C9ABA6511D696CB0D32E45 |
SHA1: | A13A42A20EC14942F52DB20FB16A0A520F8183CE |
SHA-256: | 3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B |
SHA-512: | 90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\DOCUMENTS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1648 |
Entropy (8bit): | 5.1738828453688175 |
Encrypted: | false |
SSDEEP: | 24:2dH4+SEqC/a7hTlNMFpH/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBltn:cbhC7ZlNQF/rydbz9I3YODOLNdq3Z |
MD5: | 5D3CDCFF6EABE012BBEBC4281117633B |
SHA1: | B3FD11D90DB33896C0B7AFFBC6B8DE3B4E226B20 |
SHA-256: | 2B3C1A3F3C743542D0D7364632C7AB24CC9C41A637CE92EF1E0AB98649223AAA |
SHA-512: | E2E47BF551085B1D240B6DCF284139BB944C25C863B23FF465E5F7CF73900C70C85174EB516735F429749286B8869E6711DCFD07C231F4BF569B357DCDD04333 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20480 |
Entropy (8bit): | 0.698304057893793 |
Encrypted: | false |
SSDEEP: | 24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j |
MD5: | 3806E8153A55C1A2DA0B09461A9C882A |
SHA1: | BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72 |
SHA-256: | 366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE |
SHA-512: | 31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\DOCUMENTS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 713728 |
Entropy (8bit): | 7.47266846561291 |
Encrypted: | false |
SSDEEP: | 12288:IuhWHCM2K4CoI/yzQs2TWIlI40xXO5HYC3Z6ZmrlTKzvNWhrPSfav1VMxelDI:IuD3C1oIlI5Y5Hl3Z60ezvNWhrPSfavg |
MD5: | F93324854461139C58E0E865CEB3C859 |
SHA1: | 3DEEDA7CEA856D0D45EE83AEB23E000101623C32 |
SHA-256: | AAAC6D698326E6FBBCD64057FBF591EF97BF143494EDE008D41AB75E5A37DB5A |
SHA-512: | 0330D46FB8F872D5B52E94DDF859F0458B6E97E4A40E37C67EBF39B9846B3A0D199329DC591579F7E2C26A89DF3F998A34B5BD0DE0DCED0A45F5454333EC0E90 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\DOCUMENTS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11 |
Entropy (8bit): | 2.663532754804255 |
Encrypted: | false |
SSDEEP: | 3:iLE:iLE |
MD5: | B24D295C1F84ECBFB566103374FB91C5 |
SHA1: | 6A750D3F8B45C240637332071D34B403FA1FF55A |
SHA-256: | 4DC7B65075FBC5B5421551F0CB814CAFDC8CACA5957D393C222EE388B6F405F4 |
SHA-512: | 9BE279BFA70A859608B50EF5D30BF2345F334E5F433C410EA6A188DCAB395BFF50C95B165177E59A29261464871C11F903A9ECE55B2D900FE49A9F3C49EB88FA |
Malicious: | true |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.47266846561291 |
TrID: |
|
File name: | DOCUMENTS.exe |
File size: | 713728 |
MD5: | f93324854461139c58e0e865ceb3c859 |
SHA1: | 3deeda7cea856d0d45ee83aeb23e000101623c32 |
SHA256: | aaac6d698326e6fbbcd64057fbf591ef97bf143494ede008d41ab75e5a37db5a |
SHA512: | 0330d46fb8f872d5b52e94ddf859f0458b6e97e4a40e37c67ebf39b9846b3a0d199329dc591579f7e2c26a89df3f998a34b5bd0de0dced0a45f5454333ec0e90 |
SSDEEP: | 12288:IuhWHCM2K4CoI/yzQs2TWIlI40xXO5HYC3Z6ZmrlTKzvNWhrPSfav1VMxelDI:IuD3C1oIlI5Y5Hl3Z60ezvNWhrPSfavg |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Aa..............0..t...n........... ........@.. .......................@............@................................ |
File Icon |
---|
Icon Hash: | f1f0f4d0eecccc71 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4a929a |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x61418F0C [Wed Sep 15 06:13:32 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v2.0.50727 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa9248 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xaa000 | 0x6ba8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xb2000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xa72a0 | 0xa7400 | False | 0.825874089126 | data | 7.54267894462 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xaa000 | 0x6ba8 | 0x6c00 | False | 0.443070023148 | data | 5.09676970176 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xb2000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xaa200 | 0x668 | data | ||
RT_ICON | 0xaa878 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 1953594267, next used block 28725 | ||
RT_ICON | 0xaab70 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0xaaca8 | 0xea8 | data | ||
RT_ICON | 0xabb60 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xac418 | 0x568 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0xac990 | 0x25a8 | data | ||
RT_ICON | 0xaef48 | 0x10a8 | data | ||
RT_ICON | 0xb0000 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0xb0478 | 0x84 | data | ||
RT_VERSION | 0xb050c | 0x49c | data | ||
RT_MANIFEST | 0xb09b8 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2008 - 2010 |
Assembly Version | 1.3.0.0 |
InternalName | UnmanagedMemoryStre.exe |
FileVersion | 1.3.0.0 |
CompanyName | WHC |
LegalTrademarks | |
Comments | A little Tool where you can check the stats of your RYL - Risk Your Life - characters. Ruins of War version. |
ProductName | RYL Character Tool - RoW EU version |
ProductVersion | 1.3.0.0 |
FileDescription | RYL Character Tool - RoW EU version |
OriginalFilename | UnmanagedMemoryStre.exe |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 15, 2021 14:12:29.273679972 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.273726940 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.5 |
Sep 15, 2021 14:12:29.273844004 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.274627924 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.274641037 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.5 |
Sep 15, 2021 14:12:29.332669973 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.5 |
Sep 15, 2021 14:12:29.332811117 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.333642006 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.333651066 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.5 |
Sep 15, 2021 14:12:29.334794998 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.334805965 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.5 |
Sep 15, 2021 14:12:29.334928036 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.334939957 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.5 |
Sep 15, 2021 14:12:29.335026979 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.335037947 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.5 |
Sep 15, 2021 14:12:29.335047960 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.335056067 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.5 |
Sep 15, 2021 14:12:29.335127115 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.335139036 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.5 |
Sep 15, 2021 14:12:29.335154057 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.335161924 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.5 |
Sep 15, 2021 14:12:29.335230112 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.335238934 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.5 |
Sep 15, 2021 14:12:29.504945993 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.5 |
Sep 15, 2021 14:12:29.505095959 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.505115986 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.5 |
Sep 15, 2021 14:12:29.505166054 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.508220911 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:12:29.508232117 CEST | 49695 | 443 | 192.168.2.5 | 204.79.197.200 |
Sep 15, 2021 14:13:10.438263893 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:10.462893963 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:10.463027954 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:10.463701010 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:10.489706039 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:10.491146088 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:10.576014042 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:12.638597012 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:12.682830095 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:12.908216000 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:12.935074091 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:12.935535908 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:13.013170958 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:13.231173038 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:13.255914927 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:13.256000996 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:13.256377935 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:13.281702995 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:13.282222033 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:13.357038021 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:14.298929930 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:14.299721956 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:14.324831009 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:14.328134060 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:14.403898001 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:14.418926001 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:14.419704914 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:14.446351051 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:14.446696997 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:14.528503895 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:15.673455954 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:15.674104929 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:15.699462891 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:15.699865103 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:15.764553070 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:15.765258074 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:15.779208899 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:15.792324066 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:15.792733908 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:15.873573065 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:16.886945963 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:16.887478113 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:16.913275003 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:16.913697958 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:16.997631073 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:17.130023003 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:17.130760908 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:17.159096003 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:17.159945011 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:17.232557058 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:17.886820078 CEST | 49675 | 80 | 192.168.2.5 | 23.203.69.124 |
Sep 15, 2021 14:13:17.905529022 CEST | 80 | 49675 | 23.203.69.124 | 192.168.2.5 |
Sep 15, 2021 14:13:17.905612946 CEST | 49675 | 80 | 192.168.2.5 | 23.203.69.124 |
Sep 15, 2021 14:13:18.272187948 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:18.272989988 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:18.298352003 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:18.298707008 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:18.315689087 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:18.316448927 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:18.343164921 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:18.343503952 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:18.373951912 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:18.435291052 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:19.152745008 CEST | 49681 | 80 | 192.168.2.5 | 23.55.161.167 |
Sep 15, 2021 14:13:19.171395063 CEST | 80 | 49681 | 23.55.161.167 | 192.168.2.5 |
Sep 15, 2021 14:13:19.171478987 CEST | 49681 | 80 | 192.168.2.5 | 23.55.161.167 |
Sep 15, 2021 14:13:19.667202950 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:19.667951107 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:19.670584917 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:19.671797991 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:19.693490982 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:19.693841934 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:19.696696043 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:19.697029114 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:19.715926886 CEST | 80 | 49680 | 93.184.220.29 | 192.168.2.5 |
Sep 15, 2021 14:13:19.716080904 CEST | 49680 | 80 | 192.168.2.5 | 93.184.220.29 |
Sep 15, 2021 14:13:19.778892040 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:19.778913021 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:20.162154913 CEST | 49683 | 443 | 192.168.2.5 | 23.35.237.194 |
Sep 15, 2021 14:13:20.165168047 CEST | 49684 | 80 | 192.168.2.5 | 93.184.220.29 |
Sep 15, 2021 14:13:20.860246897 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:20.860774040 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:20.885922909 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:20.886229038 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:20.966136932 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:21.047297955 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:21.052356958 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:21.078917980 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:21.079302073 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:21.169589996 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:22.219360113 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:22.220195055 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:22.238352060 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:22.239392996 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:22.245150089 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:22.245877028 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:22.265947104 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:22.266397953 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:22.325627089 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:22.358902931 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.391875029 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.392735004 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.414349079 CEST | 49752 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.414726019 CEST | 49753 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.415335894 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.416280031 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.417011976 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.419661045 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.438925028 CEST | 80 | 49752 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.438957930 CEST | 80 | 49753 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.439062119 CEST | 49752 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.439131975 CEST | 49753 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.439532042 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.439640045 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.440706968 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.443947077 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.444068909 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.444530010 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.467696905 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.468363047 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.469619036 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.470191956 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.545428038 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.545465946 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.567517996 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.567558050 CEST | 80 | 49739 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.567729950 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.567759991 CEST | 49739 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.625890970 CEST | 49689 | 443 | 192.168.2.5 | 131.253.33.200 |
Sep 15, 2021 14:13:23.626991987 CEST | 49690 | 443 | 192.168.2.5 | 131.253.33.200 |
Sep 15, 2021 14:13:23.627494097 CEST | 49691 | 80 | 192.168.2.5 | 93.184.220.29 |
Sep 15, 2021 14:13:23.644733906 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.644768000 CEST | 80 | 49740 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:23.644824982 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:23.644854069 CEST | 49740 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:24.618895054 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:24.619465113 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:24.646886110 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:24.699433088 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:24.806164980 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:24.816349983 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:24.816778898 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:24.842765093 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:24.843198061 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:24.903903008 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:24.920119047 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:25.972719908 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:26.027707100 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:26.193864107 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:26.246465921 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:26.351392984 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:26.351502895 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:26.376863956 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:26.377167940 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:26.377254009 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:26.377599001 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:26.451049089 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:26.451205969 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:27.724220991 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:27.754045963 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:27.777875900 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:27.809132099 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:27.978575945 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:27.979247093 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:28.003465891 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:28.003875017 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:28.004095078 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:28.004389048 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:28.091537952 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:28.091557980 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:29.139285088 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:29.140022993 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:29.164916992 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:29.165312052 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:29.247232914 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:29.348956108 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:29.403060913 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:29.846992016 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:29.872878075 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:29.873357058 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:29.950932026 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:30.554441929 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:30.555670023 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:30.580851078 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:30.581635952 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:30.654252052 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:31.219254971 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:31.262511969 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:31.454013109 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:31.479247093 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:31.479804993 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:31.563190937 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:31.727874041 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:31.778314114 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:32.833340883 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:32.887851954 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:33.097158909 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:33.099281073 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:33.122642040 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:33.123075008 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:33.124250889 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:33.124602079 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:33.202931881 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:33.202955961 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:34.257390022 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:34.309658051 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:34.460009098 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:34.512787104 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:34.751784086 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:34.776943922 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:34.777313948 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:34.858258009 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:36.123543024 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:36.169193029 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:36.422976017 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:36.424340963 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:36.425884962 CEST | 49773 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:36.449357986 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:36.451544046 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:36.451570034 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:36.451589108 CEST | 80 | 49755 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:36.452074051 CEST | 49755 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:36.452229023 CEST | 80 | 49773 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:36.452318907 CEST | 49773 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:36.452723980 CEST | 49773 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:36.480820894 CEST | 80 | 49773 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:36.481501102 CEST | 49773 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:36.528564930 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:36.562120914 CEST | 80 | 49773 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:37.631304026 CEST | 80 | 49773 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:37.684892893 CEST | 49773 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:37.804518938 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:37.856810093 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:38.109925032 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:38.135873079 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:38.138437033 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:38.216345072 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:39.476407051 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:39.528820992 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:39.807173014 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:39.808268070 CEST | 49773 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:39.809576035 CEST | 49779 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:39.832612991 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:39.832639933 CEST | 80 | 49773 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:39.832649946 CEST | 80 | 49773 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:39.832787991 CEST | 49773 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:39.833009005 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:39.834142923 CEST | 80 | 49779 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:39.834238052 CEST | 49779 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:39.834562063 CEST | 49779 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:39.860543013 CEST | 80 | 49779 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:39.860941887 CEST | 49779 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:39.920111895 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:39.936342955 CEST | 80 | 49779 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:40.975805998 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:41.028951883 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:41.231333971 CEST | 80 | 49779 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:41.278984070 CEST | 49779 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:41.525769949 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:41.550904036 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:41.554946899 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:41.638118982 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:42.923151970 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:42.966633081 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:43.286066055 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:43.312797070 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:43.313196898 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:43.330612898 CEST | 49779 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:43.332113028 CEST | 49782 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:43.354981899 CEST | 80 | 49779 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:43.355011940 CEST | 80 | 49779 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:43.355098009 CEST | 49779 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:43.356642008 CEST | 80 | 49782 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:43.356786966 CEST | 49782 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:43.357093096 CEST | 49782 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:43.382200956 CEST | 80 | 49782 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:43.382677078 CEST | 49782 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:43.387804985 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:43.451045990 CEST | 80 | 49782 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:44.491574049 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:44.544969082 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:44.726938963 CEST | 80 | 49782 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:44.779366970 CEST | 49782 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:45.072092056 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:45.097580910 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:45.098217964 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:45.169204950 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:46.437989950 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:46.498225927 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:46.819101095 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:46.848864079 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:46.849622011 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:46.877381086 CEST | 49782 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:46.880451918 CEST | 49783 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:46.902045012 CEST | 80 | 49782 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:46.902107000 CEST | 80 | 49782 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:46.902206898 CEST | 49782 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:46.905005932 CEST | 80 | 49783 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:46.905113935 CEST | 49783 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:46.905596018 CEST | 49783 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:46.931204081 CEST | 80 | 49783 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:46.932749033 CEST | 49783 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:46.934974909 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:47.014273882 CEST | 80 | 49783 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:47.995552063 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:48.045237064 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:48.267934084 CEST | 80 | 49783 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:48.311136007 CEST | 49783 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:48.662318945 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:48.687911987 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:48.688797951 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:48.778898001 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:50.046020031 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:50.092287064 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:50.457855940 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:50.483243942 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:50.483798981 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:50.534152031 CEST | 49783 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:50.535479069 CEST | 49784 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:50.558845997 CEST | 80 | 49783 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:50.558871031 CEST | 80 | 49783 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:50.559526920 CEST | 49783 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:50.560411930 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:50.560539961 CEST | 80 | 49784 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:50.560673952 CEST | 49784 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:50.561420918 CEST | 49784 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:50.588109970 CEST | 80 | 49784 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:50.588783979 CEST | 49784 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:50.671683073 CEST | 80 | 49784 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:51.604737043 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:51.654951096 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:51.928198099 CEST | 80 | 49784 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:51.983234882 CEST | 49784 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:52.353688955 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:52.380866051 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:52.381397963 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:52.466310024 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:53.744338989 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:53.795703888 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:54.176737070 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:54.204462051 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:54.205032110 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:54.294229984 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:54.301166058 CEST | 49784 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:54.303055048 CEST | 49785 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:54.326030970 CEST | 80 | 49784 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:54.326126099 CEST | 80 | 49784 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:54.326185942 CEST | 49784 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:54.328043938 CEST | 80 | 49785 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:54.328979969 CEST | 49785 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:54.329246998 CEST | 49785 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:54.354396105 CEST | 80 | 49785 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:54.354980946 CEST | 49785 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:54.435014963 CEST | 80 | 49785 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:55.384918928 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:55.436412096 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:55.689045906 CEST | 80 | 49785 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:55.733460903 CEST | 49785 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:56.112840891 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:56.138398886 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:56.138864040 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:56.217129946 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:57.478768110 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:57.530472040 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:57.956692934 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:57.983563900 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:57.984565020 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:58.076143026 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:58.084687948 CEST | 49785 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:58.086787939 CEST | 49786 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:58.109244108 CEST | 80 | 49785 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:58.109266043 CEST | 80 | 49785 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:58.109357119 CEST | 49785 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:58.111222029 CEST | 80 | 49786 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:58.111356974 CEST | 49786 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:58.111722946 CEST | 49786 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:58.136925936 CEST | 80 | 49786 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:58.137569904 CEST | 49786 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:58.216965914 CEST | 80 | 49786 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:59.137239933 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:59.186855078 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:13:59.488430977 CEST | 80 | 49786 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:13:59.530586004 CEST | 49786 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:00.370670080 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:00.395814896 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:00.396596909 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:00.471904993 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:01.768973112 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:01.812051058 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:02.661793947 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:02.687347889 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:02.688025951 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:02.779402971 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:02.800847054 CEST | 49786 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:02.802354097 CEST | 49787 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:02.826586008 CEST | 80 | 49786 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:02.826607943 CEST | 80 | 49787 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:02.826687098 CEST | 80 | 49786 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:02.826797962 CEST | 49786 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:02.826827049 CEST | 49787 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:02.827258110 CEST | 49787 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:02.854156017 CEST | 80 | 49787 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:02.854624987 CEST | 49787 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:02.935502052 CEST | 80 | 49787 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:03.835738897 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:03.890269041 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:04.210328102 CEST | 80 | 49787 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:04.265346050 CEST | 49787 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:05.112627029 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:05.138648033 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:05.139090061 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:05.216193914 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:06.472397089 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:06.515742064 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:07.456280947 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:07.482511997 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:07.482844114 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:07.560055017 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:07.598870039 CEST | 49787 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:07.600891113 CEST | 49788 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:07.623121023 CEST | 80 | 49787 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:07.623184919 CEST | 80 | 49787 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:07.623245001 CEST | 49787 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:07.625164032 CEST | 80 | 49788 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:07.625281096 CEST | 49788 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:07.625634909 CEST | 49788 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:07.650738955 CEST | 80 | 49788 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:07.651103020 CEST | 49788 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:07.731961966 CEST | 80 | 49788 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:08.531841993 CEST | 49680 | 80 | 192.168.2.5 | 93.184.220.29 |
Sep 15, 2021 14:14:08.531853914 CEST | 49676 | 443 | 192.168.2.5 | 20.190.159.134 |
Sep 15, 2021 14:14:08.548666000 CEST | 80 | 49680 | 93.184.220.29 | 192.168.2.5 |
Sep 15, 2021 14:14:08.548971891 CEST | 49680 | 80 | 192.168.2.5 | 93.184.220.29 |
Sep 15, 2021 14:14:08.575373888 CEST | 443 | 49676 | 20.190.159.134 | 192.168.2.5 |
Sep 15, 2021 14:14:08.575469017 CEST | 49676 | 443 | 192.168.2.5 | 20.190.159.134 |
Sep 15, 2021 14:14:08.650330067 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:08.707526922 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:09.005623102 CEST | 80 | 49788 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:09.047070980 CEST | 49788 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:09.172384024 CEST | 49687 | 443 | 192.168.2.5 | 20.190.160.8 |
Sep 15, 2021 14:14:09.172508001 CEST | 49682 | 443 | 192.168.2.5 | 20.190.160.8 |
Sep 15, 2021 14:14:09.172549963 CEST | 49688 | 443 | 192.168.2.5 | 20.190.160.8 |
Sep 15, 2021 14:14:09.198112011 CEST | 443 | 49688 | 20.190.160.8 | 192.168.2.5 |
Sep 15, 2021 14:14:09.198159933 CEST | 443 | 49687 | 20.190.160.8 | 192.168.2.5 |
Sep 15, 2021 14:14:09.198203087 CEST | 443 | 49682 | 20.190.160.8 | 192.168.2.5 |
Sep 15, 2021 14:14:09.198318005 CEST | 49688 | 443 | 192.168.2.5 | 20.190.160.8 |
Sep 15, 2021 14:14:09.198328018 CEST | 49687 | 443 | 192.168.2.5 | 20.190.160.8 |
Sep 15, 2021 14:14:09.198359966 CEST | 49682 | 443 | 192.168.2.5 | 20.190.160.8 |
Sep 15, 2021 14:14:09.976701975 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:10.001939058 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:10.002525091 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:10.076113939 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:11.360577106 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:11.406569958 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:12.349174976 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:12.374934912 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:12.375464916 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:12.466226101 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:12.520499945 CEST | 49788 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:12.521877050 CEST | 49789 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:12.547573090 CEST | 80 | 49789 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:12.547604084 CEST | 80 | 49788 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:12.547614098 CEST | 80 | 49788 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:12.547908068 CEST | 49788 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:12.550148010 CEST | 49789 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:12.550192118 CEST | 49789 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:12.576733112 CEST | 80 | 49789 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:12.577414989 CEST | 49789 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:12.669291019 CEST | 80 | 49789 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:13.525808096 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:13.578578949 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:13.933546066 CEST | 80 | 49789 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:13.984837055 CEST | 49789 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:14.915077925 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:14.940243959 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:14.940690041 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:15.028502941 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:16.298826933 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:16.344482899 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:17.364527941 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:17.390101910 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:17.390574932 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:17.466655970 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:17.506899118 CEST | 49789 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:17.508368969 CEST | 49794 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:17.531407118 CEST | 80 | 49789 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:17.531438112 CEST | 80 | 49789 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:17.532737970 CEST | 80 | 49794 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:17.532788038 CEST | 49789 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:17.533981085 CEST | 49794 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:17.534023046 CEST | 49794 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:17.559452057 CEST | 80 | 49794 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:17.560008049 CEST | 49794 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:17.638540983 CEST | 80 | 49794 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:18.534015894 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:18.579061985 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:18.898777008 CEST | 80 | 49794 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:18.938497066 CEST | 49794 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:19.984513044 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:20.009867907 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:20.010180950 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:20.091408014 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:21.377985954 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:21.423650980 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:22.473656893 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:22.499567032 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:22.499965906 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:22.575366974 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:22.631342888 CEST | 49794 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:22.633022070 CEST | 49795 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:22.655829906 CEST | 80 | 49794 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:22.655855894 CEST | 80 | 49794 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:22.657213926 CEST | 49794 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:22.657320976 CEST | 80 | 49795 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:22.657443047 CEST | 49795 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:22.657763004 CEST | 49795 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:22.685173988 CEST | 80 | 49795 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:22.685775995 CEST | 49795 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:22.764818907 CEST | 80 | 49795 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:23.656876087 CEST | 80 | 49754 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:23.704411983 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:24.011476040 CEST | 80 | 49795 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:24.063920975 CEST | 49795 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:25.160609007 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:25.185619116 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:25.185718060 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:25.188831091 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:25.214498043 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:25.215550900 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:25.244007111 CEST | 49753 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:25.310025930 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:25.969404936 CEST | 49795 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:25.969716072 CEST | 49754 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:25.971139908 CEST | 49752 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:25.971158981 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:25.995590925 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:25.995764971 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:25.995999098 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:26.021240950 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:26.022331953 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:26.091150999 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:26.558249950 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:26.611176014 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:27.256546974 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:27.298506021 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:27.482019901 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:27.507499933 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:27.507965088 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:27.537790060 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:27.664097071 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:27.689424038 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:27.690473080 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:27.763572931 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:28.812506914 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:28.861135960 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:30.252999067 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:30.253659964 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:30.279325962 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:30.279825926 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:30.351170063 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:30.357594013 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:30.376537085 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:30.377226114 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:30.450433016 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:31.596715927 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:31.642620087 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:31.747462988 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:31.798983097 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:32.973864079 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:32.999151945 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:32.999537945 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:33.075930119 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:33.224179029 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:33.249846935 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:33.250144958 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:33.325376034 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:34.152156115 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:34.205470085 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:34.622845888 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:34.674387932 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:35.834364891 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:35.859575987 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:35.859934092 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:35.935323000 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:37.204128027 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:37.252614021 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:38.522620916 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:38.550947905 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:38.551419020 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:38.637989044 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:38.765626907 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:38.767302036 CEST | 49798 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:38.791335106 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:38.791363001 CEST | 80 | 49797 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:38.791449070 CEST | 49797 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:38.792349100 CEST | 80 | 49798 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:38.792495966 CEST | 49798 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:38.792773008 CEST | 49798 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:38.818960905 CEST | 80 | 49798 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:38.823288918 CEST | 49798 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:38.903836966 CEST | 80 | 49798 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:39.689563990 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:39.737107992 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:40.172909021 CEST | 80 | 49798 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:40.221482038 CEST | 49798 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:41.460397959 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:41.487829924 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:41.488321066 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:41.575896025 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:42.865618944 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:42.909137964 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:43.973301888 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:43.973324060 CEST | 49798 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:44.008389950 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:44.008435011 CEST | 80 | 49798 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:44.008625984 CEST | 49798 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:44.008725882 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:44.091279984 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:44.091308117 CEST | 80 | 49798 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:45.151134968 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:45.190682888 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:45.385998011 CEST | 80 | 49798 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:45.440684080 CEST | 49798 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:50.654489994 CEST | 80 | 49796 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:50.654716015 CEST | 49796 | 80 | 192.168.2.5 | 161.129.64.49 |
Sep 15, 2021 14:14:50.904135942 CEST | 80 | 49798 | 161.129.64.49 | 192.168.2.5 |
Sep 15, 2021 14:14:50.904393911 CEST | 49798 | 80 | 192.168.2.5 | 161.129.64.49 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 15, 2021 14:12:29.302016973 CEST | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 15, 2021 14:12:29.334316015 CEST | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
Sep 15, 2021 14:12:43.383393049 CEST | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 15, 2021 14:12:43.417336941 CEST | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Sep 15, 2021 14:13:01.144943953 CEST | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 15, 2021 14:13:01.169748068 CEST | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Sep 15, 2021 14:13:19.594683886 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 15, 2021 14:13:19.621222973 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Sep 15, 2021 14:13:21.404922009 CEST | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 15, 2021 14:13:21.440296888 CEST | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Sep 15, 2021 14:13:36.197587013 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 15, 2021 14:13:36.243068933 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Sep 15, 2021 14:13:38.586544991 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 15, 2021 14:13:38.618644953 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Sep 15, 2021 14:14:12.888977051 CEST | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 15, 2021 14:14:12.926632881 CEST | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Sep 15, 2021 14:14:14.882390022 CEST | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 15, 2021 14:14:14.925168037 CEST | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49739 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:13:10.463701010 CEST | 1056 | OUT | |
Sep 15, 2021 14:13:10.489706039 CEST | 1056 | IN | |
Sep 15, 2021 14:13:10.491146088 CEST | 1057 | OUT | |
Sep 15, 2021 14:13:12.638597012 CEST | 1057 | IN | |
Sep 15, 2021 14:13:12.908216000 CEST | 1057 | OUT | |
Sep 15, 2021 14:13:12.935074091 CEST | 1057 | IN | |
Sep 15, 2021 14:13:12.935535908 CEST | 1058 | OUT | |
Sep 15, 2021 14:13:14.298929930 CEST | 1059 | IN | |
Sep 15, 2021 14:13:14.299721956 CEST | 1060 | OUT | |
Sep 15, 2021 14:13:14.324831009 CEST | 1060 | IN | |
Sep 15, 2021 14:13:14.328134060 CEST | 1060 | OUT | |
Sep 15, 2021 14:13:15.673455954 CEST | 1062 | IN | |
Sep 15, 2021 14:13:15.674104929 CEST | 1062 | OUT | |
Sep 15, 2021 14:13:15.699462891 CEST | 1062 | IN | |
Sep 15, 2021 14:13:15.699865103 CEST | 1063 | OUT | |
Sep 15, 2021 14:13:16.886945963 CEST | 1064 | IN | |
Sep 15, 2021 14:13:16.887478113 CEST | 1064 | OUT | |
Sep 15, 2021 14:13:16.913275003 CEST | 1065 | IN | |
Sep 15, 2021 14:13:16.913697958 CEST | 1065 | OUT | |
Sep 15, 2021 14:13:18.272187948 CEST | 1067 | IN | |
Sep 15, 2021 14:13:18.272989988 CEST | 1067 | OUT | |
Sep 15, 2021 14:13:18.298352003 CEST | 1067 | IN | |
Sep 15, 2021 14:13:18.298707008 CEST | 1068 | OUT | |
Sep 15, 2021 14:13:19.670584917 CEST | 1071 | IN | |
Sep 15, 2021 14:13:19.671797991 CEST | 1071 | OUT | |
Sep 15, 2021 14:13:19.696696043 CEST | 1072 | IN | |
Sep 15, 2021 14:13:19.697029114 CEST | 1072 | OUT | |
Sep 15, 2021 14:13:20.860246897 CEST | 1073 | IN | |
Sep 15, 2021 14:13:20.860774040 CEST | 1073 | OUT | |
Sep 15, 2021 14:13:20.885922909 CEST | 1073 | IN | |
Sep 15, 2021 14:13:20.886229038 CEST | 1074 | OUT | |
Sep 15, 2021 14:13:22.219360113 CEST | 1091 | IN | |
Sep 15, 2021 14:13:22.220195055 CEST | 1092 | OUT | |
Sep 15, 2021 14:13:22.245150089 CEST | 1092 | IN | |
Sep 15, 2021 14:13:22.245877028 CEST | 1093 | OUT | |
Sep 15, 2021 14:13:23.567517996 CEST | 1110 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49740 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:13:13.256377935 CEST | 1058 | OUT | |
Sep 15, 2021 14:13:13.281702995 CEST | 1058 | IN | |
Sep 15, 2021 14:13:13.282222033 CEST | 1059 | OUT | |
Sep 15, 2021 14:13:14.418926001 CEST | 1060 | IN | |
Sep 15, 2021 14:13:14.419704914 CEST | 1061 | OUT | |
Sep 15, 2021 14:13:14.446351051 CEST | 1061 | IN | |
Sep 15, 2021 14:13:14.446696997 CEST | 1061 | OUT | |
Sep 15, 2021 14:13:15.764553070 CEST | 1063 | IN | |
Sep 15, 2021 14:13:15.765258074 CEST | 1063 | OUT | |
Sep 15, 2021 14:13:15.792324066 CEST | 1063 | IN | |
Sep 15, 2021 14:13:15.792733908 CEST | 1064 | OUT | |
Sep 15, 2021 14:13:17.130023003 CEST | 1065 | IN | |
Sep 15, 2021 14:13:17.130760908 CEST | 1066 | OUT | |
Sep 15, 2021 14:13:17.159096003 CEST | 1066 | IN | |
Sep 15, 2021 14:13:17.159945011 CEST | 1066 | OUT | |
Sep 15, 2021 14:13:18.315689087 CEST | 1068 | IN | |
Sep 15, 2021 14:13:18.316448927 CEST | 1068 | OUT | |
Sep 15, 2021 14:13:18.343164921 CEST | 1068 | IN | |
Sep 15, 2021 14:13:18.343503952 CEST | 1069 | OUT | |
Sep 15, 2021 14:13:19.667202950 CEST | 1070 | IN | |
Sep 15, 2021 14:13:19.667951107 CEST | 1070 | OUT | |
Sep 15, 2021 14:13:19.693490982 CEST | 1071 | IN | |
Sep 15, 2021 14:13:19.693841934 CEST | 1072 | OUT | |
Sep 15, 2021 14:13:21.047297955 CEST | 1074 | IN | |
Sep 15, 2021 14:13:21.052356958 CEST | 1075 | OUT | |
Sep 15, 2021 14:13:21.078917980 CEST | 1075 | IN | |
Sep 15, 2021 14:13:21.079302073 CEST | 1076 | OUT | |
Sep 15, 2021 14:13:22.238352060 CEST | 1092 | IN | |
Sep 15, 2021 14:13:22.239392996 CEST | 1092 | OUT | |
Sep 15, 2021 14:13:22.265947104 CEST | 1094 | IN | |
Sep 15, 2021 14:13:22.266397953 CEST | 1094 | OUT | |
Sep 15, 2021 14:13:23.644733906 CEST | 1111 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.5 | 49786 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:13:58.111722946 CEST | 4899 | OUT | |
Sep 15, 2021 14:13:58.136925936 CEST | 4899 | IN | |
Sep 15, 2021 14:13:58.137569904 CEST | 4900 | OUT | |
Sep 15, 2021 14:13:59.488430977 CEST | 4900 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.5 | 49787 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:14:02.827258110 CEST | 4903 | OUT | |
Sep 15, 2021 14:14:02.854156017 CEST | 4903 | IN | |
Sep 15, 2021 14:14:02.854624987 CEST | 4904 | OUT | |
Sep 15, 2021 14:14:04.210328102 CEST | 4905 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.5 | 49788 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:14:07.625634909 CEST | 4908 | OUT | |
Sep 15, 2021 14:14:07.650738955 CEST | 4908 | IN | |
Sep 15, 2021 14:14:07.651103020 CEST | 4908 | OUT | |
Sep 15, 2021 14:14:09.005623102 CEST | 4909 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.5 | 49789 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:14:12.550192118 CEST | 4913 | OUT | |
Sep 15, 2021 14:14:12.576733112 CEST | 4913 | IN | |
Sep 15, 2021 14:14:12.577414989 CEST | 4913 | OUT | |
Sep 15, 2021 14:14:13.933546066 CEST | 4922 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.5 | 49794 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:14:17.534023046 CEST | 4937 | OUT | |
Sep 15, 2021 14:14:17.559452057 CEST | 4937 | IN | |
Sep 15, 2021 14:14:17.560008049 CEST | 4938 | OUT | |
Sep 15, 2021 14:14:18.898777008 CEST | 4938 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.5 | 49795 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:14:22.657763004 CEST | 4941 | OUT | |
Sep 15, 2021 14:14:22.685173988 CEST | 4942 | IN | |
Sep 15, 2021 14:14:22.685775995 CEST | 4942 | OUT | |
Sep 15, 2021 14:14:24.011476040 CEST | 4943 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
16 | 192.168.2.5 | 49796 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:14:25.188831091 CEST | 4943 | OUT | |
Sep 15, 2021 14:14:25.214498043 CEST | 4943 | IN | |
Sep 15, 2021 14:14:25.215550900 CEST | 4944 | OUT | |
Sep 15, 2021 14:14:26.558249950 CEST | 4946 | IN | |
Sep 15, 2021 14:14:27.482019901 CEST | 4947 | OUT | |
Sep 15, 2021 14:14:27.507499933 CEST | 4947 | IN | |
Sep 15, 2021 14:14:27.507965088 CEST | 4950 | OUT | |
Sep 15, 2021 14:14:30.252999067 CEST | 4952 | IN | |
Sep 15, 2021 14:14:30.253659964 CEST | 4952 | OUT | |
Sep 15, 2021 14:14:30.279325962 CEST | 4952 | IN | |
Sep 15, 2021 14:14:30.279825926 CEST | 4953 | OUT | |
Sep 15, 2021 14:14:31.596715927 CEST | 4954 | IN | |
Sep 15, 2021 14:14:32.973864079 CEST | 4954 | OUT | |
Sep 15, 2021 14:14:32.999151945 CEST | 4955 | IN | |
Sep 15, 2021 14:14:32.999537945 CEST | 4955 | OUT | |
Sep 15, 2021 14:14:34.152156115 CEST | 4956 | IN | |
Sep 15, 2021 14:14:35.834364891 CEST | 4957 | OUT | |
Sep 15, 2021 14:14:35.859575987 CEST | 4957 | IN | |
Sep 15, 2021 14:14:35.859934092 CEST | 4958 | OUT | |
Sep 15, 2021 14:14:37.204128027 CEST | 4958 | IN | |
Sep 15, 2021 14:14:38.522620916 CEST | 4958 | OUT | |
Sep 15, 2021 14:14:38.550947905 CEST | 4958 | IN | |
Sep 15, 2021 14:14:38.551419020 CEST | 4959 | OUT | |
Sep 15, 2021 14:14:39.689563990 CEST | 4960 | IN | |
Sep 15, 2021 14:14:41.460397959 CEST | 4961 | OUT | |
Sep 15, 2021 14:14:41.487829924 CEST | 4961 | IN | |
Sep 15, 2021 14:14:41.488321066 CEST | 4962 | OUT | |
Sep 15, 2021 14:14:42.865618944 CEST | 4962 | IN | |
Sep 15, 2021 14:14:43.973301888 CEST | 4962 | OUT | |
Sep 15, 2021 14:14:44.008389950 CEST | 4963 | IN | |
Sep 15, 2021 14:14:44.008725882 CEST | 4964 | OUT | |
Sep 15, 2021 14:14:45.151134968 CEST | 4964 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
17 | 192.168.2.5 | 49797 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:14:25.995999098 CEST | 4945 | OUT | |
Sep 15, 2021 14:14:26.021240950 CEST | 4945 | IN | |
Sep 15, 2021 14:14:26.022331953 CEST | 4945 | OUT | |
Sep 15, 2021 14:14:27.256546974 CEST | 4946 | IN | |
Sep 15, 2021 14:14:27.664097071 CEST | 4950 | OUT | |
Sep 15, 2021 14:14:27.689424038 CEST | 4951 | IN | |
Sep 15, 2021 14:14:27.690473080 CEST | 4951 | OUT | |
Sep 15, 2021 14:14:28.812506914 CEST | 4951 | IN | |
Sep 15, 2021 14:14:30.351170063 CEST | 4953 | OUT | |
Sep 15, 2021 14:14:30.376537085 CEST | 4953 | IN | |
Sep 15, 2021 14:14:30.377226114 CEST | 4953 | OUT | |
Sep 15, 2021 14:14:31.747462988 CEST | 4954 | IN | |
Sep 15, 2021 14:14:33.224179029 CEST | 4955 | OUT | |
Sep 15, 2021 14:14:33.249846935 CEST | 4955 | IN | |
Sep 15, 2021 14:14:33.250144958 CEST | 4956 | OUT | |
Sep 15, 2021 14:14:34.622845888 CEST | 4957 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
18 | 192.168.2.5 | 49798 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:14:38.792773008 CEST | 4960 | OUT | |
Sep 15, 2021 14:14:38.818960905 CEST | 4960 | IN | |
Sep 15, 2021 14:14:38.823288918 CEST | 4960 | OUT | |
Sep 15, 2021 14:14:40.172909021 CEST | 4961 | IN | |
Sep 15, 2021 14:14:43.973324060 CEST | 4963 | OUT | |
Sep 15, 2021 14:14:44.008435011 CEST | 4963 | IN | |
Sep 15, 2021 14:14:44.008625984 CEST | 4963 | OUT | |
Sep 15, 2021 14:14:45.385998011 CEST | 4964 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.5 | 49754 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:13:23.440706968 CEST | 1106 | OUT | |
Sep 15, 2021 14:13:23.467696905 CEST | 1108 | IN | |
Sep 15, 2021 14:13:23.468363047 CEST | 1108 | OUT | |
Sep 15, 2021 14:13:24.618895054 CEST | 1121 | IN | |
Sep 15, 2021 14:13:24.619465113 CEST | 1121 | OUT | |
Sep 15, 2021 14:13:24.646886110 CEST | 1122 | IN | |
Sep 15, 2021 14:13:24.816349983 CEST | 1123 | OUT | |
Sep 15, 2021 14:13:26.193864107 CEST | 1134 | IN | |
Sep 15, 2021 14:13:26.351502895 CEST | 1135 | OUT | |
Sep 15, 2021 14:13:26.377167940 CEST | 1136 | IN | |
Sep 15, 2021 14:13:26.377599001 CEST | 1137 | OUT | |
Sep 15, 2021 14:13:27.724220991 CEST | 1143 | IN | |
Sep 15, 2021 14:13:27.978575945 CEST | 1144 | OUT | |
Sep 15, 2021 14:13:28.003465891 CEST | 1144 | IN | |
Sep 15, 2021 14:13:28.003875017 CEST | 1145 | OUT | |
Sep 15, 2021 14:13:29.139285088 CEST | 1152 | IN | |
Sep 15, 2021 14:13:29.140022993 CEST | 1152 | OUT | |
Sep 15, 2021 14:13:29.164916992 CEST | 1152 | IN | |
Sep 15, 2021 14:13:29.165312052 CEST | 1152 | OUT | |
Sep 15, 2021 14:13:30.554441929 CEST | 1154 | IN | |
Sep 15, 2021 14:13:30.555670023 CEST | 1154 | OUT | |
Sep 15, 2021 14:13:30.580851078 CEST | 1154 | IN | |
Sep 15, 2021 14:13:30.581635952 CEST | 1155 | OUT | |
Sep 15, 2021 14:13:31.727874041 CEST | 1156 | IN | |
Sep 15, 2021 14:13:33.097158909 CEST | 1157 | OUT | |
Sep 15, 2021 14:13:33.122642040 CEST | 1158 | IN | |
Sep 15, 2021 14:13:33.123075008 CEST | 1158 | OUT | |
Sep 15, 2021 14:13:34.460009098 CEST | 1159 | IN | |
Sep 15, 2021 14:13:34.751784086 CEST | 1160 | OUT | |
Sep 15, 2021 14:13:34.776943922 CEST | 1160 | IN | |
Sep 15, 2021 14:13:34.777313948 CEST | 1160 | OUT | |
Sep 15, 2021 14:13:36.123543024 CEST | 1160 | IN | |
Sep 15, 2021 14:13:36.422976017 CEST | 1169 | OUT | |
Sep 15, 2021 14:13:36.449357986 CEST | 1170 | IN | |
Sep 15, 2021 14:13:36.451544046 CEST | 1170 | OUT | |
Sep 15, 2021 14:13:37.804518938 CEST | 1208 | IN | |
Sep 15, 2021 14:13:38.109925032 CEST | 1209 | OUT | |
Sep 15, 2021 14:13:38.135873079 CEST | 1209 | IN | |
Sep 15, 2021 14:13:38.138437033 CEST | 1209 | OUT | |
Sep 15, 2021 14:13:39.476407051 CEST | 2658 | IN | |
Sep 15, 2021 14:13:39.807173014 CEST | 3851 | OUT | |
Sep 15, 2021 14:13:39.832612991 CEST | 3851 | IN | |
Sep 15, 2021 14:13:40.975805998 CEST | 4879 | IN | |
Sep 15, 2021 14:13:41.525769949 CEST | 4880 | OUT | |
Sep 15, 2021 14:13:41.550904036 CEST | 4880 | IN | |
Sep 15, 2021 14:13:42.923151970 CEST | 4881 | IN | |
Sep 15, 2021 14:13:43.286066055 CEST | 4881 | OUT | |
Sep 15, 2021 14:13:43.312797070 CEST | 4881 | IN | |
Sep 15, 2021 14:13:44.491574049 CEST | 4884 | IN | |
Sep 15, 2021 14:13:45.072092056 CEST | 4884 | OUT | |
Sep 15, 2021 14:13:45.097580910 CEST | 4884 | IN | |
Sep 15, 2021 14:13:46.437989950 CEST | 4885 | IN | |
Sep 15, 2021 14:13:46.819101095 CEST | 4885 | OUT | |
Sep 15, 2021 14:13:46.848864079 CEST | 4886 | IN | |
Sep 15, 2021 14:13:47.995552063 CEST | 4888 | IN | |
Sep 15, 2021 14:13:48.662318945 CEST | 4888 | OUT | |
Sep 15, 2021 14:13:48.687911987 CEST | 4888 | IN | |
Sep 15, 2021 14:13:50.046020031 CEST | 4889 | IN | |
Sep 15, 2021 14:13:50.457855940 CEST | 4890 | OUT | |
Sep 15, 2021 14:13:50.483243942 CEST | 4890 | IN | |
Sep 15, 2021 14:13:51.604737043 CEST | 4892 | IN | |
Sep 15, 2021 14:13:52.353688955 CEST | 4893 | OUT | |
Sep 15, 2021 14:13:52.380866051 CEST | 4893 | IN | |
Sep 15, 2021 14:13:53.744338989 CEST | 4893 | IN | |
Sep 15, 2021 14:13:54.176737070 CEST | 4894 | OUT | |
Sep 15, 2021 14:13:54.204462051 CEST | 4894 | IN | |
Sep 15, 2021 14:13:55.384918928 CEST | 4896 | IN | |
Sep 15, 2021 14:13:56.112840891 CEST | 4897 | OUT | |
Sep 15, 2021 14:13:56.138398886 CEST | 4897 | IN | |
Sep 15, 2021 14:13:57.478768110 CEST | 4898 | IN | |
Sep 15, 2021 14:13:57.956692934 CEST | 4898 | OUT | |
Sep 15, 2021 14:13:57.983563900 CEST | 4898 | IN | |
Sep 15, 2021 14:13:59.137239933 CEST | 4900 | IN | |
Sep 15, 2021 14:14:00.370670080 CEST | 4901 | OUT | |
Sep 15, 2021 14:14:00.395814896 CEST | 4901 | IN | |
Sep 15, 2021 14:14:01.768973112 CEST | 4902 | IN | |
Sep 15, 2021 14:14:02.661793947 CEST | 4902 | OUT | |
Sep 15, 2021 14:14:02.687347889 CEST | 4902 | IN | |
Sep 15, 2021 14:14:03.835738897 CEST | 4904 | IN | |
Sep 15, 2021 14:14:05.112627029 CEST | 4905 | OUT | |
Sep 15, 2021 14:14:05.138648033 CEST | 4905 | IN | |
Sep 15, 2021 14:14:06.472397089 CEST | 4906 | IN | |
Sep 15, 2021 14:14:07.456280947 CEST | 4906 | OUT | |
Sep 15, 2021 14:14:07.482511997 CEST | 4906 | IN | |
Sep 15, 2021 14:14:08.650330067 CEST | 4909 | IN | |
Sep 15, 2021 14:14:09.976701975 CEST | 4910 | OUT | |
Sep 15, 2021 14:14:10.001939058 CEST | 4910 | IN | |
Sep 15, 2021 14:14:11.360577106 CEST | 4911 | IN | |
Sep 15, 2021 14:14:12.349174976 CEST | 4911 | OUT | |
Sep 15, 2021 14:14:12.374934912 CEST | 4911 | IN | |
Sep 15, 2021 14:14:13.525808096 CEST | 4922 | IN | |
Sep 15, 2021 14:14:14.915077925 CEST | 4926 | OUT | |
Sep 15, 2021 14:14:14.940243959 CEST | 4927 | IN | |
Sep 15, 2021 14:14:16.298826933 CEST | 4935 | IN | |
Sep 15, 2021 14:14:17.364527941 CEST | 4936 | OUT | |
Sep 15, 2021 14:14:17.390101910 CEST | 4936 | IN | |
Sep 15, 2021 14:14:18.534015894 CEST | 4938 | IN | |
Sep 15, 2021 14:14:19.984513044 CEST | 4939 | OUT | |
Sep 15, 2021 14:14:20.009867907 CEST | 4939 | IN | |
Sep 15, 2021 14:14:21.377985954 CEST | 4940 | IN | |
Sep 15, 2021 14:14:22.473656893 CEST | 4940 | OUT | |
Sep 15, 2021 14:14:22.499567032 CEST | 4940 | IN | |
Sep 15, 2021 14:14:23.656876087 CEST | 4942 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.5 | 49755 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:13:23.444530010 CEST | 1106 | OUT | |
Sep 15, 2021 14:13:23.469619036 CEST | 1108 | IN | |
Sep 15, 2021 14:13:23.470191956 CEST | 1109 | OUT | |
Sep 15, 2021 14:13:24.806164980 CEST | 1122 | IN | |
Sep 15, 2021 14:13:24.816778898 CEST | 1123 | OUT | |
Sep 15, 2021 14:13:24.842765093 CEST | 1124 | IN | |
Sep 15, 2021 14:13:24.843198061 CEST | 1124 | OUT | |
Sep 15, 2021 14:13:25.972719908 CEST | 1134 | IN | |
Sep 15, 2021 14:13:26.351392984 CEST | 1135 | OUT | |
Sep 15, 2021 14:13:26.376863956 CEST | 1136 | IN | |
Sep 15, 2021 14:13:26.377254009 CEST | 1136 | OUT | |
Sep 15, 2021 14:13:27.754045963 CEST | 1143 | IN | |
Sep 15, 2021 14:13:27.979247093 CEST | 1144 | OUT | |
Sep 15, 2021 14:13:28.004095078 CEST | 1145 | IN | |
Sep 15, 2021 14:13:28.004389048 CEST | 1145 | OUT | |
Sep 15, 2021 14:13:29.348956108 CEST | 1153 | IN | |
Sep 15, 2021 14:13:29.846992016 CEST | 1153 | OUT | |
Sep 15, 2021 14:13:29.872878075 CEST | 1153 | IN | |
Sep 15, 2021 14:13:29.873357058 CEST | 1154 | OUT | |
Sep 15, 2021 14:13:31.219254971 CEST | 1155 | IN | |
Sep 15, 2021 14:13:31.454013109 CEST | 1156 | OUT | |
Sep 15, 2021 14:13:31.479247093 CEST | 1156 | IN | |
Sep 15, 2021 14:13:31.479804993 CEST | 1156 | OUT | |
Sep 15, 2021 14:13:32.833340883 CEST | 1157 | IN | |
Sep 15, 2021 14:13:33.099281073 CEST | 1157 | OUT | |
Sep 15, 2021 14:13:33.124250889 CEST | 1158 | IN | |
Sep 15, 2021 14:13:33.124602079 CEST | 1159 | OUT | |
Sep 15, 2021 14:13:34.257390022 CEST | 1159 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.5 | 49773 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:13:36.452723980 CEST | 1171 | OUT | |
Sep 15, 2021 14:13:36.480820894 CEST | 1175 | IN | |
Sep 15, 2021 14:13:36.481501102 CEST | 1176 | OUT | |
Sep 15, 2021 14:13:37.631304026 CEST | 1208 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.5 | 49779 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:13:39.834562063 CEST | 3852 | OUT | |
Sep 15, 2021 14:13:39.860543013 CEST | 3852 | IN | |
Sep 15, 2021 14:13:39.860941887 CEST | 3853 | OUT | |
Sep 15, 2021 14:13:41.231333971 CEST | 4880 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.5 | 49782 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:13:43.357093096 CEST | 4883 | OUT | |
Sep 15, 2021 14:13:43.382200956 CEST | 4883 | IN | |
Sep 15, 2021 14:13:43.382677078 CEST | 4883 | OUT | |
Sep 15, 2021 14:13:44.726938963 CEST | 4884 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.5 | 49783 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:13:46.905596018 CEST | 4887 | OUT | |
Sep 15, 2021 14:13:46.931204081 CEST | 4887 | IN | |
Sep 15, 2021 14:13:46.932749033 CEST | 4887 | OUT | |
Sep 15, 2021 14:13:48.267934084 CEST | 4888 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.5 | 49784 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:13:50.561420918 CEST | 4891 | OUT | |
Sep 15, 2021 14:13:50.588109970 CEST | 4891 | IN | |
Sep 15, 2021 14:13:50.588783979 CEST | 4892 | OUT | |
Sep 15, 2021 14:13:51.928198099 CEST | 4892 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.5 | 49785 | 161.129.64.49 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 14:13:54.329246998 CEST | 4895 | OUT | |
Sep 15, 2021 14:13:54.354396105 CEST | 4895 | IN | |
Sep 15, 2021 14:13:54.354980946 CEST | 4896 | OUT | |
Sep 15, 2021 14:13:55.689045906 CEST | 4896 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 14:12:36 |
Start date: | 15/09/2021 |
Path: | C:\Users\user\Desktop\DOCUMENTS.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe30000 |
File size: | 713728 bytes |
MD5 hash: | F93324854461139C58E0E865CEB3C859 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 14:12:51 |
Start date: | 15/09/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9e0000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 14:12:51 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff797770000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 14:12:51 |
Start date: | 15/09/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb50000 |
File size: | 69632 bytes |
MD5 hash: | 88BBB7610152B48C2B3879473B17857E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | moderate |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 019E7832, Relevance: 1.6, Strings: 1, Instructions: 368COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A0BBF, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A0D41, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A0BF6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A0D72, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E7880, Relevance: 1.5, Strings: 1, Instructions: 244COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E64C1, Relevance: 1.4, Strings: 1, Instructions: 163COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EED60, Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EED51, Relevance: .3, Instructions: 314COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E5890, Relevance: .2, Instructions: 246COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE43C, Relevance: .2, Instructions: 244COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E45F9, Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EBBD0, Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E4608, Relevance: .2, Instructions: 238COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E49B0, Relevance: .2, Instructions: 236COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EBBC0, Relevance: .2, Instructions: 235COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E49C0, Relevance: .2, Instructions: 233COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EFC31, Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E40B8, Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E5948, Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E5FC9, Relevance: .2, Instructions: 155COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EC078, Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EC069, Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE8F8, Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE8E8, Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E69C0, Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE5D6, Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E0140, Relevance: 3.3, Instructions: 3264COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E0131, Relevance: 3.3, Instructions: 3262COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F088E, Relevance: 2.5, Strings: 2, Instructions: 21COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A16CA, Relevance: 1.6, APIs: 1, Instructions: 145fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A1316, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016EA2AC, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A1830, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A175A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A1900, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A0794, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016EBBDD, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A1356, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A0DEC, Relevance: 1.6, APIs: 1, Instructions: 69fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A1B3F, Relevance: 1.6, APIs: 1, Instructions: 68fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A1C91, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016EA5FB, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A1932, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A0EDD, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A2023, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A0E1A, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A07D2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016EBC0E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A1872, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016EAAEC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A0F02, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016EA42A, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A1B72, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016EA622, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016EA2F6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A2052, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058A1CCA, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016EAB0E, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016EA44E, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E5BAE, Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EF3A1, Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EF3B0, Relevance: .1, Instructions: 144COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E3C40, Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F0294, Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03270724, Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E5BA0, Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EA4E8, Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA6EC, Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA944, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA5C0, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE0C0, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA81A, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE0B0, Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA3AA, Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FAAC8, Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E6270, Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA191, Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EA698, Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EC915, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA96E, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA842, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA716, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E6398, Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E6280, Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EB938, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA5EA, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA3D2, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA640, Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA1BA, Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E7DC8, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E3FE8, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E0006, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0327075C, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FAB09, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EB978, Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EA6FE, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE298, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE28A, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA118, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EA580, Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E7E90, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EA7F8, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E3DA7, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032705D2, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EAB52, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E00B9, Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EA8C7, Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE159, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E6701, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E3DB8, Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E6470, Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E7EA0, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E4050, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E4D40, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E4058, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E00C8, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03270818, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F0A50, Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EACE4, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F0D18, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EFBD8, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EDC74, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032705F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F0BC2, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FAB6B, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA363, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA57B, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA8FB, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA7CF, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA14C, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016FA6A3, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E0070, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F0757, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EFBE8, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E5037, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E6710, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E6480, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EF2B0, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EA85A, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E5458, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F05DC, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EAAD9, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F06D2, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE3E0, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E770F, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EF970, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EFA39, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EFB97, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E73AD, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EFB58, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE352, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E7550, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EDA87, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE8A8, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F082D, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EF9B0, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EF238, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F0B77, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE3A0, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EFF29, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE3F0, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EE8B8, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F0D9D, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016E23F4, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EFF38, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E5601, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016E23BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F0ED2, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E53E7, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EA29B, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EDEC3, Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EDB8A, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019ED7B8, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019ED7DF, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EDBF3, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019ED802, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EDE4A, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 019E4DC0, Relevance: 2.6, Strings: 2, Instructions: 82COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019ECAC0, Relevance: 1.5, Strings: 1, Instructions: 230COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019ECAB2, Relevance: 1.5, Strings: 1, Instructions: 223COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E9950, Relevance: 1.3, Strings: 1, Instructions: 90COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E9960, Relevance: 1.3, Strings: 1, Instructions: 90COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EADFF, Relevance: .3, Instructions: 262COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EAE68, Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F0006, Relevance: .2, Instructions: 173COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E8570, Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E9710, Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E9701, Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E4309, Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E4318, Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B9F0070, Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E8580, Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E8F50, Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E8F40, Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E94F8, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E94E8, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019ED02E, Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019ED048, Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EB3B1, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EB3F0, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E9AE9, Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EC36F, Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019EC380, Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05AB0070, Relevance: 23.6, APIs: 1, Strings: 12, Instructions: 829libraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F0070, Relevance: 10.6, Strings: 8, Instructions: 613COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011FC301, Relevance: 6.8, Strings: 5, Instructions: 530COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F1F58, Relevance: 1.8, Strings: 1, Instructions: 503COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122AF07, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122B089, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122AF3E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C02EF6, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122B0BA, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F5C80, Relevance: .6, Instructions: 642COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F0024, Relevance: .3, Instructions: 297COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C00D2E, Relevance: 1.6, APIs: 1, Instructions: 104fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122A120, Relevance: 1.6, APIs: 1, Instructions: 89fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122B464, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C01908, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C0116B, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122B55D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C01CB4, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122B654, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C02DE6, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C01D98, Relevance: 1.6, APIs: 1, Instructions: 79timeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C00E44, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C01826, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C02F66, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C00D6E, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C02B63, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C02EB8, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C00FF6, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122ACEF, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C02218, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C01E8B, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C01846, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122AC3B, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122AFD4, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C01946, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C01353, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122B58A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122AAFB, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C03D48, Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C01DC2, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C03C8C, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122B4A2, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122A836, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122A78B, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C01016, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C02F96, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C03E11, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C01EAE, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C01CF2, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C02B96, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C02E22, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C0224E, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122A44B, Relevance: 1.6, APIs: 1, Instructions: 54comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C03D6E, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122AD22, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C00E86, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C03CAE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C03E36, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122B6AA, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122A172, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122A7B2, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C011CE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C01392, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122AB2E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122B00E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122AC76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122A47A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0122A876, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F1EF9, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F1278, Relevance: 1.0, Instructions: 968COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F32D0, Relevance: .6, Instructions: 640COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F5339, Relevance: .3, Instructions: 297COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011FFAA8, Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F28F0, Relevance: .3, Instructions: 276COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F5B81, Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F6660, Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F3080, Relevance: .2, Instructions: 213COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F2891, Relevance: .2, Instructions: 196COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F5929, Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F2D38, Relevance: .2, Instructions: 168COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F3CE8, Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F4029, Relevance: .2, Instructions: 155COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F25B2, Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F5988, Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F55C8, Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F57B8, Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F6479, Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F2F09, Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F2772, Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F3F09, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C12F8A, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011FFA8E, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C139FC, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D8075C, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F3F68, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F27D0, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F5868, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F26B0, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D8074B, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F2BF0, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D805CF, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F3CD9, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F6528, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D80818, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D805F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C12FFF, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C13A67, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F270F, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F3FC7, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F282F, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011F58C7, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012223F4, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012223BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 011FBF80, Relevance: 6.5, Strings: 5, Instructions: 275COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |