Windows Analysis Report uT9rwkGATJ.dll
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"RSA Public Key": "Wa0ptOHdbeWyaLju6Av14Mh7FDVECzYw3M++OWU/cFwf0ZjLctG17DYP/MFVk/hMExgeVHSsuIoKkcbpz57JUku89Z6sGfWSZvCVyvpfi1ZpEwDNNeNw5k5dpgwB3LsIS45sMaK472UpYahrOWaY66CWVjJyKzpo2y/tq1ZiFHe/iFygPyws634yVgV7rQhjAPiNPuq0SMLwHnadf5iTBRPHNZOfo4EV1JOy+KK7FD2JiBwbgL2xH8mvgvUrMN0gphdmog43p4QO6+T4499NqSdjKKJutU5bxT8XtJKvzMrbRLkRwTKw+5msPiKoZk2Mmt6I5yjyUlMUijuRPmFH+uUAMGA+NmgwHR/EoB9vyak=", "c2_domain": ["outlook.com", "zereunrtol.website", "xereunrtol.website"], "botnet": "2525", "server": "12", "serpent_key": "10218409ILPAQDIR", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "DGA_count": "10"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 29 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 15 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Encoded IEX | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: MSHTA Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag: |
Sigma detected: Mshta Spawning Windows Shell | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Suspicious Csc.exe Source File Folder | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Suspicious Rundll32 Activity | Show sources |
Source: | Author: juju4, Jonhnathan Ribeiro, oscd.community: |
Sigma detected: Non Interactive PowerShell | Show sources |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Sigma detected: T1086 PowerShell Execution | Show sources |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Data Obfuscation: |
---|
Sigma detected: Powershell run code from registry | Show sources |
Source: | Author: Joe Security: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00B6B4A5 | |
Source: | Code function: | 0_2_00B66467 | |
Source: | Code function: | 0_2_00B5BAF2 | |
Source: | Code function: | 3_2_0334BAF2 | |
Source: | Code function: | 3_2_03356467 | |
Source: | Code function: | 3_2_0335B4A5 |
Source: | Code function: | 0_2_00B52E19 |
Networking: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: |
Uses ping.exe to check the status of other devices and networks | Show sources |
Source: | Process created: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Disables SPDY (HTTP compression, likely to perform web injects) | Show sources |
Source: | Registry key value created / modified: |
System Summary: |
---|
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Code function: | 0_2_6E1A21B4 | |
Source: | Code function: | 0_2_00B04C40 | |
Source: | Code function: | 0_2_00B0AF24 | |
Source: | Code function: | 0_2_00B02B76 | |
Source: | Code function: | 0_2_00670C49 | |
Source: | Code function: | 0_2_00670CBE | |
Source: | Code function: | 0_2_00B5348B | |
Source: | Code function: | 0_2_00B51C14 | |
Source: | Code function: | 0_2_00B571AA | |
Source: | Code function: | 0_2_00B561D5 | |
Source: | Code function: | 0_2_00B68D77 | |
Source: | Code function: | 0_2_00B59F02 | |
Source: | Code function: | 0_2_00B5135C | |
Source: | Code function: | 2_2_00570CBE | |
Source: | Code function: | 2_2_00570C49 | |
Source: | Code function: | 3_2_02DA0CBE | |
Source: | Code function: | 3_2_02DA0C49 | |
Source: | Code function: | 3_2_03349F02 | |
Source: | Code function: | 3_2_0334135C | |
Source: | Code function: | 3_2_0334EBA2 | |
Source: | Code function: | 3_2_03358D77 | |
Source: | Code function: | 3_2_033471AA | |
Source: | Code function: | 3_2_033461D5 | |
Source: | Code function: | 3_2_03341C14 | |
Source: | Code function: | 3_2_0334348B | |
Source: | Code function: | 4_2_02BD4C40 | |
Source: | Code function: | 4_2_02BDAF24 | |
Source: | Code function: | 4_2_02BD2B76 | |
Source: | Code function: | 4_2_00840CBE | |
Source: | Code function: | 4_2_00840C49 |
Source: | Code function: | 0_2_6E1A13B8 | |
Source: | Code function: | 0_2_6E1A15C6 | |
Source: | Code function: | 0_2_6E1A1273 | |
Source: | Code function: | 0_2_6E1A23D5 | |
Source: | Code function: | 0_2_00B094E8 | |
Source: | Code function: | 0_2_00B09269 | |
Source: | Code function: | 0_2_00B05D10 | |
Source: | Code function: | 0_2_00B0B149 | |
Source: | Code function: | 0_2_00B6F02A | |
Source: | Code function: | 0_2_00B5D5B8 | |
Source: | Code function: | 0_2_00B645D7 | |
Source: | Code function: | 0_2_00B60DD9 | |
Source: | Code function: | 0_2_00B665CE | |
Source: | Code function: | 0_2_00B6D103 | |
Source: | Code function: | 0_2_00B5CC12 | |
Source: | Code function: | 0_2_00B7186D | |
Source: | Code function: | 0_2_00B5B9B9 | |
Source: | Code function: | 0_2_00B6E9C2 | |
Source: | Code function: | 0_2_00B662DC | |
Source: | Code function: | 0_2_00B5979A | |
Source: | Code function: | 0_2_00B56F3E | |
Source: | Code function: | 0_2_00B76B6A | |
Source: | Code function: | 3_2_0335420A | |
Source: | Code function: | 3_2_0335D103 | |
Source: | Code function: | 3_2_0334D5B8 | |
Source: | Code function: | 3_2_033545D7 | |
Source: | Code function: | 3_2_03350DD9 | |
Source: | Code function: | 3_2_033565CE | |
Source: | Code function: | 3_2_0335F02A | |
Source: | Code function: | 3_2_03346F3E | |
Source: | Code function: | 3_2_03366B6A | |
Source: | Code function: | 3_2_0334979A | |
Source: | Code function: | 3_2_033562DC | |
Source: | Code function: | 3_2_0334B9B9 | |
Source: | Code function: | 3_2_0335E9C2 | |
Source: | Code function: | 3_2_0334CC12 | |
Source: | Code function: | 3_2_03360C0C | |
Source: | Code function: | 3_2_0336186D | |
Source: | Code function: | 4_2_02BD5D10 | |
Source: | Code function: | 4_2_02BDB149 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: |
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Code function: | 0_2_00B04A03 |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation: |
---|
Suspicious powershell command line found | Show sources |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Code function: | 0_2_6E1A21B3 | |
Source: | Code function: | 0_2_6E1A2159 | |
Source: | Code function: | 0_2_00B0ABE9 | |
Source: | Code function: | 0_2_00B0AF23 | |
Source: | Code function: | 0_2_00670B96 | |
Source: | Code function: | 0_2_00B56107 | |
Source: | Code function: | 0_2_00B7A293 | |
Source: | Code function: | 2_2_00570B96 | |
Source: | Code function: | 3_2_02DA0B96 | |
Source: | Code function: | 3_2_0336A293 | |
Source: | Code function: | 3_2_03346107 | |
Source: | Code function: | 4_2_02BDABE9 | |
Source: | Code function: | 4_2_02BDAF23 | |
Source: | Code function: | 4_2_00840B96 |
Source: | Code function: | 0_2_6E1A1DE5 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Hooks registry keys query functions (used to hide registry keys) | Show sources |
Source: | IAT, EAT, inline or SSDT hook detected: |
Modifies the prolog of user mode functions (user mode inline hooks) | Show sources |
Source: | User mode code has changed: |
Self deletion via cmd delete | Show sources |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Modifies the export address table of user mode modules (user mode EAT hooks) | Show sources |
Source: | IAT of a user mode module has changed: |
Modifies the import address table of user mode modules (user mode IAT hooks) | Show sources |
Source: | EAT of a user mode module has changed: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion: |
---|
Uses ping.exe to sleep | Show sources |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | |||
Source: | Thread sleep count: | |||
Source: | Thread sleep time: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | |||
Source: | Window / User API: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00B6B4A5 | |
Source: | Code function: | 0_2_00B66467 | |
Source: | Code function: | 0_2_00B5BAF2 | |
Source: | Code function: | 3_2_0334BAF2 | |
Source: | Code function: | 3_2_03356467 | |
Source: | Code function: | 3_2_0335B4A5 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: |
Source: | Code function: | 0_2_00B52E19 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_6E1A1DE5 |
Source: | Code function: | 0_2_00B576B3 | |
Source: | Code function: | 3_2_033476B3 |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: |
Changes memory attributes in foreign processes to executable or writable | Show sources |
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: |
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: |
Injects code into the Windows Explorer (explorer.exe) | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | |||
Source: | Thread register set: | |||
Source: | Thread register set: | |||
Source: | Thread register set: |
Creates a thread in another existing process (thread injection) | Show sources |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | |||
Source: | Thread created: | |||
Source: | Thread created: | |||
Source: | Thread created: | |||
Source: | Thread created: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: |
Source: | Code function: | 0_2_00B0A82B |
Source: | Key value queried: |
Source: | Code function: | 0_2_00B53E33 |
Source: | Code function: | 0_2_6E1A1172 |
Source: | Code function: | 0_2_6E1A1825 |
Source: | Code function: | 0_2_00B0A82B |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation2 | DLL Side-Loading1 | DLL Side-Loading1 | Obfuscated Files or Information1 | Credential API Hooking3 | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer3 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Process Injection813 | DLL Side-Loading1 | LSASS Memory | Account Discovery1 | Remote Desktop Protocol | Email Collection1 | Exfiltration Over Bluetooth | Encrypted Channel11 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Command and Scripting Interpreter1 | Logon Script (Windows) | Logon Script (Windows) | File Deletion1 | Security Account Manager | File and Directory Discovery3 | SMB/Windows Admin Shares | Credential API Hooking3 | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | PowerShell1 | Logon Script (Mac) | Logon Script (Mac) | Rootkit4 | NTDS | System Information Discovery25 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol14 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Masquerading1 | LSA Secrets | Security Software Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Virtualization/Sandbox Evasion21 | Cached Domain Credentials | Virtualization/Sandbox Evasion21 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Process Injection813 | DCSync | Process Discovery3 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Rundll321 | Proc Filesystem | Application Window Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | System Owner/User Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | Remote System Discovery11 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | System Network Configuration Discovery1 | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
outlook.com | 40.97.156.114 | true | false | high | |
HHN-efz.ms-acdc.office.com | 52.97.151.18 | true | false | high | |
FRA-efz.ms-acdc.office.com | 52.98.208.114 | true | false | high | |
xereunrtol.website | 193.29.104.83 | true | false | high | |
www.outlook.com | unknown | unknown | false | high | |
zereunrtol.website | unknown | unknown | false | high | |
outlook.office365.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
false | high | ||
false | high | ||
true |
| unknown | |
false | high | ||
false | high | ||
true |
| unknown | |
false | high | ||
true |
| unknown | |
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
40.97.156.114 | outlook.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.97.178.98 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | true | |
193.29.104.83 | xereunrtol.website | Romania | 9009 | M247GB | false | |
52.97.151.18 | HHN-efz.ms-acdc.office.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
40.97.160.2 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | true | |
40.101.9.178 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | true | |
52.98.208.114 | FRA-efz.ms-acdc.office.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Private |
---|
IP |
---|
192.168.2.1 |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 499264 |
Start date: | 08.10.2021 |
Start time: | 06:42:36 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 15m 41s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | uT9rwkGATJ.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 48 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winDLL@54/38@14/8 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
06:45:09 | API Interceptor | |
06:45:14 | API Interceptor | |
06:46:19 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
outlook.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
No context |
---|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:Axoe5FpOMxoe5Pib4GVsm5emdKVFn3eGOVpN6K3bkkjo5HgkjDt4iWN3yBGHh9sO:6fib4GGVoGIpN6KQkj2Akjh4iUxs14fr |
MD5: | 1F1446CE05A385817C3EF20CBD8B6E6A |
SHA1: | 1E4B1EE5EFCA361C9FB5DC286DD7A99DEA31F33D |
SHA-256: | 2BCEC12B7B67668569124FED0E0CEF2C1505B742F7AE2CF86C8544D07D59F2CE |
SHA-512: | 252AD962C0E8023419D756A11F0DDF2622F71CBC9DAE31DC14D9C400607DF43030E90BCFBF2EE9B89782CC952E8FB2DADD7BDBBA3D31E33DA5A589A76B87C514 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 0.9260988789684415 |
Encrypted: | false |
SSDEEP: | 3:Nlllulb/lj:NllUb/l |
MD5: | 13AF6BE1CB30E2FB779EA728EE0A6D67 |
SHA1: | F33581AC2C60B1F02C978D14DC220DCE57CC9562 |
SHA-256: | 168561FB18F8EBA8043FA9FC4B8A95B628F2CF5584E5A3B96C9EBAF6DD740E3F |
SHA-512: | 1159E1087BC7F7CBB233540B61F1BDECB161FF6C65AD1EFC9911E87B8E4B2E5F8C2AF56D67B33BC1F6836106D3FEA8C750CC24B9F451ACF85661E0715B829413 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0940225424877514 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryZuak7Ynqq6vPN5Dlq5J:+RI+ycuZhNjuakS6vPNnqX |
MD5: | 5E54597013E64C33C8BFB30E0F312D5B |
SHA1: | A15A7BB374BA4B520E406DF2C5E9E4A888707FC4 |
SHA-256: | 3765016012262EEAFE2A1A9D362FAC604A8CAC6D816C4AFA039B8F5510175461 |
SHA-512: | A469B1BE8D588B224433E04D067CC740BE971F293FC1B0A74C2C9F511602C6409B63476BB94B98314265093309CA5F3AB7127E6AA4EF3CD8798E96F61E86A083 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.087002864921187 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryagCM/qak7YnqqvgCM/bPN5Dlq5J:+RI+ycuZhN8HM/qakSvHM/bPNnqX |
MD5: | 0715FC9E2573623F149A5EE75C23C19B |
SHA1: | 2CB92F2B64924BB21D69453A6017780D1F016230 |
SHA-256: | 996161F8FFE0C987715BFBA1A7CB32C4B36800CE92A97CC24BF1797720D827AA |
SHA-512: | 09F78A6A99B359A78FC673E12A2FED9C99D1CE7ACC0FCE909FC98A5F578153ABB29BA9510BF20DD20C6B6EB3BE011CE17C9CCE2662A91C7B7C057697906B4696 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.088300623958703 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grygYfGak7YnqqhYfXPN5Dlq5J:+RI+ycuZhNuY+akShYfPNnqX |
MD5: | 45ACEB27BF09B9A372DF76C41EA25CBC |
SHA1: | A5F6283D5F24B18AF5F4206A57A442688BCFA221 |
SHA-256: | BB5D61468F93620A5CA74F3CAD2B6B935CFB41E627AC05505BF5BFD18DDD23EC |
SHA-512: | 5EE60D2C82347F5761DACE5C8B13919D8D18F57539C2D42C211D91E21AE5F95CB586D22E94C2978CE83C41970714800F68B6E12019A0B6B4D6B4075838F9DBF9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1159679552735917 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryyak7YnqqgPN5Dlq5J:+RI+ycuZhNUakSgPNnqX |
MD5: | B6F8FAC514A8F5183DB815BD950B9D1F |
SHA1: | 9C5CEE4507522F07CB4BDE73F8DA9AF0418573F7 |
SHA-256: | 3D4151340E53DE7F388B865E8A54A8D9574D29C30C776ED7A345E691A60C6838 |
SHA-512: | E50EE4A00FB61B00D3A7EA58F550CAB0BCC6066B38781974586B485DB1FB940A468B3FA2A59503AAD90FC863884E9BB1524CDDCDC9CCB657A972109CCC0690DD |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2176 |
Entropy (8bit): | 2.6912424772889194 |
Encrypted: | false |
SSDEEP: | 24:43bTkhHNFhKdNNI+ycuZhNjuakS6vPNnq9hgpUnW9s:43ngdKd31uljua36tq9Z5 |
MD5: | B38B49F3A10F7649430F13A4283FAE5F |
SHA1: | 3EE4FB0BAD3FB1643752BAF1C6B1A425DFBC8EE8 |
SHA-256: | 1F1E88E61F746EAF0AF0B432B619ACE9F1AE1991A74D8D0675C946B005AD98EE |
SHA-512: | 4580B5BCB69EC48797925D171C6EE8106C7722F837280D010F6DBFD34193FDB8E2BF3140AC74E06A7E3795FDD146CDD20A81094EC9EC6798A624CD4A45F75DF6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2176 |
Entropy (8bit): | 2.6914814281046717 |
Encrypted: | false |
SSDEEP: | 24:43LghHEhKdNNI+ycuZhN8HM/qakSvHM/bPNnq9hgpGnW9s:43L82Kd31uleMia3vMJq9j5 |
MD5: | DC6B839F34BBA6D3CB05082BB9F87D49 |
SHA1: | 26A506559EFEE4F82ECF9E17ADC9118433F3363D |
SHA-256: | 1E3CA6ECAA1C7ECC75DEF865367AF0CB1C8C2A3086E14E09EDBE716C6BE9859D |
SHA-512: | 6D56FDA4A24300A016A039D006EDB39ADEF3DD286D20F4B7DEDBA1D761935A4C843C5D42431C6E0867B5CC5FAA913BE51112712E523910A8B6FBD1A40F02B7ED |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2176 |
Entropy (8bit): | 2.71260515918407 |
Encrypted: | false |
SSDEEP: | 24:jAy9ZhHXQhKdNNI+ycuZhNUakSgPNnq9hgpNnW9s:jAIiKd31ulUa34q9i5 |
MD5: | 10BE416BDF4B44C72317119FC15E943B |
SHA1: | 219915B9631AE2493E7C87CE7BFFD2B85793D9AB |
SHA-256: | FCC50836A5C55FB1A052AA25E56A75AF065A056DBA700F6FE8FD81CFFCE2C6AD |
SHA-512: | CD98E69BDB55C2FE5C40FBEB7C6A0003776096463F8762EC93BFE2D5EDAED17B88FEA47DB33CA1F7BCC4B17FC158F73202B911814F0651B50E4501E43B0B4F02 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2176 |
Entropy (8bit): | 2.6881321375655713 |
Encrypted: | false |
SSDEEP: | 24:jiCvhHEhhKdNNI+ycuZhNuY+akShYfPNnq9hgpRnW9s:jdpkvKd31ult+a3q9q9+5 |
MD5: | 3B53B806CC04C1B8A2A5209336D02D18 |
SHA1: | E31FF9610D2E472330F330792EC99A5FF8DAA6C6 |
SHA-256: | 0EC24924884C9D3DA340E5F26F6D16876A632A7A27C26EE8F92F52690BB3A377 |
SHA-512: | 9E07B4871C941C90D9758F5D0D987BB543DEA42313AFF23F77D76EE34639ADC74C77095EFC77CC233967297D9301E0967DC6B96548F605121E9FE4FC6682C3A6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 405 |
Entropy (8bit): | 4.989686390677173 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZMRSRa+eNMjSSRrIdOLaSRHq1rywQeNVaMny:V/DTLDfuP9eg5rIglurywhNUMny |
MD5: | 5210AC8610DA2A55F963FF2C951D0DC3 |
SHA1: | A4F391F9661A57D4A40896F31158BB5E445B4269 |
SHA-256: | 53CE49B3F1728B3ABDCE3ECEBC468947EC3C89460B721456CD7BFD297888F877 |
SHA-512: | 9B02B21D978580967C6812DF158124973A6D1A147EFD2CF842F421FD1A44D8525DFD38270C1F500F7010436F41FC1771C983A59C3C3FFBAA18ED8B072DB18870 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.224886261087632 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23flVUzxs7+AEszIWXp+N23flP:p37Lvkmb6KH9qWZE89P |
MD5: | 704312AA80E7E080EFE947DB843E3C91 |
SHA1: | 1B2258967D5728A67A8171DB6FBB7A33C3D6BD8D |
SHA-256: | 7B76F9EDD919A4F5F405A47347635685736FECBB35ACF9C08DE86434BBE8C675 |
SHA-512: | DCA51BA33C8ACD6FEF4E6E7F5D742A19D9E4C7DA42102533E1175A4834780900490A1593BF520FB5CD86069F5C2D8F4A153776471F1BBB0AAD91F201024493F2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6114615630922198 |
Encrypted: | false |
SSDEEP: | 24:etGSz8+mEej8MTHtmCFxcdWptkZf+lBm0hEdI+ycuZhNuY+akShYfPNnq:6xLjMTwCFxuWkJ446Ed1ult+a3q9q |
MD5: | 0447C5B78E665D1A2761B0469D0D1E62 |
SHA1: | 29EA6B23A4FA3F7132D75162C50A080D1C57E835 |
SHA-256: | B2A76D43F563B84066B554A64CAC6CCB0A065CCE55C5563F4945534042DCAFA5 |
SHA-512: | CAEB0D48B51F0F241097B934B027408C53D4A9CDBC6788F21B4110B28FB7A635DD3C75D7CB628D64FD40533A49496DBC00A9F84BCA50A319AA111EFC805F916B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | modified |
Size (bytes): | 412 |
Entropy (8bit): | 4.871364761010112 |
Encrypted: | false |
SSDEEP: | 12:zKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:zKaM5DqBVKVrdFAMBJTH |
MD5: | 83B3C9D9190CE2C57B83EEE13A9719DF |
SHA1: | ABFAB07DEA88AF5D3AF75970E119FE44F43FE19E |
SHA-256: | B5D219E5143716023566DD71C0195F41F32C3E7F30F24345E1708C391DEEEFDA |
SHA-512: | 0DE42AC5924B8A8E977C1330E9D7151E9DCBB1892A038C1815321927DA3DB804EC13B129196B6BC84C7BFC9367C1571FCD128CCB0645EAC7418E39A91BC2FEDB |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 415 |
Entropy (8bit): | 5.038565598056225 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJ0mMRSR7a18lpP6tkSRa+rVSSRnA/fl81N4IkgsOFQy:V/DTLDfuCMLh6tv9rV5nA/61N43gszy |
MD5: | 820D67D86E4D2F141C62A2F02F457875 |
SHA1: | 0F597E389BE20591567742E9333D19419947B3CD |
SHA-256: | 0DECFD511470CAB8EF7D4A45A891B8D3C8A7ABA782190C2777E2A2048F82A3CD |
SHA-512: | B05C022573C3EA6D9BC39C6E6E38DD33EC63D55F9793E6F5367E1EBA8493C33FFA28EB5989881EC82EE898F117D616FD1FE2A68E7FBF345209E8A61CBBFCCB61 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.241901715088777 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23fYTzxs7+AEszIWXp+N23fY6x:p37Lvkmb6KHgTWZE8gO |
MD5: | 69A778C5C4BA5BD5D74607FCA057A349 |
SHA1: | C40A97992D33C9F9E0A4D7FCD0F2D679C7A03CF8 |
SHA-256: | 44A5FC032575EE6A2B6A2E78B1AAC2A33E587462CF1C3AAE902423ED6930154D |
SHA-512: | 45804C00134BEC8852E78E4A9E59CBB80D4F1E667CA5D2EC24321FC0D13B13F912DBE017311BB1A79BB260A7B9D8822F9EB2FE998F0AAA2673B17BCB3C113D91 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.632611212353435 |
Encrypted: | false |
SSDEEP: | 48:6jm65J7+ikL31uu0SJguaqgX1uleMia3vMJq:r65J7yL3PAIkvKv |
MD5: | 0186F4FD170148B6038818513C1E0433 |
SHA1: | B00BE66DE2852FB11DD967F554CE2BB3031DE47B |
SHA-256: | 5F2170918D15A7A7EA12A6AFF2A7138E938C5FB80FC8D18CBC7B5B67F0446B82 |
SHA-512: | 8C97E2B4F7765112905CB26CC284CD09EC9866EBA082069EDBE9ABF17AACD9E25FC90495644CFCF8478838F549AC9A2C0C09A57860B52F9709C0B2B0E15C4B7A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | modified |
Size (bytes): | 412 |
Entropy (8bit): | 4.871364761010112 |
Encrypted: | false |
SSDEEP: | 12:zKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:zKaM5DqBVKVrdFAMBJTH |
MD5: | 83B3C9D9190CE2C57B83EEE13A9719DF |
SHA1: | ABFAB07DEA88AF5D3AF75970E119FE44F43FE19E |
SHA-256: | B5D219E5143716023566DD71C0195F41F32C3E7F30F24345E1708C391DEEEFDA |
SHA-512: | 0DE42AC5924B8A8E977C1330E9D7151E9DCBB1892A038C1815321927DA3DB804EC13B129196B6BC84C7BFC9367C1571FCD128CCB0645EAC7418E39A91BC2FEDB |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 405 |
Entropy (8bit): | 4.989686390677173 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZMRSRa+eNMjSSRrIdOLaSRHq1rywQeNVaMny:V/DTLDfuP9eg5rIglurywhNUMny |
MD5: | 5210AC8610DA2A55F963FF2C951D0DC3 |
SHA1: | A4F391F9661A57D4A40896F31158BB5E445B4269 |
SHA-256: | 53CE49B3F1728B3ABDCE3ECEBC468947EC3C89460B721456CD7BFD297888F877 |
SHA-512: | 9B02B21D978580967C6812DF158124973A6D1A147EFD2CF842F421FD1A44D8525DFD38270C1F500F7010436F41FC1771C983A59C3C3FFBAA18ED8B072DB18870 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.301069111144844 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23fX8Vzxs7+AEszIWXp+N23fX8Qn:p37Lvkmb6KHP8VWZE8P8Q |
MD5: | 0B98006696980210E9096059C632C9B8 |
SHA1: | BA33540895DF323BB1D30D55441736656F52DD5A |
SHA-256: | 3E717303B58E2B14894912390DE05081D1807884B29A6C570C69FE8F34AC8FB0 |
SHA-512: | 986EE52DEF241BA94C9D44E5D1CE8DED5DEF73E1CFB6E02841BF15884B1391CDB7E222F8D4178ECCD224787064F6FCD6DE3ECC96AF33A2D09C66975483A2080A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6196876679200796 |
Encrypted: | false |
SSDEEP: | 24:etGSN8+mEej8MTHtmCFxidWptkZfOBvPat60hEdI+ycuZhNUakSgPNnq:6DLjMTwCFxcWkJOlSt66Ed1ulUa34q |
MD5: | AB4597E9782631B17D2198E76172A529 |
SHA1: | F1A1CEB3F77BC49D50D7D19C1BCB735D371F42A4 |
SHA-256: | 4B834FFE906C310F0F47401E4533440FABEE3F0CEC9B9226E8DF0CFAFCC0972A |
SHA-512: | A3E2C980FF718E6028215F79235A9C69CBDA0817163F1C98E32F79A6303A28C1A2C434A19F1DB94A5E46D4CC377173D96806A49B728E1C62D2344BB04D9368A6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | modified |
Size (bytes): | 412 |
Entropy (8bit): | 4.871364761010112 |
Encrypted: | false |
SSDEEP: | 12:zKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:zKaM5DqBVKVrdFAMBJTH |
MD5: | 83B3C9D9190CE2C57B83EEE13A9719DF |
SHA1: | ABFAB07DEA88AF5D3AF75970E119FE44F43FE19E |
SHA-256: | B5D219E5143716023566DD71C0195F41F32C3E7F30F24345E1708C391DEEEFDA |
SHA-512: | 0DE42AC5924B8A8E977C1330E9D7151E9DCBB1892A038C1815321927DA3DB804EC13B129196B6BC84C7BFC9367C1571FCD128CCB0645EAC7418E39A91BC2FEDB |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 415 |
Entropy (8bit): | 5.038565598056225 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJ0mMRSR7a18lpP6tkSRa+rVSSRnA/fl81N4IkgsOFQy:V/DTLDfuCMLh6tv9rV5nA/61N43gszy |
MD5: | 820D67D86E4D2F141C62A2F02F457875 |
SHA1: | 0F597E389BE20591567742E9333D19419947B3CD |
SHA-256: | 0DECFD511470CAB8EF7D4A45A891B8D3C8A7ABA782190C2777E2A2048F82A3CD |
SHA-512: | B05C022573C3EA6D9BC39C6E6E38DD33EC63D55F9793E6F5367E1EBA8493C33FFA28EB5989881EC82EE898F117D616FD1FE2A68E7FBF345209E8A61CBBFCCB61 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.268750609128095 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23f9KHzxs7+AEszIWXp+N23f9KoyA:p37Lvkmb6KHl0WZE8lz9 |
MD5: | 49F0BD0679BF1D1C64609BEC9FF0E9A8 |
SHA1: | 891088F1D52E4CBA1FC00275C138412B721B3AA9 |
SHA-256: | 4850FD4D357E5351C8262D82A388985B2B2B981B101052EB731D5B5D26BF8A98 |
SHA-512: | 3DCCB541CD36CCD5AC5537E7E3843E158760817BACE3C8BBABF6CF7BAB13CDE2EE95AC1DC3FB4A442FFE855502004AA92246FD912E4E118BA5723AA85E1592DA |
Malicious: | true |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6373866366749064 |
Encrypted: | false |
SSDEEP: | 48:6Im65J7+ikLLuu0SJmUqgX1uljua36tq:Q65J7yLhhIpuK6 |
MD5: | 97E33B4529706F244A7CC47FEF8277AE |
SHA1: | 947DC04DF356F47448FC32D5EE745596473B0F59 |
SHA-256: | E0C3FB85273C41F45A2A3DF4ADECFBAF8C3A69DA3255A2E3065026F3EFB2CA15 |
SHA-512: | 49366788F7963F742735F04691E4EFC9427CBED09B7B9883B599CFABFBF2E47303B21B2D4D555596334C5D394BAED8289B7DD848798C0F71502AA2263B2A297E |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | modified |
Size (bytes): | 412 |
Entropy (8bit): | 4.871364761010112 |
Encrypted: | false |
SSDEEP: | 12:zKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:zKaM5DqBVKVrdFAMBJTH |
MD5: | 83B3C9D9190CE2C57B83EEE13A9719DF |
SHA1: | ABFAB07DEA88AF5D3AF75970E119FE44F43FE19E |
SHA-256: | B5D219E5143716023566DD71C0195F41F32C3E7F30F24345E1708C391DEEEFDA |
SHA-512: | 0DE42AC5924B8A8E977C1330E9D7151E9DCBB1892A038C1815321927DA3DB804EC13B129196B6BC84C7BFC9367C1571FCD128CCB0645EAC7418E39A91BC2FEDB |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1195 |
Entropy (8bit): | 5.320686932671721 |
Encrypted: | false |
SSDEEP: | 24:BxSAIxvBnD+x2DOXUWOLCHGI4XWrHjeTKKjX4CIym1ZJXWOLCHGI4SnxSAZn:BZcvhKoORF4GrqDYB1ZcF4UZZn |
MD5: | 8AF4A446FD74F106B3927FD02E153053 |
SHA1: | 0C5A039AC8E3712945A48112494E3209ED7F619A |
SHA-256: | 29DA2D3F7E72FFC0EAE80A9BE479BFA51450B70D9E0F7EC3B4090A3603E2B1AD |
SHA-512: | 60EC0EE0ACD4EBD70CDD3BB2277D456169A9DF53A8D0B13855F46F0DB97DEBD13ED9E6B0D738900E7C094CB3F3F210CA1ADDA1E834B08C63996A0953448FCF25 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1195 |
Entropy (8bit): | 5.322193987487182 |
Encrypted: | false |
SSDEEP: | 24:BxSAdxvBnD+x2DOXUWOLCHGI4XWetHjeTKKjX4CIym1ZJXPOLCHGI4znxSAZS:BZ/vhKoORF4G8qDYB1Z/F4TZZS |
MD5: | 8E619B398098C24D77705A3469300C9C |
SHA1: | 25DFE5320E20672519A43CF9C45E1B8FF38CBD4D |
SHA-256: | 60B3C46DFE1B6F20597588DA9B4ACB49651019D3CAEBD9015EC86158D392C6E1 |
SHA-512: | 6213A342205E2AB3285F6957EFF5620C1E2EAB02D2E0DFAC335C7833709DB80714DC93E913E451C93797C985D1AF9F8C6FB7BE01EE7A06CB637E6C8FE43175F9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.437180554827025 |
TrID: |
|
File name: | uT9rwkGATJ.dll |
File size: | 662688 |
MD5: | 9a453cc31ebfca29d8df565258fbf8ce |
SHA1: | 5eb3be88abb84f63e04c92bc3e35a82a01689971 |
SHA256: | eaed947e04ed7659fbba2287e6965b2c0960035aa539b57a9f9e15504a01ca0a |
SHA512: | c916ced5af88b060550b24f1136b5f6e3fde45207cdad721709eb209e706ae40bca9bd230ebf79d83981258ba674993b7f47174f91272358bd5ffe2db40e64b0 |
SSDEEP: | 12288:6vWBEPfqPoo44cvquI2Pg/8wsPrcPgIDU1Iu3vEI8Vck+5gS2oQkoKeyFtseQOYc:6v5Pbo4ZgaPrOpI1IkvIVc1qDoQko/yz |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......SQ...0...0...0..rV...0..rV..j0..rV...0..._...0..._...0....s..0...0..`0..._...0..._...0..._|..0..._...0..Rich.0..........PE..L.. |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1001f336 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5F733B58 [Tue Sep 29 13:49:12 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 8d2de2ae605a2294ac6efde10e33795a |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007F2030D59067h |
call 00007F2030D5965Eh |
push dword ptr [ebp+10h] |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp+08h] |
call 00007F2030D58F13h |
add esp, 0Ch |
pop ebp |
retn 000Ch |
push ebp |
mov ebp, esp |
push 00000000h |
call dword ptr [100320BCh] |
push dword ptr [ebp+08h] |
call dword ptr [100320B8h] |
push C0000409h |
call dword ptr [100320C0h] |
push eax |
call dword ptr [100320C4h] |
pop ebp |
ret |
push ebp |
mov ebp, esp |
sub esp, 00000324h |
push 00000017h |
call 00007F2030D69D49h |
test eax, eax |
je 00007F2030D59067h |
push 00000002h |
pop ecx |
int 29h |
mov dword ptr [1009CBC8h], eax |
mov dword ptr [1009CBC4h], ecx |
mov dword ptr [1009CBC0h], edx |
mov dword ptr [1009CBBCh], ebx |
mov dword ptr [1009CBB8h], esi |
mov dword ptr [1009CBB4h], edi |
mov word ptr [1009CBE0h], ss |
mov word ptr [1009CBD4h], cs |
mov word ptr [1009CBB0h], ds |
mov word ptr [1009CBACh], es |
mov word ptr [1009CBA8h], fs |
mov word ptr [1009CBA4h], gs |
pushfd |
pop dword ptr [1009CBD8h] |
mov eax, dword ptr [ebp+00h] |
mov dword ptr [1009CBCCh], eax |
mov eax, dword ptr [ebp+04h] |
mov dword ptr [1009CBD0h], eax |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x9ac20 | 0xac | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x9accc | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x9ae000 | 0x428 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x9af000 | 0x1b80 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x99940 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x99998 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x32000 | 0x1d0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x30dfc | 0x30e00 | False | 0.680766464194 | data | 6.73243552493 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x32000 | 0x69670 | 0x69800 | False | 0.573033915877 | data | 4.48456725744 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9c000 | 0x911328 | 0xc00 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x9ae000 | 0x428 | 0x600 | False | 0.287109375 | data | 2.49030754887 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x9af000 | 0x1b80 | 0x1c00 | False | 0.796595982143 | data | 6.63506997151 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x9ae060 | 0x3c4 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetVolumeInformationW, VirtualProtect, EnterCriticalSection, GetModuleFileNameW, InitializeCriticalSection, GetTempPathW, CreateFileW, GetVersionExW, GetSystemDirectoryW, FindFirstChangeNotificationW, OpenProcess, LockResource, GetCurrentDirectoryW, GetWindowsDirectoryW, GetModuleHandleW, GetSystemTime, QueryPerformanceCounter, GetDateFormatW, WriteConsoleW, CloseHandle, SetFilePointerEx, GetConsoleMode, GetConsoleCP, WriteFile, FlushFileBuffers, SetStdHandle, HeapReAlloc, HeapSize, GetStringTypeW, GetFileType, GetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, MultiByteToWideChar, GetCommandLineW, GetCommandLineA, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, FindClose, EnumSystemLocalesW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, RaiseException, InterlockedFlushSList, GetLastError, SetLastError, EncodePointer, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, DecodePointer |
WS2_32.dll | gethostbyname, shutdown, WSAStartup, getpeername, getsockname, send, socket, ntohs, getservbyname, recvfrom, recv, htonl, htons, sendto, setsockopt, WSACleanup |
WININET.dll | InternetCanonicalizeUrlW, InternetConnectW, InternetGetLastResponseInfoW, InternetCloseHandle, HttpOpenRequestW, InternetOpenW, HttpQueryInfoW, InternetOpenUrlW, InternetQueryDataAvailable, InternetSetOptionExW, InternetCrackUrlW, HttpSendRequestW, InternetSetStatusCallbackW, InternetWriteFile, InternetReadFile |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
Camptiny | 1 | 0x1001cb80 |
Consonantget | 2 | 0x1001ccb0 |
LongSubstance | 3 | 0x1001caf0 |
Rangetown | 4 | 0x1001cc80 |
Scoreplay | 5 | 0x1001ce90 |
Visit | 6 | 0x1001cce0 |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Laugh Ranhear person Corporation. All rights reserved |
InternalName | Logice Radiocorner |
FileVersion | 8.2.6.941 |
CompanyName | Laugh Ranhear person Corporation Minescale |
ProductName | Laugh Ranhear person Evenseat Sailmiss |
ProductVersion | 8.2.6.941 |
FileDescription | Laugh Ranhear person Evenseat Sailmiss |
OriginalFilename | Teach.dll |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2021 06:45:26.600399971 CEST | 49754 | 443 | 192.168.2.3 | 40.97.156.114 |
Oct 8, 2021 06:45:26.600461960 CEST | 443 | 49754 | 40.97.156.114 | 192.168.2.3 |
Oct 8, 2021 06:45:26.600564957 CEST | 49754 | 443 | 192.168.2.3 | 40.97.156.114 |
Oct 8, 2021 06:45:26.608392954 CEST | 49754 | 443 | 192.168.2.3 | 40.97.156.114 |
Oct 8, 2021 06:45:26.608432055 CEST | 443 | 49754 | 40.97.156.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.063493967 CEST | 443 | 49754 | 40.97.156.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.063595057 CEST | 49754 | 443 | 192.168.2.3 | 40.97.156.114 |
Oct 8, 2021 06:45:27.068871975 CEST | 49754 | 443 | 192.168.2.3 | 40.97.156.114 |
Oct 8, 2021 06:45:27.068896055 CEST | 443 | 49754 | 40.97.156.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.069401026 CEST | 443 | 49754 | 40.97.156.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.228650093 CEST | 49754 | 443 | 192.168.2.3 | 40.97.156.114 |
Oct 8, 2021 06:45:27.289676905 CEST | 49754 | 443 | 192.168.2.3 | 40.97.156.114 |
Oct 8, 2021 06:45:27.335153103 CEST | 443 | 49754 | 40.97.156.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.438730001 CEST | 443 | 49754 | 40.97.156.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.438791037 CEST | 443 | 49754 | 40.97.156.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.438916922 CEST | 49754 | 443 | 192.168.2.3 | 40.97.156.114 |
Oct 8, 2021 06:45:27.439054012 CEST | 49754 | 443 | 192.168.2.3 | 40.97.156.114 |
Oct 8, 2021 06:45:27.439075947 CEST | 443 | 49754 | 40.97.156.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.439133883 CEST | 49754 | 443 | 192.168.2.3 | 40.97.156.114 |
Oct 8, 2021 06:45:27.439146996 CEST | 443 | 49754 | 40.97.156.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.464658976 CEST | 49755 | 443 | 192.168.2.3 | 52.98.208.114 |
Oct 8, 2021 06:45:27.464709997 CEST | 443 | 49755 | 52.98.208.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.464792013 CEST | 49755 | 443 | 192.168.2.3 | 52.98.208.114 |
Oct 8, 2021 06:45:27.465646982 CEST | 49755 | 443 | 192.168.2.3 | 52.98.208.114 |
Oct 8, 2021 06:45:27.465676069 CEST | 443 | 49755 | 52.98.208.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.563524008 CEST | 443 | 49755 | 52.98.208.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.563625097 CEST | 49755 | 443 | 192.168.2.3 | 52.98.208.114 |
Oct 8, 2021 06:45:27.565572977 CEST | 49755 | 443 | 192.168.2.3 | 52.98.208.114 |
Oct 8, 2021 06:45:27.565601110 CEST | 443 | 49755 | 52.98.208.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.570905924 CEST | 443 | 49755 | 52.98.208.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.573955059 CEST | 49755 | 443 | 192.168.2.3 | 52.98.208.114 |
Oct 8, 2021 06:45:27.601692915 CEST | 443 | 49755 | 52.98.208.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.601761103 CEST | 443 | 49755 | 52.98.208.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.601859093 CEST | 49755 | 443 | 192.168.2.3 | 52.98.208.114 |
Oct 8, 2021 06:45:27.601986885 CEST | 49755 | 443 | 192.168.2.3 | 52.98.208.114 |
Oct 8, 2021 06:45:27.602010965 CEST | 443 | 49755 | 52.98.208.114 | 192.168.2.3 |
Oct 8, 2021 06:45:27.626440048 CEST | 49756 | 443 | 192.168.2.3 | 52.97.151.18 |
Oct 8, 2021 06:45:27.626493931 CEST | 443 | 49756 | 52.97.151.18 | 192.168.2.3 |
Oct 8, 2021 06:45:27.626591921 CEST | 49756 | 443 | 192.168.2.3 | 52.97.151.18 |
Oct 8, 2021 06:45:27.627329111 CEST | 49756 | 443 | 192.168.2.3 | 52.97.151.18 |
Oct 8, 2021 06:45:27.627357006 CEST | 443 | 49756 | 52.97.151.18 | 192.168.2.3 |
Oct 8, 2021 06:45:27.726604939 CEST | 443 | 49756 | 52.97.151.18 | 192.168.2.3 |
Oct 8, 2021 06:45:27.726694107 CEST | 49756 | 443 | 192.168.2.3 | 52.97.151.18 |
Oct 8, 2021 06:45:27.728822947 CEST | 49756 | 443 | 192.168.2.3 | 52.97.151.18 |
Oct 8, 2021 06:45:27.728843927 CEST | 443 | 49756 | 52.97.151.18 | 192.168.2.3 |
Oct 8, 2021 06:45:27.729233027 CEST | 443 | 49756 | 52.97.151.18 | 192.168.2.3 |
Oct 8, 2021 06:45:27.731389046 CEST | 49756 | 443 | 192.168.2.3 | 52.97.151.18 |
Oct 8, 2021 06:45:27.775171041 CEST | 443 | 49756 | 52.97.151.18 | 192.168.2.3 |
Oct 8, 2021 06:45:27.783435106 CEST | 443 | 49756 | 52.97.151.18 | 192.168.2.3 |
Oct 8, 2021 06:45:27.783607006 CEST | 443 | 49756 | 52.97.151.18 | 192.168.2.3 |
Oct 8, 2021 06:45:27.783667088 CEST | 49756 | 443 | 192.168.2.3 | 52.97.151.18 |
Oct 8, 2021 06:45:27.783791065 CEST | 49756 | 443 | 192.168.2.3 | 52.97.151.18 |
Oct 8, 2021 06:45:27.783809900 CEST | 443 | 49756 | 52.97.151.18 | 192.168.2.3 |
Oct 8, 2021 06:45:27.783845901 CEST | 49756 | 443 | 192.168.2.3 | 52.97.151.18 |
Oct 8, 2021 06:45:27.783857107 CEST | 443 | 49756 | 52.97.151.18 | 192.168.2.3 |
Oct 8, 2021 06:45:31.579452991 CEST | 49764 | 443 | 192.168.2.3 | 40.97.160.2 |
Oct 8, 2021 06:45:31.579493999 CEST | 443 | 49764 | 40.97.160.2 | 192.168.2.3 |
Oct 8, 2021 06:45:31.579586983 CEST | 49764 | 443 | 192.168.2.3 | 40.97.160.2 |
Oct 8, 2021 06:45:31.584486961 CEST | 49764 | 443 | 192.168.2.3 | 40.97.160.2 |
Oct 8, 2021 06:45:31.584502935 CEST | 443 | 49764 | 40.97.160.2 | 192.168.2.3 |
Oct 8, 2021 06:45:32.105117083 CEST | 443 | 49764 | 40.97.160.2 | 192.168.2.3 |
Oct 8, 2021 06:45:32.105273962 CEST | 49764 | 443 | 192.168.2.3 | 40.97.160.2 |
Oct 8, 2021 06:45:32.108359098 CEST | 49764 | 443 | 192.168.2.3 | 40.97.160.2 |
Oct 8, 2021 06:45:32.108381987 CEST | 443 | 49764 | 40.97.160.2 | 192.168.2.3 |
Oct 8, 2021 06:45:32.108710051 CEST | 443 | 49764 | 40.97.160.2 | 192.168.2.3 |
Oct 8, 2021 06:45:32.150989056 CEST | 49764 | 443 | 192.168.2.3 | 40.97.160.2 |
Oct 8, 2021 06:45:32.555356026 CEST | 49764 | 443 | 192.168.2.3 | 40.97.160.2 |
Oct 8, 2021 06:45:32.599149942 CEST | 443 | 49764 | 40.97.160.2 | 192.168.2.3 |
Oct 8, 2021 06:45:32.725969076 CEST | 443 | 49764 | 40.97.160.2 | 192.168.2.3 |
Oct 8, 2021 06:45:32.726056099 CEST | 443 | 49764 | 40.97.160.2 | 192.168.2.3 |
Oct 8, 2021 06:45:32.730325937 CEST | 49764 | 443 | 192.168.2.3 | 40.97.160.2 |
Oct 8, 2021 06:45:32.733315945 CEST | 49764 | 443 | 192.168.2.3 | 40.97.160.2 |
Oct 8, 2021 06:45:32.733340025 CEST | 443 | 49764 | 40.97.160.2 | 192.168.2.3 |
Oct 8, 2021 06:45:32.773565054 CEST | 49765 | 443 | 192.168.2.3 | 40.101.9.178 |
Oct 8, 2021 06:45:32.773619890 CEST | 443 | 49765 | 40.101.9.178 | 192.168.2.3 |
Oct 8, 2021 06:45:32.785016060 CEST | 49765 | 443 | 192.168.2.3 | 40.101.9.178 |
Oct 8, 2021 06:45:32.791428089 CEST | 49765 | 443 | 192.168.2.3 | 40.101.9.178 |
Oct 8, 2021 06:45:32.791455030 CEST | 443 | 49765 | 40.101.9.178 | 192.168.2.3 |
Oct 8, 2021 06:45:32.889491081 CEST | 443 | 49765 | 40.101.9.178 | 192.168.2.3 |
Oct 8, 2021 06:45:32.889511108 CEST | 443 | 49765 | 40.101.9.178 | 192.168.2.3 |
Oct 8, 2021 06:45:32.894906998 CEST | 49765 | 443 | 192.168.2.3 | 40.101.9.178 |
Oct 8, 2021 06:45:32.916502953 CEST | 49765 | 443 | 192.168.2.3 | 40.101.9.178 |
Oct 8, 2021 06:45:32.916527033 CEST | 443 | 49765 | 40.101.9.178 | 192.168.2.3 |
Oct 8, 2021 06:45:32.916889906 CEST | 443 | 49765 | 40.101.9.178 | 192.168.2.3 |
Oct 8, 2021 06:45:32.921912909 CEST | 49765 | 443 | 192.168.2.3 | 40.101.9.178 |
Oct 8, 2021 06:45:32.955389977 CEST | 443 | 49765 | 40.101.9.178 | 192.168.2.3 |
Oct 8, 2021 06:45:32.955476999 CEST | 443 | 49765 | 40.101.9.178 | 192.168.2.3 |
Oct 8, 2021 06:45:32.955548048 CEST | 49765 | 443 | 192.168.2.3 | 40.101.9.178 |
Oct 8, 2021 06:45:32.955708981 CEST | 49765 | 443 | 192.168.2.3 | 40.101.9.178 |
Oct 8, 2021 06:45:32.955728054 CEST | 443 | 49765 | 40.101.9.178 | 192.168.2.3 |
Oct 8, 2021 06:45:32.986630917 CEST | 49766 | 443 | 192.168.2.3 | 52.97.178.98 |
Oct 8, 2021 06:45:32.986685038 CEST | 443 | 49766 | 52.97.178.98 | 192.168.2.3 |
Oct 8, 2021 06:45:32.986800909 CEST | 49766 | 443 | 192.168.2.3 | 52.97.178.98 |
Oct 8, 2021 06:45:32.987714052 CEST | 49766 | 443 | 192.168.2.3 | 52.97.178.98 |
Oct 8, 2021 06:45:32.987731934 CEST | 443 | 49766 | 52.97.178.98 | 192.168.2.3 |
Oct 8, 2021 06:45:33.093559980 CEST | 443 | 49766 | 52.97.178.98 | 192.168.2.3 |
Oct 8, 2021 06:45:33.093661070 CEST | 49766 | 443 | 192.168.2.3 | 52.97.178.98 |
Oct 8, 2021 06:45:33.096313000 CEST | 49766 | 443 | 192.168.2.3 | 52.97.178.98 |
Oct 8, 2021 06:45:33.096330881 CEST | 443 | 49766 | 52.97.178.98 | 192.168.2.3 |
Oct 8, 2021 06:45:33.096762896 CEST | 443 | 49766 | 52.97.178.98 | 192.168.2.3 |
Oct 8, 2021 06:45:33.098668098 CEST | 49766 | 443 | 192.168.2.3 | 52.97.178.98 |
Oct 8, 2021 06:45:33.139219046 CEST | 443 | 49766 | 52.97.178.98 | 192.168.2.3 |
Oct 8, 2021 06:45:33.155735970 CEST | 443 | 49766 | 52.97.178.98 | 192.168.2.3 |
Oct 8, 2021 06:45:33.155827999 CEST | 443 | 49766 | 52.97.178.98 | 192.168.2.3 |
Oct 8, 2021 06:45:33.155919075 CEST | 49766 | 443 | 192.168.2.3 | 52.97.178.98 |
Oct 8, 2021 06:45:33.156188011 CEST | 49766 | 443 | 192.168.2.3 | 52.97.178.98 |
Oct 8, 2021 06:45:33.156204939 CEST | 443 | 49766 | 52.97.178.98 | 192.168.2.3 |
Oct 8, 2021 06:45:33.156250000 CEST | 49766 | 443 | 192.168.2.3 | 52.97.178.98 |
Oct 8, 2021 06:45:33.156259060 CEST | 443 | 49766 | 52.97.178.98 | 192.168.2.3 |
Oct 8, 2021 06:46:08.082357883 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.082403898 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.082520008 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.083034039 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.083060026 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.195158005 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.195290089 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.197441101 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.197463036 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.197731972 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.199604034 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.247142076 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.288815022 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.288851023 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.288872957 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.289009094 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.289041996 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.289141893 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.289875984 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.289911032 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.290011883 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.290035009 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.290097952 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.318311930 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.318351984 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.318511963 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.318557024 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.318635941 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.319065094 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.319099903 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.319166899 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.319189072 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.319230080 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.319251060 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.319835901 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.319865942 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.319971085 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.319988012 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.320048094 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.347944975 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.347984076 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.348067045 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.348088980 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.348134995 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.348186970 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.348592997 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.348620892 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.348792076 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.348809004 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.348895073 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.349287033 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.349318027 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.349375963 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.349390984 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.349441051 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.349940062 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.349970102 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.350037098 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.350054979 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.350085020 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.350111961 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.350589991 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.350620031 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.350692987 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.350704908 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.350752115 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.351370096 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.351406097 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.351468086 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.351480007 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.351527929 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.353324890 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.353359938 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.353575945 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.353611946 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.353678942 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.376733065 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.376770973 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.376872063 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.376919031 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.376981020 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.377028942 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.377099037 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.377110958 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.377162933 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.377219915 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.377573013 CEST | 49828 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.377603054 CEST | 443 | 49828 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.492100000 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.492140055 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.492237091 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.492731094 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.492743969 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.596049070 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.596174955 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.597938061 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.597953081 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.598258018 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.600301981 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.643141031 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.690399885 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.690438032 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.690460920 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.690556049 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.690583944 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.690608025 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.690646887 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.691505909 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.691535950 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.691631079 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.691643000 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.691700935 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.723102093 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.723165989 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.723347902 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.723375082 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.723432064 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.723998070 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.724030972 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.724126101 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.724134922 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.724190950 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.724917889 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.724931955 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.725052118 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.725064993 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.725163937 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.755551100 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.755594969 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.755688906 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.755716085 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.755773067 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.756277084 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.756315947 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.756392956 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.756401062 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.756462097 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.757455111 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.757483006 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.757636070 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.757647038 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.757695913 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.758147001 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.758179903 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.758279085 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.758286953 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.758908033 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.758910894 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.758935928 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.758984089 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.758992910 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.759085894 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.759092093 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.759140015 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.759680986 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.759716034 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.759790897 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.759799957 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.759854078 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.760921001 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.760957003 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.761048079 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.761059046 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.761106014 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.788199902 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.788233995 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.788316011 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.788338900 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.788352966 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.788480043 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.788508892 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.788548946 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.788558006 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.788604021 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.788813114 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.788842916 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.788896084 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.788902044 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.788933039 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.788961887 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.789529085 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.789562941 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.789624929 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.789630890 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.789685011 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.789931059 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.789988995 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.790026903 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.790034056 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.790050983 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:08.790071964 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.790103912 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.790524006 CEST | 49829 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:08.790539980 CEST | 443 | 49829 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:09.022069931 CEST | 49830 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:09.022099972 CEST | 443 | 49830 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:09.022183895 CEST | 49830 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:09.022778034 CEST | 49830 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:09.022818089 CEST | 443 | 49830 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:09.125729084 CEST | 443 | 49830 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:09.125829935 CEST | 49830 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:09.127366066 CEST | 49830 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:09.127377987 CEST | 443 | 49830 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:09.127665997 CEST | 443 | 49830 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:09.129242897 CEST | 49830 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:09.171155930 CEST | 443 | 49830 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:09.190625906 CEST | 443 | 49830 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:09.190653086 CEST | 443 | 49830 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:09.190737009 CEST | 49830 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:09.190751076 CEST | 443 | 49830 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:09.191206932 CEST | 49830 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:09.191231012 CEST | 443 | 49830 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:09.191253901 CEST | 49830 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:09.191473007 CEST | 443 | 49830 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:09.191520929 CEST | 443 | 49830 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:09.191601038 CEST | 49830 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:14.787059069 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:14.787105083 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:14.787184954 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:14.787657022 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:14.787681103 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:14.892329931 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:14.892532110 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:14.893954039 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:14.893973112 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:14.894421101 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:14.896131039 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:14.939141035 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.002702951 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.002739906 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.002837896 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.002861023 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.002957106 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.004009008 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.004045010 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.004143953 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.004165888 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.004235029 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.036753893 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.036798000 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.036851883 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.036870003 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.036915064 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.036962032 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.037573099 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.037606001 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.037707090 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.037723064 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.037754059 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.037801027 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.038072109 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.038105011 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.038167000 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.038176060 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.038250923 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.074982882 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.075014114 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.075088978 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.075104952 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.075131893 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.075160027 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.076044083 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.076067924 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.076138973 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.076153994 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.076203108 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.076467037 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.076556921 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.076569080 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.076633930 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.076740026 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.076807022 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.076812983 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.076877117 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.076998949 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.077068090 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.077075958 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.077135086 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.078125000 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.078146935 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.078236103 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.078249931 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.078270912 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.078311920 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.079230070 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.079253912 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.079338074 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.079349995 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.079426050 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.115166903 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.115207911 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.115297079 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.115334988 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.115377903 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.115382910 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.115446091 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.115679979 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.115709066 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.115737915 CEST | 49831 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.115752935 CEST | 443 | 49831 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.282932997 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.282977104 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.283061981 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.283710003 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.283737898 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.392756939 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.392880917 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.394560099 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.394573927 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.394912004 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.396519899 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.439150095 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.489562988 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.489612103 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.489659071 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.489749908 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.489767075 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.489869118 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.490168095 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.490242004 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.490305901 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.490324020 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.490361929 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.490400076 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.522697926 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.522733927 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.522916079 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.522932053 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.522990942 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.523025990 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.523444891 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.523480892 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.523602009 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.523619890 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.523652077 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.523708105 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.524215937 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.524251938 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.524344921 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.524399996 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.524429083 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.524599075 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.555138111 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.555191994 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.555345058 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.555371046 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.555385113 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.555438042 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.556061029 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.556102037 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.556160927 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.556174994 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.556195021 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.556226015 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.556624889 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.556659937 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.556736946 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.556751013 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.556813955 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.557199955 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.557226896 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.557302952 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.557312012 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.557360888 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.557487965 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.557559013 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.557581902 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.557651043 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.558903933 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.558937073 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.559022903 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.559040070 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.559097052 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.559571028 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.559603930 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.559694052 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.559710979 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.559746981 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.559762001 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.587645054 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.587675095 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.587838888 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.587862015 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.587903023 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.587918997 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.588251114 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.588274002 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.588359118 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.588380098 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.588438988 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.588711977 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.588732958 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.588804960 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.588824034 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.588884115 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.589272976 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.589302063 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.589401007 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.589416981 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.589476109 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.589699030 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.589749098 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.589776993 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.589783907 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.589797020 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.589829922 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.589864016 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.598047972 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.598900080 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.598927021 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.598962069 CEST | 49832 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.598974943 CEST | 443 | 49832 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.967317104 CEST | 49833 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.967356920 CEST | 443 | 49833 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:15.970980883 CEST | 49833 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.971806049 CEST | 49833 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:15.971818924 CEST | 443 | 49833 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:16.079480886 CEST | 443 | 49833 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:16.079586983 CEST | 49833 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:16.087816954 CEST | 49833 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:16.087833881 CEST | 443 | 49833 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:16.088403940 CEST | 443 | 49833 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:16.090254068 CEST | 49833 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:16.135134935 CEST | 443 | 49833 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:16.148276091 CEST | 443 | 49833 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:16.148351908 CEST | 443 | 49833 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:16.148478985 CEST | 443 | 49833 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:16.148591995 CEST | 49833 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:16.148658037 CEST | 49833 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:16.148675919 CEST | 443 | 49833 | 193.29.104.83 | 192.168.2.3 |
Oct 8, 2021 06:46:16.148729086 CEST | 49833 | 443 | 192.168.2.3 | 193.29.104.83 |
Oct 8, 2021 06:46:16.148736000 CEST | 443 | 49833 | 193.29.104.83 | 192.168.2.3 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2021 06:45:26.566437006 CEST | 51143 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:45:26.585459948 CEST | 53 | 51143 | 8.8.8.8 | 192.168.2.3 |
Oct 8, 2021 06:45:27.443280935 CEST | 56009 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:45:27.462877035 CEST | 53 | 56009 | 8.8.8.8 | 192.168.2.3 |
Oct 8, 2021 06:45:27.607156992 CEST | 59026 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:45:27.625135899 CEST | 53 | 59026 | 8.8.8.8 | 192.168.2.3 |
Oct 8, 2021 06:45:31.535360098 CEST | 52130 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:45:31.553368092 CEST | 53 | 52130 | 8.8.8.8 | 192.168.2.3 |
Oct 8, 2021 06:45:32.747283936 CEST | 55102 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:45:32.765964985 CEST | 53 | 55102 | 8.8.8.8 | 192.168.2.3 |
Oct 8, 2021 06:45:32.966011047 CEST | 56236 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:45:32.984483004 CEST | 53 | 56236 | 8.8.8.8 | 192.168.2.3 |
Oct 8, 2021 06:45:47.981653929 CEST | 50728 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:45:48.005803108 CEST | 53 | 50728 | 8.8.8.8 | 192.168.2.3 |
Oct 8, 2021 06:45:53.492539883 CEST | 64367 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:45:53.512773037 CEST | 53 | 64367 | 8.8.8.8 | 192.168.2.3 |
Oct 8, 2021 06:46:08.057581902 CEST | 51539 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:46:08.080866098 CEST | 53 | 51539 | 8.8.8.8 | 192.168.2.3 |
Oct 8, 2021 06:46:08.459676027 CEST | 55393 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:46:08.490591049 CEST | 53 | 55393 | 8.8.8.8 | 192.168.2.3 |
Oct 8, 2021 06:46:08.990503073 CEST | 50585 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:46:09.020853043 CEST | 53 | 50585 | 8.8.8.8 | 192.168.2.3 |
Oct 8, 2021 06:46:14.767023087 CEST | 63456 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:46:14.784287930 CEST | 53 | 63456 | 8.8.8.8 | 192.168.2.3 |
Oct 8, 2021 06:46:15.257365942 CEST | 58540 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:46:15.281104088 CEST | 53 | 58540 | 8.8.8.8 | 192.168.2.3 |
Oct 8, 2021 06:46:15.942392111 CEST | 55108 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 8, 2021 06:46:15.962352991 CEST | 53 | 55108 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Oct 8, 2021 06:45:26.566437006 CEST | 192.168.2.3 | 8.8.8.8 | 0xb675 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:45:27.443280935 CEST | 192.168.2.3 | 8.8.8.8 | 0xf717 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:45:27.607156992 CEST | 192.168.2.3 | 8.8.8.8 | 0xf806 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:45:31.535360098 CEST | 192.168.2.3 | 8.8.8.8 | 0xc2fe | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:45:32.747283936 CEST | 192.168.2.3 | 8.8.8.8 | 0xd767 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:45:32.966011047 CEST | 192.168.2.3 | 8.8.8.8 | 0xa3ac | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:45:47.981653929 CEST | 192.168.2.3 | 8.8.8.8 | 0xb5e9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:45:53.492539883 CEST | 192.168.2.3 | 8.8.8.8 | 0xb38a | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:46:08.057581902 CEST | 192.168.2.3 | 8.8.8.8 | 0x6e0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:46:08.459676027 CEST | 192.168.2.3 | 8.8.8.8 | 0xce86 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:46:08.990503073 CEST | 192.168.2.3 | 8.8.8.8 | 0x4b05 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:46:14.767023087 CEST | 192.168.2.3 | 8.8.8.8 | 0xe225 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:46:15.257365942 CEST | 192.168.2.3 | 8.8.8.8 | 0x5b3f | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:46:15.942392111 CEST | 192.168.2.3 | 8.8.8.8 | 0xe0c0 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Oct 8, 2021 06:45:26.585459948 CEST | 8.8.8.8 | 192.168.2.3 | 0xb675 | No error (0) | 40.97.156.114 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:26.585459948 CEST | 8.8.8.8 | 192.168.2.3 | 0xb675 | No error (0) | 40.97.160.2 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:26.585459948 CEST | 8.8.8.8 | 192.168.2.3 | 0xb675 | No error (0) | 40.97.128.194 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:26.585459948 CEST | 8.8.8.8 | 192.168.2.3 | 0xb675 | No error (0) | 40.97.164.146 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:26.585459948 CEST | 8.8.8.8 | 192.168.2.3 | 0xb675 | No error (0) | 40.97.153.146 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:26.585459948 CEST | 8.8.8.8 | 192.168.2.3 | 0xb675 | No error (0) | 40.97.116.82 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:26.585459948 CEST | 8.8.8.8 | 192.168.2.3 | 0xb675 | No error (0) | 40.97.148.226 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:26.585459948 CEST | 8.8.8.8 | 192.168.2.3 | 0xb675 | No error (0) | 40.97.161.50 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.462877035 CEST | 8.8.8.8 | 192.168.2.3 | 0xf717 | No error (0) | outlook.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.462877035 CEST | 8.8.8.8 | 192.168.2.3 | 0xf717 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.462877035 CEST | 8.8.8.8 | 192.168.2.3 | 0xf717 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.462877035 CEST | 8.8.8.8 | 192.168.2.3 | 0xf717 | No error (0) | FRA-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.462877035 CEST | 8.8.8.8 | 192.168.2.3 | 0xf717 | No error (0) | 52.98.208.114 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.462877035 CEST | 8.8.8.8 | 192.168.2.3 | 0xf717 | No error (0) | 52.97.212.34 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.462877035 CEST | 8.8.8.8 | 192.168.2.3 | 0xf717 | No error (0) | 52.97.137.98 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.625135899 CEST | 8.8.8.8 | 192.168.2.3 | 0xf806 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.625135899 CEST | 8.8.8.8 | 192.168.2.3 | 0xf806 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.625135899 CEST | 8.8.8.8 | 192.168.2.3 | 0xf806 | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.625135899 CEST | 8.8.8.8 | 192.168.2.3 | 0xf806 | No error (0) | 52.97.151.18 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.625135899 CEST | 8.8.8.8 | 192.168.2.3 | 0xf806 | No error (0) | 52.97.147.178 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.625135899 CEST | 8.8.8.8 | 192.168.2.3 | 0xf806 | No error (0) | 52.97.223.66 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:27.625135899 CEST | 8.8.8.8 | 192.168.2.3 | 0xf806 | No error (0) | 52.98.207.210 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:31.553368092 CEST | 8.8.8.8 | 192.168.2.3 | 0xc2fe | No error (0) | 40.97.160.2 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:31.553368092 CEST | 8.8.8.8 | 192.168.2.3 | 0xc2fe | No error (0) | 40.97.128.194 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:31.553368092 CEST | 8.8.8.8 | 192.168.2.3 | 0xc2fe | No error (0) | 40.97.164.146 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:31.553368092 CEST | 8.8.8.8 | 192.168.2.3 | 0xc2fe | No error (0) | 40.97.153.146 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:31.553368092 CEST | 8.8.8.8 | 192.168.2.3 | 0xc2fe | No error (0) | 40.97.116.82 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:31.553368092 CEST | 8.8.8.8 | 192.168.2.3 | 0xc2fe | No error (0) | 40.97.148.226 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:31.553368092 CEST | 8.8.8.8 | 192.168.2.3 | 0xc2fe | No error (0) | 40.97.161.50 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:31.553368092 CEST | 8.8.8.8 | 192.168.2.3 | 0xc2fe | No error (0) | 40.97.156.114 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.765964985 CEST | 8.8.8.8 | 192.168.2.3 | 0xd767 | No error (0) | outlook.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.765964985 CEST | 8.8.8.8 | 192.168.2.3 | 0xd767 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.765964985 CEST | 8.8.8.8 | 192.168.2.3 | 0xd767 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.765964985 CEST | 8.8.8.8 | 192.168.2.3 | 0xd767 | No error (0) | FRA-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.765964985 CEST | 8.8.8.8 | 192.168.2.3 | 0xd767 | No error (0) | 40.101.9.178 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.765964985 CEST | 8.8.8.8 | 192.168.2.3 | 0xd767 | No error (0) | 52.98.208.66 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.765964985 CEST | 8.8.8.8 | 192.168.2.3 | 0xd767 | No error (0) | 40.101.124.194 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.984483004 CEST | 8.8.8.8 | 192.168.2.3 | 0xa3ac | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.984483004 CEST | 8.8.8.8 | 192.168.2.3 | 0xa3ac | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.984483004 CEST | 8.8.8.8 | 192.168.2.3 | 0xa3ac | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.984483004 CEST | 8.8.8.8 | 192.168.2.3 | 0xa3ac | No error (0) | 52.97.178.98 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.984483004 CEST | 8.8.8.8 | 192.168.2.3 | 0xa3ac | No error (0) | 52.97.212.242 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.984483004 CEST | 8.8.8.8 | 192.168.2.3 | 0xa3ac | No error (0) | 52.97.151.146 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:32.984483004 CEST | 8.8.8.8 | 192.168.2.3 | 0xa3ac | No error (0) | 52.97.162.2 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:45:48.005803108 CEST | 8.8.8.8 | 192.168.2.3 | 0xb5e9 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:45:53.512773037 CEST | 8.8.8.8 | 192.168.2.3 | 0xb38a | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Oct 8, 2021 06:46:08.080866098 CEST | 8.8.8.8 | 192.168.2.3 | 0x6e0 | No error (0) | 193.29.104.83 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:46:08.490591049 CEST | 8.8.8.8 | 192.168.2.3 | 0xce86 | No error (0) | 193.29.104.83 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:46:09.020853043 CEST | 8.8.8.8 | 192.168.2.3 | 0x4b05 | No error (0) | 193.29.104.83 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:46:14.784287930 CEST | 8.8.8.8 | 192.168.2.3 | 0xe225 | No error (0) | 193.29.104.83 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:46:15.281104088 CEST | 8.8.8.8 | 192.168.2.3 | 0x5b3f | No error (0) | 193.29.104.83 | A (IP address) | IN (0x0001) | ||
Oct 8, 2021 06:46:15.962352991 CEST | 8.8.8.8 | 192.168.2.3 | 0xe0c0 | No error (0) | 193.29.104.83 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49754 | 40.97.156.114 | 443 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-08 04:45:27 UTC | 0 | OUT | |
2021-10-08 04:45:27 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49755 | 52.98.208.114 | 443 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-08 04:45:27 UTC | 1 | OUT | |
2021-10-08 04:45:27 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.3 | 49832 | 193.29.104.83 | 443 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-08 04:46:15 UTC | 709 | OUT | |
2021-10-08 04:46:15 UTC | 710 | IN | |
2021-10-08 04:46:15 UTC | 710 | IN | |
2021-10-08 04:46:15 UTC | 726 | IN | |
2021-10-08 04:46:15 UTC | 742 | IN | |
2021-10-08 04:46:15 UTC | 758 | IN | |
2021-10-08 04:46:15 UTC | 774 | IN | |
2021-10-08 04:46:15 UTC | 790 | IN | |
2021-10-08 04:46:15 UTC | 806 | IN | |
2021-10-08 04:46:15 UTC | 822 | IN | |
2021-10-08 04:46:15 UTC | 838 | IN | |
2021-10-08 04:46:15 UTC | 854 | IN | |
2021-10-08 04:46:15 UTC | 870 | IN | |
2021-10-08 04:46:15 UTC | 886 | IN | |
2021-10-08 04:46:15 UTC | 902 | IN | |
2021-10-08 04:46:15 UTC | 918 | IN | |
2021-10-08 04:46:15 UTC | 934 | IN | |
2021-10-08 04:46:15 UTC | 950 | IN | |
2021-10-08 04:46:15 UTC | 966 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.3 | 49833 | 193.29.104.83 | 443 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-08 04:46:16 UTC | 979 | OUT | |
2021-10-08 04:46:16 UTC | 980 | IN | |
2021-10-08 04:46:16 UTC | 980 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.3 | 49756 | 52.97.151.18 | 443 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-08 04:45:27 UTC | 2 | OUT | |
2021-10-08 04:45:27 UTC | 2 | IN | |
2021-10-08 04:45:27 UTC | 3 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.3 | 49764 | 40.97.160.2 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-08 04:45:32 UTC | 4 | OUT | |
2021-10-08 04:45:32 UTC | 4 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.3 | 49765 | 40.101.9.178 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-08 04:45:32 UTC | 5 | OUT | |
2021-10-08 04:45:32 UTC | 6 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.3 | 49766 | 52.97.178.98 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-08 04:45:33 UTC | 6 | OUT | |
2021-10-08 04:45:33 UTC | 7 | IN | |
2021-10-08 04:45:33 UTC | 7 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.3 | 49828 | 193.29.104.83 | 443 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-08 04:46:08 UTC | 9 | OUT | |
2021-10-08 04:46:08 UTC | 9 | IN | |
2021-10-08 04:46:08 UTC | 10 | IN | |
2021-10-08 04:46:08 UTC | 25 | IN | |
2021-10-08 04:46:08 UTC | 41 | IN | |
2021-10-08 04:46:08 UTC | 57 | IN | |
2021-10-08 04:46:08 UTC | 73 | IN | |
2021-10-08 04:46:08 UTC | 89 | IN | |
2021-10-08 04:46:08 UTC | 105 | IN | |
2021-10-08 04:46:08 UTC | 121 | IN | |
2021-10-08 04:46:08 UTC | 137 | IN | |
2021-10-08 04:46:08 UTC | 153 | IN | |
2021-10-08 04:46:08 UTC | 169 | IN | |
2021-10-08 04:46:08 UTC | 185 | IN | |
2021-10-08 04:46:08 UTC | 201 | IN | |
2021-10-08 04:46:08 UTC | 217 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.3 | 49829 | 193.29.104.83 | 443 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-08 04:46:08 UTC | 223 | OUT | |
2021-10-08 04:46:08 UTC | 223 | IN | |
2021-10-08 04:46:08 UTC | 224 | IN | |
2021-10-08 04:46:08 UTC | 239 | IN | |
2021-10-08 04:46:08 UTC | 255 | IN | |
2021-10-08 04:46:08 UTC | 271 | IN | |
2021-10-08 04:46:08 UTC | 287 | IN | |
2021-10-08 04:46:08 UTC | 303 | IN | |
2021-10-08 04:46:08 UTC | 319 | IN | |
2021-10-08 04:46:08 UTC | 335 | IN | |
2021-10-08 04:46:08 UTC | 351 | IN | |
2021-10-08 04:46:08 UTC | 367 | IN | |
2021-10-08 04:46:08 UTC | 383 | IN | |
2021-10-08 04:46:08 UTC | 399 | IN | |
2021-10-08 04:46:08 UTC | 415 | IN | |
2021-10-08 04:46:08 UTC | 431 | IN | |
2021-10-08 04:46:08 UTC | 447 | IN | |
2021-10-08 04:46:08 UTC | 463 | IN | |
2021-10-08 04:46:08 UTC | 479 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.3 | 49830 | 193.29.104.83 | 443 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-08 04:46:09 UTC | 493 | OUT | |
2021-10-08 04:46:09 UTC | 493 | IN | |
2021-10-08 04:46:09 UTC | 494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.3 | 49831 | 193.29.104.83 | 443 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-08 04:46:14 UTC | 495 | OUT | |
2021-10-08 04:46:14 UTC | 496 | IN | |
2021-10-08 04:46:14 UTC | 496 | IN | |
2021-10-08 04:46:14 UTC | 512 | IN | |
2021-10-08 04:46:15 UTC | 528 | IN | |
2021-10-08 04:46:15 UTC | 544 | IN | |
2021-10-08 04:46:15 UTC | 560 | IN | |
2021-10-08 04:46:15 UTC | 576 | IN | |
2021-10-08 04:46:15 UTC | 592 | IN | |
2021-10-08 04:46:15 UTC | 608 | IN | |
2021-10-08 04:46:15 UTC | 624 | IN | |
2021-10-08 04:46:15 UTC | 640 | IN | |
2021-10-08 04:46:15 UTC | 656 | IN | |
2021-10-08 04:46:15 UTC | 672 | IN | |
2021-10-08 04:46:15 UTC | 688 | IN | |
2021-10-08 04:46:15 UTC | 704 | IN |
Code Manipulations |
---|
User Modules |
---|
Hook Summary |
---|
Function Name | Hook Type | Active in Processes |
---|---|---|
CreateProcessAsUserW | EAT | explorer.exe |
CreateProcessAsUserW | INLINE | explorer.exe |
CreateProcessW | EAT | explorer.exe |
CreateProcessW | INLINE | explorer.exe |
CreateProcessA | EAT | explorer.exe |
CreateProcessA | INLINE | explorer.exe |
api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW | IAT | explorer.exe |
api-ms-win-core-registry-l1-1-0.dll:RegGetValueW | IAT | explorer.exe |
Processes |
---|
Process: explorer.exe, Module: KERNEL32.DLL |
---|
Function Name | Hook Type | New Data |
---|---|---|
CreateProcessAsUserW | EAT | 7FFC8BAF521C |
CreateProcessAsUserW | INLINE | 0xFF 0xF2 0x25 0x50 0x00 0x00 |
CreateProcessW | EAT | 7FFC8BAF5200 |
CreateProcessW | INLINE | 0xFF 0xF2 0x25 0x50 0x00 0x00 |
CreateProcessA | EAT | 7FFC8BAF520E |
CreateProcessA | INLINE | 0xFF 0xF2 0x25 0x50 0x00 0x00 |
Process: explorer.exe, Module: WININET.dll |
---|
Function Name | Hook Type | New Data |
---|---|---|
api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW | IAT | 7FFC8BAF5200 |
api-ms-win-core-registry-l1-1-0.dll:RegGetValueW | IAT | 6640E2C |
Process: explorer.exe, Module: user32.dll |
---|
Function Name | Hook Type | New Data |
---|---|---|
api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW | IAT | 7FFC8BAF5200 |
api-ms-win-core-registry-l1-1-0.dll:RegGetValueW | IAT | 6640E2C |
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 06:43:32 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdd0000 |
File size: | 893440 bytes |
MD5 hash: | 72FCD8FB0ADC38ED9050569AD673650E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 06:43:33 |
Start date: | 08/10/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd80000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 06:43:33 |
Start date: | 08/10/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xab0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 06:43:33 |
Start date: | 08/10/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xab0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 06:43:37 |
Start date: | 08/10/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xab0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 06:43:43 |
Start date: | 08/10/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xab0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 06:46:14 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff610460000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 06:46:16 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff777fc0000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 06:46:16 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f20f0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 06:46:19 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff610460000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:46:21 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff777fc0000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 06:46:21 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f20f0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:46:25 |
Start date: | 08/10/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff677cd0000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 06:46:26 |
Start date: | 08/10/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff732960000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:46:28 |
Start date: | 08/10/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff677cd0000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 06:46:29 |
Start date: | 08/10/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff677cd0000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 06:46:31 |
Start date: | 08/10/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff732960000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:46:31 |
Start date: | 08/10/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff732960000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:46:35 |
Start date: | 08/10/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff677cd0000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 06:46:35 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6dd8e0000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:46:37 |
Start date: | 08/10/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff732960000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:46:39 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ce540000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:46:41 |
Start date: | 08/10/2021 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff720ea0000 |
File size: | 3933184 bytes |
MD5 hash: | AD5296B280E8F522A8A897C96BAB0E1D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 06:46:43 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6dd8e0000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:46:46 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ce540000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:46:59 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff673be0000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:46:59 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f20f0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:47:00 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\PING.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff704c90000 |
File size: | 21504 bytes |
MD5 hash: | 6A7389ECE70FB97BFE9A570DB4ACCC3B |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:47:06 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff673be0000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:47:07 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f20f0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:47:09 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\PING.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff704c90000 |
File size: | 21504 bytes |
MD5 hash: | 6A7389ECE70FB97BFE9A570DB4ACCC3B |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 06:47:10 |
Start date: | 08/10/2021 |
Path: | C:\Windows\System32\RuntimeBroker.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6225d0000 |
File size: | 99272 bytes |
MD5 hash: | C7E36B4A5D9E6AC600DD7A0E0D52DAC5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 00B665CE, Relevance: 37.8, APIs: 25, Instructions: 331memorylibrarynativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A1172, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81filetimeCOMMON
C-Code - Quality: 69% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A15C6, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120sleepnativesynchronizationCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0A82B, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103memoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A13B8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B645D7, Relevance: 4.7, APIs: 3, Instructions: 168librarynativeloaderCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5D5B8, Relevance: 4.6, APIs: 3, Instructions: 56librarynativeloaderCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B09269, Relevance: 3.1, APIs: 2, Instructions: 70nativeCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6D103, Relevance: 3.0, APIs: 2, Instructions: 35librarynativeloaderCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A1273, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B094E8, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6F02A, Relevance: 1.5, APIs: 1, Instructions: 33nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B044A4, Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 201memorystringCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B05461, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 150timememoryCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B03598, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 72filetimeCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B01000, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 109librarymemoryloaderCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A1B59, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0262F, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 61sleepmemorytimeCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A153C, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 32threadinjectionCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B04151, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6F8B8, Relevance: 9.1, APIs: 6, Instructions: 125threadsynchronizationinjectionCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0282B, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167stringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B04F07, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120synchronizationCOMMON
C-Code - Quality: 62% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B09311, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29sleepmemoryCOMMON
C-Code - Quality: 50% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B078E6, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 145stringCOMMON
C-Code - Quality: 22% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B65B86, Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 18% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0502E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0577D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76memoryCOMMON
C-Code - Quality: 57% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A12B5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68memoryCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5DB7C, Relevance: 6.1, APIs: 4, Instructions: 110threadsynchronizationinjectionCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B024BE, Relevance: 6.1, APIs: 4, Instructions: 98registrysynchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A189E, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B02107, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A1719, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 23% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0117A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50memorytimeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B05141, Relevance: 4.6, APIs: 3, Instructions: 58COMMON
C-Code - Quality: 47% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 32% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B01C11, Relevance: 3.8, APIs: 3, Instructions: 82COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B04AC0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41memoryCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B04AAB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0144D, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B039D5, Relevance: 3.1, APIs: 2, Instructions: 62COMMON
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6FE73, Relevance: 3.1, APIs: 2, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0164F, Relevance: 3.1, APIs: 2, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B058AE, Relevance: 3.0, APIs: 2, Instructions: 43memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B04B28, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 43memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B01BBF, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B065EA, Relevance: 3.0, APIs: 2, Instructions: 35stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B018D8, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6D50D, Relevance: 2.6, APIs: 2, Instructions: 70memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B62A1E, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B034F6, Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B68CCB, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B01E47, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0AA93, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0AA89, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0AA3C, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0AA75, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0AA7F, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0AA61, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0AA6B, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0AA57, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0AB31, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0AB16, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A15A0, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B075F6, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B55E9A, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B70757, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B016D9, Relevance: 1.3, APIs: 1, Instructions: 98COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B77496, Relevance: 1.3, APIs: 1, Instructions: 63memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5C74A, Relevance: 1.3, APIs: 1, Instructions: 50memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5E3B9, Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B05DDA, Relevance: 1.3, APIs: 1, Instructions: 26stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B03720, Relevance: 1.3, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B60A77, Relevance: 1.3, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00B5BAF2, Relevance: 28.7, APIs: 19, Instructions: 234stringfilesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6E9C2, Relevance: 16.6, APIs: 11, Instructions: 130libraryloadernativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B52E19, Relevance: 16.6, APIs: 11, Instructions: 94memorystringsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B04C40, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 258memoryCOMMONCrypto
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B59F02, Relevance: 7.9, APIs: 6, Instructions: 401COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B53E33, Relevance: 6.0, APIs: 4, Instructions: 45pipeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5979A, Relevance: 3.0, APIs: 2, Instructions: 37nativeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7186D, Relevance: 3.0, APIs: 2, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5B9B9, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B76B6A, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B571AA, Relevance: 2.9, APIs: 2, Instructions: 416COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5348B, Relevance: 1.9, APIs: 1, Instructions: 611COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5135C, Relevance: 1.8, Strings: 1, Instructions: 575COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B68D77, Relevance: 1.8, APIs: 1, Instructions: 549COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B561D5, Relevance: 1.6, Strings: 1, Instructions: 353COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B662DC, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A21B4, Relevance: .1, Instructions: 77COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0AF24, Relevance: .1, Instructions: 77COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00670CBE, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00670C49, Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B06109, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 244memorystringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6241D, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 121processstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5B4E1, Relevance: 21.2, APIs: 14, Instructions: 161memorystringfileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B58BDD, Relevance: 21.1, APIs: 14, Instructions: 109libraryloaderstringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B56D8C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120memorythreadstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B75651, Relevance: 16.7, APIs: 11, Instructions: 157registrystringfileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6598F, Relevance: 16.6, APIs: 11, Instructions: 144memoryregistryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 43% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5E04D, Relevance: 16.6, APIs: 11, Instructions: 102registrymemorystringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5F84F, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 125memorystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5FC07, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112memorystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6A458, Relevance: 15.1, APIs: 10, Instructions: 110librarymemoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B616D2, Relevance: 15.1, APIs: 10, Instructions: 68threadprocesslibraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B77C17, Relevance: 15.1, APIs: 10, Instructions: 59sleepsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7715A, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 89memorystringpipeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6AA30, Relevance: 13.6, APIs: 9, Instructions: 89filesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5B790, Relevance: 13.6, APIs: 9, Instructions: 82fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5F363, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 148timestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B742A9, Relevance: 12.1, APIs: 8, Instructions: 123memoryregistrysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B56A9F, Relevance: 12.1, APIs: 8, Instructions: 57registrymemorystringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B53B36, Relevance: 11.5, APIs: 9, Instructions: 269COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B71D92, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B55F09, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91memoryfilestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B01974, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5407F, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5EF6E, Relevance: 9.1, APIs: 6, Instructions: 117COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6BCB6, Relevance: 9.1, APIs: 6, Instructions: 108stringsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B57BE5, Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6E55D, Relevance: 9.1, APIs: 6, Instructions: 61stringthreadtimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B04B98, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28sleepmemoryCOMMON
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B66DC4, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 146stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B521AA, Relevance: 7.6, APIs: 5, Instructions: 102synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B556AA, Relevance: 7.6, APIs: 5, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5A844, Relevance: 7.6, APIs: 5, Instructions: 75fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5FE9E, Relevance: 7.6, APIs: 5, Instructions: 72fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B67DDE, Relevance: 7.6, APIs: 5, Instructions: 68memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B67021, Relevance: 7.6, APIs: 5, Instructions: 67memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6E476, Relevance: 7.6, APIs: 5, Instructions: 62memorystringtimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6EECA, Relevance: 7.6, APIs: 5, Instructions: 60stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6B1DC, Relevance: 7.6, APIs: 5, Instructions: 59memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B57C9C, Relevance: 7.5, APIs: 5, Instructions: 42memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B07B30, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B55BFD, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6C6A8, Relevance: 6.1, APIs: 4, Instructions: 113COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5AC28, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 108stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B57979, Relevance: 6.1, APIs: 4, Instructions: 108synchronizationCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B56B3A, Relevance: 6.1, APIs: 4, Instructions: 83COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6290F, Relevance: 6.1, APIs: 4, Instructions: 77stringCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B78D97, Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B59807, Relevance: 6.1, APIs: 4, Instructions: 70fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6D85B, Relevance: 6.1, APIs: 4, Instructions: 68stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B533DF, Relevance: 6.1, APIs: 4, Instructions: 68stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5C100, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B53186, Relevance: 6.1, APIs: 4, Instructions: 56stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B70D43, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B522D4, Relevance: 6.0, APIs: 4, Instructions: 49sleepCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B54A1D, Relevance: 6.0, APIs: 4, Instructions: 48fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6A6CD, Relevance: 6.0, APIs: 4, Instructions: 39filesynchronizationpipeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B04450, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B027C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35libraryloaderCOMMON
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B60D80, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6C0B6, Relevance: 5.2, APIs: 4, Instructions: 238COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B54A93, Relevance: 5.1, APIs: 4, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6E2AF, Relevance: 5.1, APIs: 4, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B01EC1, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7082C, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6069D, Relevance: 5.1, APIs: 4, Instructions: 64COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0131E, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6F1DE, Relevance: 5.0, APIs: 4, Instructions: 38stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B038CA, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 033565CE, Relevance: 37.8, APIs: 25, Instructions: 331memorylibrarynativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335420A, Relevance: 9.1, APIs: 6, Instructions: 94threadmemorynativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033545D7, Relevance: 4.7, APIs: 3, Instructions: 168librarynativeloaderCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334D5B8, Relevance: 4.6, APIs: 3, Instructions: 56librarynativeloaderCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335D103, Relevance: 3.0, APIs: 2, Instructions: 35librarynativeloaderCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335F02A, Relevance: 1.5, APIs: 1, Instructions: 33nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335F8B8, Relevance: 9.1, APIs: 6, Instructions: 125threadsynchronizationinjectionCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03355B86, Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334DB7C, Relevance: 6.1, APIs: 4, Instructions: 110threadsynchronizationinjectionCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03351664, Relevance: 6.0, APIs: 4, Instructions: 42stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335FE73, Relevance: 3.1, APIs: 2, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335D50D, Relevance: 2.6, APIs: 2, Instructions: 70memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03352A1E, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03358CCB, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335A9CD, Relevance: 1.5, APIs: 1, Instructions: 15threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03345E9A, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03367496, Relevance: 1.3, APIs: 1, Instructions: 63memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334C74A, Relevance: 1.3, APIs: 1, Instructions: 50memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334E3B9, Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03350A77, Relevance: 1.3, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0334BAF2, Relevance: 28.7, APIs: 19, Instructions: 234stringfilesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335E9C2, Relevance: 16.6, APIs: 11, Instructions: 130libraryloadernativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03349F02, Relevance: 7.9, APIs: 6, Instructions: 401COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033551EC, Relevance: 54.4, APIs: 36, Instructions: 446synchronizationtimethreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03354306, Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 219memoryfilestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334BF5B, Relevance: 24.1, APIs: 16, Instructions: 131memoryregistrythreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03342FD5, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 149stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335241D, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 121processstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334B4E1, Relevance: 21.2, APIs: 14, Instructions: 161memorystringfileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033480F1, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 128timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03348BDD, Relevance: 21.1, APIs: 14, Instructions: 109libraryloaderstringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03365CC1, Relevance: 18.2, APIs: 12, Instructions: 196memorystringthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033498D6, Relevance: 18.1, APIs: 12, Instructions: 104synchronizationpipethreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03346D8C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120memorythreadstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03365651, Relevance: 16.7, APIs: 11, Instructions: 157registrystringfileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335598F, Relevance: 16.6, APIs: 11, Instructions: 144memoryregistryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03361C67, Relevance: 16.6, APIs: 11, Instructions: 95memoryregistrystringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03342E19, Relevance: 16.6, APIs: 11, Instructions: 94memorystringsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334F84F, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 125memorystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334FC07, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112memorystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335A458, Relevance: 15.1, APIs: 10, Instructions: 110librarymemoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334E04D, Relevance: 15.1, APIs: 10, Instructions: 102registrymemorystringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335B608, Relevance: 15.1, APIs: 10, Instructions: 78stringfilememoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033516D2, Relevance: 15.1, APIs: 10, Instructions: 68threadprocesslibraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03367C17, Relevance: 15.1, APIs: 10, Instructions: 59sleepsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0336715A, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 89memorystringpipeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03356BBB, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 87registrylibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335AA30, Relevance: 13.6, APIs: 9, Instructions: 89filesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334B790, Relevance: 13.6, APIs: 9, Instructions: 82fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335316B, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 191stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334F363, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 148timestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033642A9, Relevance: 12.1, APIs: 8, Instructions: 123memoryregistrysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03343B36, Relevance: 11.5, APIs: 9, Instructions: 269COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03361D92, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03345F09, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91memoryfilestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335D91E, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03350CCF, Relevance: 10.6, APIs: 7, Instructions: 62memorysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03346A9F, Relevance: 10.6, APIs: 7, Instructions: 57memoryregistrystringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334407F, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334AD59, Relevance: 9.2, APIs: 6, Instructions: 202synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334EF6E, Relevance: 9.1, APIs: 6, Instructions: 117COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335BCB6, Relevance: 9.1, APIs: 6, Instructions: 108stringsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033459C8, Relevance: 9.1, APIs: 6, Instructions: 98memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335379C, Relevance: 9.1, APIs: 6, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03347BE5, Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335E55D, Relevance: 9.1, APIs: 6, Instructions: 61stringthreadtimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03357896, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120memorystringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03356DC4, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 146stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033421AA, Relevance: 7.6, APIs: 5, Instructions: 102synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334A844, Relevance: 7.6, APIs: 5, Instructions: 75fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334FE9E, Relevance: 7.6, APIs: 5, Instructions: 72fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03347F0A, Relevance: 7.6, APIs: 5, Instructions: 71memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03357DDE, Relevance: 7.6, APIs: 5, Instructions: 68memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03357021, Relevance: 7.6, APIs: 5, Instructions: 67memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335E476, Relevance: 7.6, APIs: 5, Instructions: 62memorystringtimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335EECA, Relevance: 7.6, APIs: 5, Instructions: 60stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335B1DC, Relevance: 7.6, APIs: 5, Instructions: 59memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03358A46, Relevance: 7.5, APIs: 5, Instructions: 42stringCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03347C9C, Relevance: 7.5, APIs: 5, Instructions: 42memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03368815, Relevance: 7.5, APIs: 5, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03350966, Relevance: 7.5, APIs: 5, Instructions: 35synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335AD60, Relevance: 6.2, APIs: 4, Instructions: 192COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03345BFD, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335C6A8, Relevance: 6.1, APIs: 4, Instructions: 113COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03347979, Relevance: 6.1, APIs: 4, Instructions: 108synchronizationCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334AC28, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 108stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03346B3A, Relevance: 6.1, APIs: 4, Instructions: 83COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335290F, Relevance: 6.1, APIs: 4, Instructions: 77stringCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03368D97, Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03349807, Relevance: 6.1, APIs: 4, Instructions: 70fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033433DF, Relevance: 6.1, APIs: 4, Instructions: 68stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335D85B, Relevance: 6.1, APIs: 4, Instructions: 68stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033526F3, Relevance: 6.1, APIs: 4, Instructions: 58threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0334C100, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03343186, Relevance: 6.1, APIs: 4, Instructions: 56stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033557AE, Relevance: 6.1, APIs: 4, Instructions: 54memorystringtimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03360D43, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033422D4, Relevance: 6.0, APIs: 4, Instructions: 49sleepCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03344A1D, Relevance: 6.0, APIs: 4, Instructions: 48fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03343E33, Relevance: 6.0, APIs: 4, Instructions: 45pipeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03353421, Relevance: 6.0, APIs: 4, Instructions: 41filestringsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335A6CD, Relevance: 6.0, APIs: 4, Instructions: 39filesynchronizationpipeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335C0B6, Relevance: 5.2, APIs: 4, Instructions: 238COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03344A93, Relevance: 5.1, APIs: 4, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03351F7B, Relevance: 5.1, APIs: 4, Instructions: 83memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335E2AF, Relevance: 5.1, APIs: 4, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0336082C, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335069D, Relevance: 5.1, APIs: 4, Instructions: 64COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0335F1DE, Relevance: 5.0, APIs: 4, Instructions: 38stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03355E27, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD5461, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 150timememoryCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD3598, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 72filetimeCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BDA82B, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103memoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD4151, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD9311, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29sleepmemoryCOMMON
C-Code - Quality: 50% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD78E6, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 145stringCOMMON
C-Code - Quality: 22% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD5141, Relevance: 4.6, APIs: 3, Instructions: 58COMMON
C-Code - Quality: 47% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD18D8, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 02BD4C40, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 258memoryCOMMONCrypto
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD44A4, Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 201memorystringCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD6109, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 244memorystringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD1000, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 109librarymemoryloaderCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 27% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD1974, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD282B, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167stringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD4F07, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120synchronizationCOMMON
C-Code - Quality: 57% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD4B98, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28sleepmemoryCOMMON
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 18% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD577D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76memoryCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD7B30, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD2107, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD4450, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 23% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD117A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50memorytimeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD27C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35libraryloaderCOMMON
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD1EC1, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD131E, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BD38CA, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 000001A5B96E0FC1, Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001A5B96E0FB9, Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 0000023B4F740FC1, Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000023B4F740FB9, Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|