Windows Analysis Report 61b85f75e6a7c.dll
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"RSA Public Key": "B+xl4hUTn5rXiL0afazu2ddSc/ECZk5wqODKe0fS2KdIXHYzLOi+LPPP1HVzyCQFE2ZPog7imXfWyeJPGgVZO8mmh7g0OCbF0hBgHX6wj0qY1fBDcQxYjLnhuuJTPFt0voqEKHGGIgbiz86prZpdJls6h0dECkyqCOUP77xD4bHwJFYwmMp7govarzlBsbdorQ4qNFnd4O2rK1GEuQisAwdMkb4j9MqHf7vkHewrh1BGBeNcr85NjoxXAnfZDuX+M7b1dWoszYHJF1rgWzk4yz7fc+7Q4leAIr2PkWbTRuRpOe4P6Ok01hKGTLORQhRgWw6Mv2aRFMimHgiQWhhaHetICEhMcBl5C0yxhZCOhu4=", "c2_domain": ["microsoft.com/windowsdisabler", "windows.update3.com", "berukoneru.website", "gerukoneru.website", "fortunarah.com"], "botnet": "8899", "server": "12", "serpent_key": "56473871MNTYAIDA", "sleep_time": "10", "CONF_TIMEOUT": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
GoziRule | Win32.Gozi | CCN-CERT |
| |
Click to see the 71 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: MSHTA Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag: |
Sigma detected: Suspicious Call by Ordinal | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Mshta Spawning Windows Shell | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Suspicious Csc.exe Source File Folder | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Non Interactive PowerShell | Show sources |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Sigma detected: T1086 PowerShell Execution | Show sources |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0102D1A3 | |
Source: | Code function: | 0_2_010259E6 | |
Source: | Code function: | 0_2_0103F63F | |
Source: | Code function: | 3_2_053DF63F | |
Source: | Code function: | 3_2_053CD1A3 | |
Source: | Code function: | 3_2_053C59E6 | |
Source: | Code function: | 4_2_04ABF63F | |
Source: | Code function: | 4_2_04AAD1A3 | |
Source: | Code function: | 4_2_04AA59E6 | |
Source: | Code function: | 5_2_04C3F63F | |
Source: | Code function: | 5_2_04C259E6 | |
Source: | Code function: | 5_2_04C2D1A3 |
Source: | Code function: | 0_2_0103E230 |
Networking: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
PE file has a writeable .text section | Show sources |
Source: | Static PE information: |
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_013E3373 | |
Source: | Code function: | 0_2_013E294D | |
Source: | Code function: | 0_2_013EB084 | |
Source: | Code function: | 0_2_010298C2 | |
Source: | Code function: | 0_2_010460F4 | |
Source: | Code function: | 0_2_01035B0C | |
Source: | Code function: | 0_2_010353A6 | |
Source: | Code function: | 0_2_01027A06 | |
Source: | Code function: | 0_2_010492C4 | |
Source: | Code function: | 0_2_010262CD | |
Source: | Code function: | 0_2_01021D4F | |
Source: | Code function: | 0_2_01034F12 | |
Source: | Code function: | 0_2_0102366D | |
Source: | Code function: | 0_2_01031690 | |
Source: | Code function: | 0_2_013A0DF9 | |
Source: | Code function: | 0_2_013A0DF7 | |
Source: | Code function: | 3_2_049DB084 | |
Source: | Code function: | 3_2_049D294D | |
Source: | Code function: | 3_2_049D3373 | |
Source: | Code function: | 3_2_030E0DF9 | |
Source: | Code function: | 3_2_030E0DF7 | |
Source: | Code function: | 3_2_053C1D4F | |
Source: | Code function: | 3_2_053D4F12 | |
Source: | Code function: | 3_2_053C366D | |
Source: | Code function: | 3_2_053D1690 | |
Source: | Code function: | 3_2_053E60F4 | |
Source: | Code function: | 3_2_053C98C2 | |
Source: | Code function: | 3_2_053D5B0C | |
Source: | Code function: | 3_2_053D53A6 | |
Source: | Code function: | 3_2_053C7A06 | |
Source: | Code function: | 3_2_053C62CD | |
Source: | Code function: | 3_2_053E92C4 | |
Source: | Code function: | 4_2_006D0DF9 | |
Source: | Code function: | 4_2_006D0DF7 | |
Source: | Code function: | 4_2_04AA1D4F | |
Source: | Code function: | 4_2_04AB1690 | |
Source: | Code function: | 4_2_04AA366D | |
Source: | Code function: | 4_2_04AB4F12 | |
Source: | Code function: | 4_2_04AC60F4 | |
Source: | Code function: | 4_2_04AA98C2 | |
Source: | Code function: | 4_2_04AA62CD | |
Source: | Code function: | 4_2_04AC92C4 | |
Source: | Code function: | 4_2_04AA7A06 | |
Source: | Code function: | 4_2_04AB53A6 | |
Source: | Code function: | 4_2_04AB5B0C | |
Source: | Code function: | 5_2_02B9B084 | |
Source: | Code function: | 5_2_02B93373 | |
Source: | Code function: | 5_2_02B9294D | |
Source: | Code function: | 5_2_02BF0DF9 | |
Source: | Code function: | 5_2_02BF0DF7 | |
Source: | Code function: | 5_2_04C21D4F | |
Source: | Code function: | 5_2_04C31690 | |
Source: | Code function: | 5_2_04C2366D | |
Source: | Code function: | 5_2_04C34F12 | |
Source: | Code function: | 5_2_04C298C2 | |
Source: | Code function: | 5_2_04C460F4 | |
Source: | Code function: | 5_2_04C492C4 | |
Source: | Code function: | 5_2_04C262CD | |
Source: | Code function: | 5_2_04C27A06 | |
Source: | Code function: | 5_2_04C353A6 | |
Source: | Code function: | 5_2_04C35B0C | |
Source: | Code function: | 42_2_00E2F83C | |
Source: | Code function: | 42_2_00E3A2AC | |
Source: | Code function: | 42_2_00E29CD4 | |
Source: | Code function: | 42_2_00E258F8 | |
Source: | Code function: | 42_2_00E268CC | |
Source: | Code function: | 42_2_00E3C094 | |
Source: | Code function: | 42_2_00E2F074 | |
Source: | Code function: | 42_2_00E32844 | |
Source: | Code function: | 42_2_00E1C85C | |
Source: | Code function: | 42_2_00E1E028 | |
Source: | Code function: | 42_2_00E26028 | |
Source: | Code function: | 42_2_00E2D9D4 | |
Source: | Code function: | 42_2_00E3B984 | |
Source: | Code function: | 42_2_00E37160 | |
Source: | Code function: | 42_2_00E2A120 | |
Source: | Code function: | 42_2_00E23A7C | |
Source: | Code function: | 42_2_00E20210 | |
Source: | Code function: | 42_2_00E193D0 | |
Source: | Code function: | 42_2_00E3CB9C | |
Source: | Code function: | 42_2_00E21B60 | |
Source: | Code function: | 42_2_00E11B44 | |
Source: | Code function: | 42_2_00E3EB2C | |
Source: | Code function: | 42_2_00E1C30C | |
Source: | Code function: | 42_2_00E38CE4 | |
Source: | Code function: | 42_2_00E134F4 | |
Source: | Code function: | 42_2_00E2DCBC | |
Source: | Code function: | 42_2_00E24C84 | |
Source: | Code function: | 42_2_00E2B408 | |
Source: | Code function: | 42_2_00E1C5EC | |
Source: | Code function: | 42_2_00E335C4 | |
Source: | Code function: | 42_2_00E24D80 | |
Source: | Code function: | 42_2_00E3159C | |
Source: | Code function: | 42_2_00E35D64 | |
Source: | Code function: | 42_2_00E2457C | |
Source: | Code function: | 42_2_00E3FEE8 | |
Source: | Code function: | 42_2_00E296D0 | |
Source: | Code function: | 42_2_00E236D4 | |
Source: | Code function: | 42_2_00E2A6A4 | |
Source: | Code function: | 42_2_00E13EB8 | |
Source: | Code function: | 42_2_00E1B60C | |
Source: | Code function: | 42_2_00E1BE10 | |
Source: | Code function: | 42_2_00E40F98 | |
Source: | Code function: | 42_2_00E37F9C | |
Source: | Code function: | 43_2_00E1F83C | |
Source: | Code function: | 43_2_00E2A2AC | |
Source: | Code function: | 43_2_00E19CD4 | |
Source: | Code function: | 43_2_00E158F8 | |
Source: | Code function: | 43_2_00E168CC | |
Source: | Code function: | 43_2_00E2C094 | |
Source: | Code function: | 43_2_00E1F074 | |
Source: | Code function: | 43_2_00E22844 | |
Source: | Code function: | 43_2_00E0C85C | |
Source: | Code function: | 43_2_00E0E028 | |
Source: | Code function: | 43_2_00E16028 | |
Source: | Code function: | 43_2_00E1D9D4 | |
Source: | Code function: | 43_2_00E2B984 | |
Source: | Code function: | 43_2_00E27160 | |
Source: | Code function: | 43_2_00E1A120 | |
Source: | Code function: | 43_2_00E13A7C | |
Source: | Code function: | 43_2_00E10210 | |
Source: | Code function: | 43_2_00E093D0 | |
Source: | Code function: | 43_2_00E2CB9C | |
Source: | Code function: | 43_2_00E11B60 | |
Source: | Code function: | 43_2_00E01B44 | |
Source: | Code function: | 43_2_00E2EB2C | |
Source: | Code function: | 43_2_00E0C30C | |
Source: | Code function: | 43_2_00E28CE4 | |
Source: | Code function: | 43_2_00E034F4 | |
Source: | Code function: | 43_2_00E1DCBC | |
Source: | Code function: | 43_2_00E14C84 | |
Source: | Code function: | 43_2_00E1B408 | |
Source: | Code function: | 43_2_00E0C5EC | |
Source: | Code function: | 43_2_00E235C4 | |
Source: | Code function: | 43_2_00E14D80 | |
Source: | Code function: | 43_2_00E2159C | |
Source: | Code function: | 43_2_00E25D64 | |
Source: | Code function: | 43_2_00E1457C | |
Source: | Code function: | 43_2_00E2FEE8 | |
Source: | Code function: | 43_2_00E196D0 | |
Source: | Code function: | 43_2_00E136D4 | |
Source: | Code function: | 43_2_00E1A6A4 | |
Source: | Code function: | 43_2_00E03EB8 | |
Source: | Code function: | 43_2_00E0B60C | |
Source: | Code function: | 43_2_00E0BE10 | |
Source: | Code function: | 43_2_00E30F98 | |
Source: | Code function: | 43_2_00E27F9C | |
Source: | Code function: | 45_2_0083F83C | |
Source: | Code function: | 45_2_0084A2AC | |
Source: | Code function: | 45_2_00839CD4 | |
Source: | Code function: | 45_2_0084C094 | |
Source: | Code function: | 45_2_008368CC | |
Source: | Code function: | 45_2_008358F8 | |
Source: | Code function: | 45_2_0082E028 | |
Source: | Code function: | 45_2_00836028 | |
Source: | Code function: | 45_2_00842844 | |
Source: | Code function: | 45_2_0082C85C | |
Source: | Code function: | 45_2_0083F074 | |
Source: | Code function: | 45_2_0084B984 | |
Source: | Code function: | 45_2_0083D9D4 | |
Source: | Code function: | 45_2_0083A120 | |
Source: | Code function: | 45_2_00847160 | |
Source: | Code function: | 45_2_00830210 | |
Source: | Code function: | 45_2_00833A7C | |
Source: | Code function: | 45_2_0084CB9C | |
Source: | Code function: | 45_2_008293D0 | |
Source: | Code function: | 45_2_0082C30C | |
Source: | Code function: | 45_2_0084EB2C | |
Source: | Code function: | 45_2_00821B44 | |
Source: | Code function: | 45_2_00831B60 | |
Source: | Code function: | 45_2_00834C84 | |
Source: | Code function: | 45_2_0083DCBC | |
Source: | Code function: | 45_2_00848CE4 | |
Source: | Code function: | 45_2_008234F4 | |
Source: | Code function: | 45_2_0083B408 | |
Source: | Code function: | 45_2_00834D80 | |
Source: | Code function: | 45_2_0084159C | |
Source: | Code function: | 45_2_008435C4 | |
Source: | Code function: | 45_2_0082C5EC | |
Source: | Code function: | 45_2_00845D64 | |
Source: | Code function: | 45_2_0083457C | |
Source: | Code function: | 45_2_0083A6A4 | |
Source: | Code function: | 45_2_00823EB8 | |
Source: | Code function: | 45_2_008396D0 | |
Source: | Code function: | 45_2_008336D4 | |
Source: | Code function: | 45_2_0084FEE8 | |
Source: | Code function: | 45_2_0082B60C | |
Source: | Code function: | 45_2_0082BE10 | |
Source: | Code function: | 45_2_00847F9C | |
Source: | Code function: | 45_2_00850F98 |
Source: | Code function: | 0_2_01038A31 |
Source: | Code function: | 0_2_013E7562 | |
Source: | Code function: | 0_2_013E65B4 | |
Source: | Code function: | 0_2_013E6C06 | |
Source: | Code function: | 0_2_013EB2A9 | |
Source: | Code function: | 0_2_010309CA | |
Source: | Code function: | 0_2_0103D9F4 | |
Source: | Code function: | 0_2_0102B0A5 | |
Source: | Code function: | 0_2_0103C51B | |
Source: | Code function: | 0_2_0102D551 | |
Source: | Code function: | 0_2_01044582 | |
Source: | Code function: | 0_2_01024D95 | |
Source: | Code function: | 0_2_010467CD | |
Source: | Code function: | 0_2_01044FEA | |
Source: | Code function: | 0_2_01031635 | |
Source: | Code function: | 0_2_0103963A | |
Source: | Code function: | 0_2_01023EB7 | |
Source: | Code function: | 0_2_0102D049 | |
Source: | Code function: | 0_2_0103C0B8 | |
Source: | Code function: | 0_2_0102C0CF | |
Source: | Code function: | 0_2_0102B8F7 | |
Source: | Code function: | 0_2_01042CA5 | |
Source: | Code function: | 0_2_0103CFE8 | |
Source: | Code function: | 0_2_01027E6C | |
Source: | Code function: | 0_2_01029690 | |
Source: | Code function: | 0_2_013A08B7 | |
Source: | Code function: | 0_2_013A0880 | |
Source: | Code function: | 0_2_013A0ABA | |
Source: | Code function: | 3_2_049D6C06 | |
Source: | Code function: | 3_2_049D65B4 | |
Source: | Code function: | 3_2_049D7562 | |
Source: | Code function: | 3_2_049DB2A9 | |
Source: | Code function: | 3_2_030E0880 | |
Source: | Code function: | 3_2_030E0ABA | |
Source: | Code function: | 3_2_030E08B7 | |
Source: | Code function: | 3_2_053DC51B | |
Source: | Code function: | 3_2_053CD551 | |
Source: | Code function: | 3_2_053C4D95 | |
Source: | Code function: | 3_2_053E4582 | |
Source: | Code function: | 3_2_053E4FEA | |
Source: | Code function: | 3_2_053E67CD | |
Source: | Code function: | 3_2_053D963A | |
Source: | Code function: | 3_2_053D1635 | |
Source: | Code function: | 3_2_053C3EB7 | |
Source: | Code function: | 3_2_053DD9F4 | |
Source: | Code function: | 3_2_053D09CA | |
Source: | Code function: | 3_2_053CB0A5 | |
Source: | Code function: | 3_2_053E2CA5 | |
Source: | Code function: | 3_2_053DCFE8 | |
Source: | Code function: | 3_2_053C7E6C | |
Source: | Code function: | 3_2_053C9690 | |
Source: | Code function: | 3_2_053CD049 | |
Source: | Code function: | 3_2_053DC0B8 | |
Source: | Code function: | 3_2_053CB8F7 | |
Source: | Code function: | 3_2_053CC0CF | |
Source: | Code function: | 4_2_006D0ABA | |
Source: | Code function: | 4_2_006D08B7 | |
Source: | Code function: | 4_2_006D0880 | |
Source: | Code function: | 4_2_04AC4582 | |
Source: | Code function: | 4_2_04AA4D95 | |
Source: | Code function: | 4_2_04ABC51B | |
Source: | Code function: | 4_2_04AB1635 | |
Source: | Code function: | 4_2_04AC67CD | |
Source: | Code function: | 4_2_04AAB0A5 | |
Source: | Code function: | 4_2_04ABD9F4 | |
Source: | Code function: | 4_2_04AC2CA5 | |
Source: | Code function: | 4_2_04AA9690 | |
Source: | Code function: | 4_2_04AA7E6C | |
Source: | Code function: | 4_2_04ABCFE8 | |
Source: | Code function: | 4_2_04AC4FEA | |
Source: | Code function: | 4_2_04ABC0B8 | |
Source: | Code function: | 4_2_04AAB8F7 | |
Source: | Code function: | 4_2_04AAC0CF | |
Source: | Code function: | 4_2_04AAD049 | |
Source: | Code function: | 4_2_04AB09CA | |
Source: | Code function: | 5_2_02B96C06 | |
Source: | Code function: | 5_2_02B965B4 | |
Source: | Code function: | 5_2_02B97562 | |
Source: | Code function: | 5_2_02B9B2A9 | |
Source: | Code function: | 5_2_02BF0ABA | |
Source: | Code function: | 5_2_02BF08B7 | |
Source: | Code function: | 5_2_02BF0880 | |
Source: | Code function: | 5_2_04C44582 | |
Source: | Code function: | 5_2_04C24D95 | |
Source: | Code function: | 5_2_04C2D551 | |
Source: | Code function: | 5_2_04C3C51B | |
Source: | Code function: | 5_2_04C23EB7 | |
Source: | Code function: | 5_2_04C31635 | |
Source: | Code function: | 5_2_04C3963A | |
Source: | Code function: | 5_2_04C467CD | |
Source: | Code function: | 5_2_04C44FEA | |
Source: | Code function: | 5_2_04C2B0A5 | |
Source: | Code function: | 5_2_04C309CA | |
Source: | Code function: | 5_2_04C3D9F4 | |
Source: | Code function: | 5_2_04C42CA5 | |
Source: | Code function: | 5_2_04C29690 | |
Source: | Code function: | 5_2_04C27E6C | |
Source: | Code function: | 5_2_04C3CFE8 | |
Source: | Code function: | 5_2_04C2C0CF | |
Source: | Code function: | 5_2_04C2B8F7 | |
Source: | Code function: | 5_2_04C3C0B8 | |
Source: | Code function: | 5_2_04C2D049 | |
Source: | Code function: | 42_2_00E2F83C | |
Source: | Code function: | 42_2_00E1617C | |
Source: | Code function: | 42_2_00E22B88 | |
Source: | Code function: | 42_2_00E334E4 | |
Source: | Code function: | 42_2_00E32CC4 | |
Source: | Code function: | 42_2_00E1EC38 | |
Source: | Code function: | 42_2_00E1EDFC | |
Source: | Code function: | 42_2_00E3B524 | |
Source: | Code function: | 42_2_00E2CF2C | |
Source: | Code function: | 42_2_00E55027 | |
Source: | Code function: | 43_2_00E1F83C | |
Source: | Code function: | 43_2_00E0617C | |
Source: | Code function: | 43_2_00E12B88 | |
Source: | Code function: | 43_2_00E234E4 | |
Source: | Code function: | 43_2_00E22CC4 | |
Source: | Code function: | 43_2_00E0EC38 | |
Source: | Code function: | 43_2_00E0EDFC | |
Source: | Code function: | 43_2_00E2B524 | |
Source: | Code function: | 43_2_00E1CF2C | |
Source: | Code function: | 43_2_00E45003 | |
Source: | Code function: | 45_2_0083F83C | |
Source: | Code function: | 45_2_0082617C | |
Source: | Code function: | 45_2_00832B88 | |
Source: | Code function: | 45_2_00842CC4 | |
Source: | Code function: | 45_2_008434E4 | |
Source: | Code function: | 45_2_0082EC38 | |
Source: | Code function: | 45_2_0082EDFC | |
Source: | Code function: | 45_2_0084B524 | |
Source: | Code function: | 45_2_0083CF2C | |
Source: | Code function: | 45_2_00865003 |
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File created: |
Source: | File created: |
Source: | Classification label: |
Source: | File read: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Code function: | 0_2_013E3309 |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Window detected: |
Source: | File opened: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_013EE982 | |
Source: | Code function: | 0_2_013EAD49 | |
Source: | Code function: | 0_2_013EB083 | |
Source: | Code function: | 0_2_0104C869 | |
Source: | Code function: | 0_2_010492C3 | |
Source: | Code function: | 0_2_01048D89 | |
Source: | Code function: | 0_2_013A087F | |
Source: | Code function: | 0_2_013A0A65 | |
Source: | Code function: | 0_2_013A0AB9 | |
Source: | Code function: | 0_2_013A0B11 | |
Source: | Code function: | 0_2_013A0BFB | |
Source: | Code function: | 0_2_013A08B6 | |
Source: | Code function: | 0_2_013A0C10 | |
Source: | Code function: | 0_2_013A0C56 | |
Source: | Code function: | 0_2_013A0B11 | |
Source: | Code function: | 0_2_013A0B11 | |
Source: | Code function: | 0_2_013A0764 | |
Source: | Code function: | 0_2_013A0ECC | |
Source: | Code function: | 3_2_049DB083 | |
Source: | Code function: | 3_2_049DAD49 | |
Source: | Code function: | 3_2_049DE982 | |
Source: | Code function: | 3_2_030E0C10 | |
Source: | Code function: | 3_2_030E0C56 | |
Source: | Code function: | 3_2_030E087F | |
Source: | Code function: | 3_2_030E0B11 | |
Source: | Code function: | 3_2_030E08B6 | |
Source: | Code function: | 3_2_030E0B11 | |
Source: | Code function: | 3_2_030E0A65 | |
Source: | Code function: | 3_2_030E0AB9 | |
Source: | Code function: | 3_2_030E0B11 | |
Source: | Code function: | 3_2_030E0BFB |
Source: | Code function: | 0_2_010449B3 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Hooks registry keys query functions (used to hide registry keys) | Show sources |
Source: | IAT, EAT, inline or SSDT hook detected: |
Modifies the prolog of user mode functions (user mode inline hooks) | Show sources |
Source: | User mode code has changed: |
Modifies the export address table of user mode modules (user mode EAT hooks) | Show sources |
Source: | IAT of a user mode module has changed: |
Modifies the import address table of user mode modules (user mode IAT hooks) | Show sources |
Source: | EAT of a user mode module has changed: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | |||
Source: | Thread sleep count: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep count: | |||
Source: | Thread sleep count: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | |||
Source: | Window / User API: | |||
Source: | Window / User API: | |||
Source: | Window / User API: | |||
Source: | Window / User API: | |||
Source: | Window / User API: | |||
Source: | Window / User API: | |||
Source: | Window / User API: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_0102D1A3 | |
Source: | Code function: | 0_2_010259E6 | |
Source: | Code function: | 0_2_0103F63F | |
Source: | Code function: | 3_2_053DF63F | |
Source: | Code function: | 3_2_053CD1A3 | |
Source: | Code function: | 3_2_053C59E6 | |
Source: | Code function: | 4_2_04ABF63F | |
Source: | Code function: | 4_2_04AAD1A3 | |
Source: | Code function: | 4_2_04AA59E6 | |
Source: | Code function: | 5_2_04C3F63F | |
Source: | Code function: | 5_2_04C259E6 | |
Source: | Code function: | 5_2_04C2D1A3 |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Code function: | 0_2_0103E230 |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_010449B3 |
Source: | Process token adjusted: | ||
Source: | Process token adjusted: | ||
Source: | Process token adjusted: | ||
Source: | Process token adjusted: |
Source: | Code function: | 0_2_013A0C57 | |
Source: | Code function: | 0_2_013A0CA5 | |
Source: | Code function: | 0_2_013A0CE8 | |
Source: | Code function: | 0_2_013A0B14 | |
Source: | Code function: | 0_2_013A0BFC | |
Source: | Code function: | 3_2_030E0B14 | |
Source: | Code function: | 3_2_030E0BFC | |
Source: | Code function: | 3_2_030E0C57 | |
Source: | Code function: | 3_2_030E0CA5 | |
Source: | Code function: | 3_2_030E0CE8 | |
Source: | Code function: | 4_2_006D0CE8 | |
Source: | Code function: | 4_2_006D0BFC | |
Source: | Code function: | 4_2_006D0C57 | |
Source: | Code function: | 4_2_006D0CA5 | |
Source: | Code function: | 4_2_006D0B14 | |
Source: | Code function: | 5_2_02BF0CA5 | |
Source: | Code function: | 5_2_02BF0CE8 | |
Source: | Code function: | 5_2_02BF0C57 | |
Source: | Code function: | 5_2_02BF0BFC | |
Source: | Code function: | 5_2_02BF0B14 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_010392F6 | |
Source: | Code function: | 3_2_053D92F6 | |
Source: | Code function: | 4_2_04AB92F6 | |
Source: | Code function: | 5_2_04C392F6 |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | |||
Source: | Thread register set: | |||
Source: | Thread register set: | |||
Source: | Thread register set: | |||
Source: | Thread register set: |
Creates a thread in another existing process (thread injection) | Show sources |
Source: | Thread created: | ||
Source: | Thread created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Code function: | 0_2_013EA303 |
Source: | Key value queried: |
Source: | Code function: | 0_2_0102E521 |
Source: | Code function: | 0_2_013E5C7F |
Source: | Code function: | 0_2_013E4638 |
Source: | Code function: | 0_2_013EA303 |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts1 | Windows Management Instrumentation2 | DLL Side-Loading1 | DLL Side-Loading1 | Obfuscated Files or Information1 | Credential API Hooking3 | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Valid Accounts1 | Valid Accounts1 | DLL Side-Loading1 | LSASS Memory | Account Discovery1 | Remote Desktop Protocol | Email Collection1 | Exfiltration Over Bluetooth | Encrypted Channel11 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Command and Scripting Interpreter1 | Logon Script (Windows) | Access Token Manipulation1 | Rootkit4 | Security Account Manager | File and Directory Discovery3 | SMB/Windows Admin Shares | Credential API Hooking3 | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Process Injection613 | Masquerading1 | NTDS | System Information Discovery25 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol13 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Valid Accounts1 | LSA Secrets | Query Registry1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Access Token Manipulation1 | Cached Domain Credentials | Security Software Discovery11 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Virtualization/Sandbox Evasion31 | DCSync | Virtualization/Sandbox Evasion31 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Process Injection613 | Proc Filesystem | Process Discovery3 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Regsvr321 | /etc/passwd and /etc/shadow | Application Window Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Rundll321 | Network Sniffing | System Owner/User Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | Remote System Discovery1 | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | 3.12.124.139 | true | false | high | |
berukoneru.website | 79.110.52.144 | true | true | unknown | |
1.0.0.127.in-addr.arpa | unknown | unknown | true |
| unknown |
windows.update3.com | unknown | unknown | true |
| unknown |
8.8.8.8.in-addr.arpa | unknown | unknown | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
3.20.161.64 | unknown | United States | 16509 | AMAZON-02US | true | |
79.110.52.144 | berukoneru.website | Romania | 60233 | V4ESCROW-ASRO | true | |
18.219.227.107 | unknown | United States | 16509 | AMAZON-02US | true | |
3.12.124.139 | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | United States | 16509 | AMAZON-02US | false |
Private |
---|
IP |
---|
192.168.2.1 |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 539453 |
Start date: | 14.12.2021 |
Start time: | 10:19:18 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 15m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 61b85f75e6a7c.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 50 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winDLL@59/52@18/5 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
10:21:03 | API Interceptor | |
10:21:17 | API Interceptor | |
10:21:18 | API Interceptor | |
10:21:53 | API Interceptor | |
10:22:40 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
18.219.227.107 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
3.12.124.139 | Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AMAZON-02US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
V4ESCROW-ASRO | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
AMAZON-02US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ce5f3254611a8c095a3d821d44539877 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:Axoe5FpOMxoe5Pib4GVsm5emdKVFn3eGOVpN6K3bkkjo5HgkjDt4iWN3yBGHh9sO:6fib4GGVoGIpN6KQkj2Akjh4iUxs14fr |
MD5: | 1F1446CE05A385817C3EF20CBD8B6E6A |
SHA1: | 1E4B1EE5EFCA361C9FB5DC286DD7A99DEA31F33D |
SHA-256: | 2BCEC12B7B67668569124FED0E0CEF2C1505B742F7AE2CF86C8544D07D59F2CE |
SHA-512: | 252AD962C0E8023419D756A11F0DDF2622F71CBC9DAE31DC14D9C400607DF43030E90BCFBF2EE9B89782CC952E8FB2DADD7BDBBA3D31E33DA5A589A76B87C514 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 64 |
Entropy (8bit): | 0.9260988789684415 |
Encrypted: | false |
SSDEEP: | 3:Nlllulb/lj:NllUb/l |
MD5: | 13AF6BE1CB30E2FB779EA728EE0A6D67 |
SHA1: | F33581AC2C60B1F02C978D14DC220DCE57CC9562 |
SHA-256: | 168561FB18F8EBA8043FA9FC4B8A95B628F2CF5584E5A3B96C9EBAF6DD740E3F |
SHA-512: | 1159E1087BC7F7CBB233540B61F1BDECB161FF6C65AD1EFC9911E87B8E4B2E5F8C2AF56D67B33BC1F6836106D3FEA8C750CC24B9F451ACF85661E0715B829413 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1336 |
Entropy (8bit): | 3.991876287469523 |
Encrypted: | false |
SSDEEP: | 24:H2Fm9maDAqOaHqhKdNwI+ycuZhNlwakS61PNnq9Sd:BrgKdm1ullwa36vq9C |
MD5: | A924A25BC2BFFD71BC939EE54BBDC7B7 |
SHA1: | 19DB2BED2D6CE6E28D719DD588403D58201EEBF6 |
SHA-256: | FB087178177FE988DD91FCCA1ED2F9F93313FACF5E43039076D2EA101B76E2C8 |
SHA-512: | 5CBC29FCA7E9B287A6FD143376DA20A140132D0D7BFF644EDBFE7FB0360E8315F7753704005B4BA5F9C0EC5836DD0E608A796E74E40DCDDE5CF77554AF2AE937 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1332 |
Entropy (8bit): | 3.9787663301438485 |
Encrypted: | false |
SSDEEP: | 24:HvMzW9n+arP1p11aHxUhhKdNwI+ycuZhN5akSnPNnq92d:Z7rP9oyvKdm1ul5a31q9G |
MD5: | 7D8E752877E3D05D6EF7FA19F61D1B1B |
SHA1: | 9A737232CA061BFB20872477083A44934CEC3309 |
SHA-256: | 329690906DBAA3C008A62AB1257C741217071A6C8298E7AC3E1FEC040849102C |
SHA-512: | 16620E26157A2FBA00A6494B3F8ECAF5B74F8E2B7D5738B6123FC739E9769F3009C922827B64AB718FD14FDA82B65E69CC8654E2482F48C178A2332F312954C1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1336 |
Entropy (8bit): | 3.9997994300245385 |
Encrypted: | false |
SSDEEP: | 24:HkFm9mayzVaHUMhKdNwI+ycuZhNcakSoPNnq9Sd:PyzI0eKdm1ulca3Qq9C |
MD5: | A7D19B016DD2E87C7F1705B8AF710E8E |
SHA1: | E7051DE14C9A314A4080D70224AD09816268BF02 |
SHA-256: | 016221C08CBD224990582FEE0A8BA0DCA0DF09DDF7FDA02F4599FFA82A2B3952 |
SHA-512: | F5EE0E4E2556DC500CEA21597DC7E4C4E4C937543E019FB6F9BE31CC7DB6F6A8149C6C99C4F4C4930F045360D6C4AA185278F26B9EBD796B2F6E55A919F997FB |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1336 |
Entropy (8bit): | 3.979389767875343 |
Encrypted: | false |
SSDEEP: | 24:HfFm9na7QVQaHVuPYhKdNwI+ycuZhN05akSPOPNnq9Sd:P7QXFKdm1ulua3Kq9C |
MD5: | BBFDDF46C53F13E3CD50C7FB032A9C11 |
SHA1: | 7FD005ACB8E69898681243C45BAEE3E9B07E1A60 |
SHA-256: | 63ED0B7F7A4719A72DA2A424362DBCDDA27BB627AC844AFD13F71080AEE3AE31 |
SHA-512: | 8BFB18E6C91F2341877E8E28745730E4A191E8AFE83DA8ED175932AD2D92E11664E5F96727CEA54BC8AFAA3B36ED40CE338B2686C60C1FFA778CE804C4CD4964 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 395 |
Entropy (8bit): | 5.011724479977666 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZFMRSRa+eNMjSSRrh+SRNdDQaAntHQy:V/DTLDfuHV9eg5rh14aAntwy |
MD5: | B1DA1EF961AA0CE50C236459261D955A |
SHA1: | 99CF19F188248557193608FE42C1CB88FCF234E1 |
SHA-256: | 139659D9C1D794242DE8DEFB1E33C785B3B63A691230874656B2B1AFC9E0B26B |
SHA-512: | 27C4E9D4D1926A87EB5A2CAFD768D80A9D566C5FE9C7EB17F87453698415B30E251816738388C3171519A74B20AB0919C47C04A1E6CF9E1D82547540DF5E1682 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.216630389653668 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fMpo/l0zxs7+AEszIN723fMpo//n:p37Lvkmb6K2aWoCWZETaWoH |
MD5: | F2CAB91D6AE2F982B347805414E2DA2F |
SHA1: | 9134FFA580A5782320E2BECD2E6D13CA5016FE4A |
SHA-256: | E7A0D624F6DA13B73E6397DAAF131CE3B8A843CBF47975D26A1C7C39B1A79DAA |
SHA-512: | B1A982AD547563FD21A51E442BC4CB6A0A5AF5E8F5EA47B23734BC9657366F5E57A198B7EFBA97AACB2F99A751931E1C5446748D178D8DB564F3AEB416ED51B0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 872 |
Entropy (8bit): | 5.3041980760639875 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2aWozETaWoOKaM5DqBVKVrdFAMBJTH:Akka6CfE+yKxDcVKdBJj |
MD5: | 28601DA1A34FA522B7E501CAB2D52D0D |
SHA1: | CE63B8E4F3DACA2C049859BCCFEFE922312E953B |
SHA-256: | 71785F6CACBEA8608EE82CBEF53670305A597D826F6AA6A2BACB13A722378992 |
SHA-512: | 605216610FF268226BED924AE1F648B5733C2D119757CF6FBEB9BD67371D98F5C19C5D34E3CA09E4B4781B97FBE7E6BADF56AB44601B7AC0BC1A472B50881A52 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.074713113011581 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryRrak7Ynqq4EPN5Dlq5J:+RI+ycuZhNvakSBPNnqX |
MD5: | DB7C686DED61FAF08452A0F834AFA8DA |
SHA1: | 58D7DDDA0A4A2DA91E31C497B111902DAC894F1B |
SHA-256: | BEB640592987F9EABFCF681FBA55C2A2A39D87D033E90359DE62F37DEBED2A09 |
SHA-512: | 85B17CC2EB71A6DD7065610726B61666C2A5C075851DE4B39CF2DD85EBBBCE6266BC65452C02AE27FD48C6DAEE72C9F45AA09557EB8B98587E04A821DFD0CE8E |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 395 |
Entropy (8bit): | 5.011724479977666 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZFMRSRa+eNMjSSRrh+SRNdDQaAntHQy:V/DTLDfuHV9eg5rh14aAntwy |
MD5: | B1DA1EF961AA0CE50C236459261D955A |
SHA1: | 99CF19F188248557193608FE42C1CB88FCF234E1 |
SHA-256: | 139659D9C1D794242DE8DEFB1E33C785B3B63A691230874656B2B1AFC9E0B26B |
SHA-512: | 27C4E9D4D1926A87EB5A2CAFD768D80A9D566C5FE9C7EB17F87453698415B30E251816738388C3171519A74B20AB0919C47C04A1E6CF9E1D82547540DF5E1682 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.158352377882466 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fMnzxs7+AEszIN723fM2GAn:p37Lvkmb6K2a0nWZETa02GAn |
MD5: | 572BA0D098BD81AE02A0A8D1820CC54E |
SHA1: | 8CD2D32442EE473F6ABFA6ED6879958BE9F0B644 |
SHA-256: | F93B490D9A53DBF4B286DB3F90D7F1831712992DA4F55AB58A25100DFF70B2BA |
SHA-512: | 2CAC5D0802040E9224834909AEDAF66ABA49A3A0BAF622775FE7478829D86D394724E69C8F529B4BBBD864DA85C3ABAD7424A2304149458487EBAF753BEDC23B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.596786045578255 |
Encrypted: | false |
SSDEEP: | 24:etGSh/W2dg85xyFODuhxpdWXoWtkZf/KK1UKJ+WI+ycuZhNvakSBPNnq:6Mkb5xykIHWEJCMUKl1ulva3zq |
MD5: | 741ADACFC6720E0AF6140AF8DCC349FC |
SHA1: | 6EF662F94911E4B24D4B451C27B92536B8F70A95 |
SHA-256: | 6C26CE931BB1E5E14A72E8EEE8EF3C311B1E4591AB5431716B538AADE4DB8775 |
SHA-512: | 498BFAAF7842A7FD86C0C4B53F8EF17EBC3FDE3E2E5652958FFF540405145F2B29206A66422873D3F17528960F953D931366FBE3D63C7A5BEAA217298F0E6ABF |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.287567169766519 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2a/ETao1KaM5DqBVKVrdFAMBJTH:Akka6C/E+o1KxDcVKdBJj |
MD5: | 8BCCA5B89F2FA310526D310DF8DBCC42 |
SHA1: | FE8909B3FCC426455447E45861D10CC5D5B108FD |
SHA-256: | 1FD4EB9B6D19F65B0ACAAF11A7D722C50CD3D12840694A0673FA3CEA0B03B32D |
SHA-512: | C4368FBF67BB826E5B0DC8C1E5E5AC4171157410A405DCB2C12A989F6DCC20084BB2F827EE9D64F92694A4C907F1A7E1F3EC4E40075883B2C6D00270BBB8CA89 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 395 |
Entropy (8bit): | 5.011724479977666 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZFMRSRa+eNMjSSRrh+SRNdDQaAntHQy:V/DTLDfuHV9eg5rh14aAntwy |
MD5: | B1DA1EF961AA0CE50C236459261D955A |
SHA1: | 99CF19F188248557193608FE42C1CB88FCF234E1 |
SHA-256: | 139659D9C1D794242DE8DEFB1E33C785B3B63A691230874656B2B1AFC9E0B26B |
SHA-512: | 27C4E9D4D1926A87EB5A2CAFD768D80A9D566C5FE9C7EB17F87453698415B30E251816738388C3171519A74B20AB0919C47C04A1E6CF9E1D82547540DF5E1682 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.266859690195427 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fVCTjC7JUzxs7+AEszIN723fVCTjC3:p37Lvkmb6K2aL+WZETan |
MD5: | 4C7D143E2EC6E0CA2EE0893AF138CD54 |
SHA1: | A68CAEF8C25979706DE7913E48AD6587288C035A |
SHA-256: | 94B89A0A848DFF70B8DF7A7D095D81C2DFF9CF65E156246958F1124DB66A4353 |
SHA-512: | 1F303FE5AF50CD7ECBB9741F1FB8185F44DA0719CD6714BA0E8DDD429205128A69E1E72E8C2B5A6CE235B0C950222F7FA7B38855CC464DF887129AB633C94905 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 872 |
Entropy (8bit): | 5.326473552198273 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2aL/ETauKaM5DqBVKVrdFAMBJTH:Akka6CL/E+uKxDcVKdBJj |
MD5: | F82E94D258F3D67B8A490649E0C3D4CD |
SHA1: | FC0ED64AA500019001A82BD2C49D2358386C03C4 |
SHA-256: | 5821291F4341F52EFDB9CFF95808C4651DB8B2B95F511402B7985667167FE7D2 |
SHA-512: | 2B0E9907EA5C1E380D337A14014F53AA49D2BDF6E35A7DA0943DAEDD6DC49FF24AF5618EA713524E55049F62BCA3E7EAE3026BED5AC27A1D9F5FF726C07D83D2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0924949403415782 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryGzak7YnqqLcPN5Dlq5J:+RI+ycuZhNcakSoPNnqX |
MD5: | C2FED3B62C70792CE5FBC51B8104FF58 |
SHA1: | A697EC532E1C75AC63A2D688109BE3A08DEAF138 |
SHA-256: | 8796FC4DF02E92514DFFF15DF891E70F332C9CE5009E2F4F4D9E10CAEA43F321 |
SHA-512: | 7C5D29E3C402DBD40505CE8BD3EA833EF0E67FC029B524466198964097979AC52CC452790F1C503A8674BDE4968FC93A0A652B95A4574A0A0C72A3903262D77B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 414 |
Entropy (8bit): | 5.049516587690195 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJwMRSR7a1f892RV9SRa+rVSSRnA/fsTfaskNDVzy:V/DTLDfuEB92Ru9rV5nA/ETf5EDVzy |
MD5: | 66D77EA7A947B910D56CFB0FC4B85BE6 |
SHA1: | 9D503A2C0DDAEE23A81802CA8444D8B7039ECE6B |
SHA-256: | 66E86036222F5D3B474370BBBA04C4A7DECC42D05D25675846CBA63F16877D8B |
SHA-512: | A53181798E577ABD31EE4063903E62171903B369B4FF26C337CC0108BE8883BEE39000A858FB24E92D13CDB89EF5782AADF06B7BD6807DD2D46458F813EE772B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.225964153941322 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fpvQYOzxs7+AEszIN723fpvQYt9:p37Lvkmb6K2ae9WZETae+9 |
MD5: | E417A790F5ECFFC57E19553220860204 |
SHA1: | BB0C8AD3294335CCC3EBCA484E82CBC3B82212BC |
SHA-256: | 531B60C5D5234C2C2E5D19FC1786C018D6EFCA1EE3A85072C7B57D5DE6B1CA53 |
SHA-512: | 2EDCEC5482641ADF4BF396846A92AED21D928CF60D61B7013190ECAC5C8962123B674EA20B568B227FA2D32AA95494FA887BAF666E45A589E32C41DACE567087 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6323976125718667 |
Encrypted: | false |
SSDEEP: | 24:etGSv8+mUE7R85z7woel/gO4/eiDPtkZfH8eWDZ0WI+ycuZhNcakSoPNnq:69XE7S5gGUiyJH8eAZX1ulca3Qq |
MD5: | 7C00DECE0E6267D12BE7E759F865EBA6 |
SHA1: | 056B3240A7F7F9470CCD40E6C3540B0EAE77D0CC |
SHA-256: | 952644239DF6BE31335F7E1AC3324A4D0E6424ED83296800B78644FC6DF6D5B0 |
SHA-512: | C92B7CA867B544EFEEE1BC7BD1CBB1328873152907DFAFEDA79F9E5B44298974999B1CD61B99D2FD371C8E6D7A50EB0A6B618C536C5ACD656F956208F12366EC |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.310389610172864 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2atETaL4KaM5DqBVKVrdFAMBJTH:Akka6CtE+L4KxDcVKdBJj |
MD5: | 710CC09857DFFC53DC33F785B737101D |
SHA1: | 9CB5D3A127ACB37BAD9420BAB670D51F3AE02B26 |
SHA-256: | 065EC096833AAAD0FF61129A37E9C85A65A1E228F1D520683BEEBE57D5DEFE1F |
SHA-512: | 1BED7D3D136AED086A1D61ABE2036C4850A886DA245BA8C3206E8AF988F85E4A8C2496928178863EF765F87AF472DC0E98BFAC83360C3094C0EB4AAEA3CB5D3B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0921663918005518 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grynwak7Ynqq61PN5Dlq5J:+RI+ycuZhNlwakS61PNnqX |
MD5: | 8D38707C9DA074E8298A09CCEFE267D4 |
SHA1: | 4698BF2772175E64EA531AAF69A1830AB7A62240 |
SHA-256: | E404495A4BA5D32217D87538BD4DB72E0CE80B741CC5318D16F621E1245A1310 |
SHA-512: | EAD5798174C105EBD2FDC5EB87060C65209E35841BF5EE8627CDECF11F2F7A93FE10535B8CCED239987DBB9CCCF757A47378F726947A0E7FE1CD575CA19CBDE3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 414 |
Entropy (8bit): | 5.049516587690195 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJwMRSR7a1f892RV9SRa+rVSSRnA/fsTfaskNDVzy:V/DTLDfuEB92Ru9rV5nA/ETf5EDVzy |
MD5: | 66D77EA7A947B910D56CFB0FC4B85BE6 |
SHA1: | 9D503A2C0DDAEE23A81802CA8444D8B7039ECE6B |
SHA-256: | 66E86036222F5D3B474370BBBA04C4A7DECC42D05D25675846CBA63F16877D8B |
SHA-512: | A53181798E577ABD31EE4063903E62171903B369B4FF26C337CC0108BE8883BEE39000A858FB24E92D13CDB89EF5782AADF06B7BD6807DD2D46458F813EE772B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.173224995113562 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fXWsor0JUzxs7+AEszIN723fXWsorO:p37Lvkmb6K2aP4Q+WZETaP4q |
MD5: | 6BE56DACEFC57A712EA48F043E87C783 |
SHA1: | D0681E001D2DABEF7D2E3993992EFAE42F65B518 |
SHA-256: | 9D8DC9E1EF8194163AD1488C6F630D49868ACCA608929CF85C3D080FB3FDE844 |
SHA-512: | B0685B3E0CBD55C2DBDD7FB40F532CB62207A82FCB5A76D6451936A752200CC2C3CFB250D549A9A10CBE148FB6085D06E689FA4B37BEDFC32FBADE7D3ADD2CDC |
Malicious: | true |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6332356785832784 |
Encrypted: | false |
SSDEEP: | 24:etGSl8+mUE7R85z7woel/gTE4/eiDPtkZfmPENDZ0WI+ycuZhNlwakS61PNnq:67XE7S5gGT6iyJmPiZX1ullwa36vq |
MD5: | F5AA19BA9E19FFD0C554993566FCB9A1 |
SHA1: | 0A6CD2AF2C18AD6717A9F54CE6F1EC9D05DAAAA3 |
SHA-256: | AA37819283565FA6E4FED32DFBD5BC46AFEE33457A0A05229EA1D74C112D7DF3 |
SHA-512: | 5BA356DE7E941FFB7F8A62E93612C01362DEC9A548CABFEE616A004EBC48D055909000D1C1BF0254206B25895D4A111A3204A4EC447B27DC8CFA19B5AC700D88 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.301489549454478 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2apETawKaM5DqBVKVrdFAMBJTH:Akka6CpE+wKxDcVKdBJj |
MD5: | B17FFB955F30A845D8BCF1C881AFD851 |
SHA1: | 13338CBE5E707CF0B7033C997E84A6AD19C18FF9 |
SHA-256: | 9AE5AB954FB134CE28AEC0E5F5F78551A6C27DDD0E2DA686F310B7C8C316F09D |
SHA-512: | E5A107C314E7E311314E36D0E7274F2C95DF94A65B0EFC1150ED7CF5537028918668CDBC9D740C0629AE128E31083C93A7ECCC663E9F13C21BE81D8F4382E681 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0890365915861624 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryH7ak7YnqqC0PN5Dlq5J:+RI+ycuZhN5akSnPNnqX |
MD5: | 30A3097118EDB11AB1993E197C9073FA |
SHA1: | 615B7D6D7126E88ABA3F17B6973630F89852F0AA |
SHA-256: | 3B1178DF0B42B9FE32931ECD764E022C5C3993757D9E08888154E8CFE7DC3ACB |
SHA-512: | 169145C229E843797950547FA2B91AD5F73A7874E3D498859748A7C29F41A7F61CB7EF60CFBBDA05818A38394BCBEA483363C1D46DAAE992CC938BA05FD190C5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 414 |
Entropy (8bit): | 5.049516587690195 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJwMRSR7a1f892RV9SRa+rVSSRnA/fsTfaskNDVzy:V/DTLDfuEB92Ru9rV5nA/ETf5EDVzy |
MD5: | 66D77EA7A947B910D56CFB0FC4B85BE6 |
SHA1: | 9D503A2C0DDAEE23A81802CA8444D8B7039ECE6B |
SHA-256: | 66E86036222F5D3B474370BBBA04C4A7DECC42D05D25675846CBA63F16877D8B |
SHA-512: | A53181798E577ABD31EE4063903E62171903B369B4FF26C337CC0108BE8883BEE39000A858FB24E92D13CDB89EF5782AADF06B7BD6807DD2D46458F813EE772B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.19959834421907 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fpyAHUzxs7+AEszIN723fpy2:p37Lvkmb6K2axybWZETaxy2 |
MD5: | 5E6CD1F7B44B6E3B4C22EAF18C17B4E4 |
SHA1: | 7D5CB5F73BB6D2E8EC75A4ED779F3B8CF57CF23B |
SHA-256: | 1FCA6CEC3FAF3F369A605C055F0EE65690ED9838A18EE01BA3D8B81315A211E2 |
SHA-512: | 5FABA37FFE22F142287B53D9A18F828EA5101576D953C0A10945F892523E5C39D6B7503BDC0BA004ACE656A498846AD74B2C284FD3B18AD6A7AD51ED5A15E0E1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6318992955586533 |
Encrypted: | false |
SSDEEP: | 24:etGSQ8+mUE7R85z7woel/gf4/eiDPtkZfYmgfDZ0WI+ycuZhN5akSnPNnq:6aXE7S5gGZiyJYmoZX1ul5a31q |
MD5: | C9304AA657C4D4A6CB3A3F3E0BB4D7EF |
SHA1: | C8D07D9C483B5EE7CBB5B92B2BB07EB7A1EB48FD |
SHA-256: | 9B80595D0F55E78C8CB1DF004FB37D5A94AF1B19C2C8806F426B2A6BA51A29E2 |
SHA-512: | 3E66DC953433A11FE0083B2D40935B147D9BF7CE93E11F2EBC47F4EB1B5362384E3889C73518910B010457D9961FE17860D58CFA38B3E8C4207F96462B848E74 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.292537978034834 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2aLETa2KaM5DqBVKVrdFAMBJTH:Akka6CLE+2KxDcVKdBJj |
MD5: | 71B3F041076E3F95CFFD60D5175E75DF |
SHA1: | 3E8BB427FD0CF04864317DB344053003824DFAA0 |
SHA-256: | 94857FB771A06BB6B94A77618220A25D5BED278081EDD5A4CC93ECF424D175A9 |
SHA-512: | 1DE93694D194DCF73BD6190B41C5E0DA69CDEB075E7E7338E51913775DBF3879571F159BC24A991F6E499E3D72CD1F8233B196C057C2FDDBDB9F9F0226EB523F |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 395 |
Entropy (8bit): | 5.011724479977666 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZFMRSRa+eNMjSSRrh+SRNdDQaAntHQy:V/DTLDfuHV9eg5rh14aAntwy |
MD5: | B1DA1EF961AA0CE50C236459261D955A |
SHA1: | 99CF19F188248557193608FE42C1CB88FCF234E1 |
SHA-256: | 139659D9C1D794242DE8DEFB1E33C785B3B63A691230874656B2B1AFC9E0B26B |
SHA-512: | 27C4E9D4D1926A87EB5A2CAFD768D80A9D566C5FE9C7EB17F87453698415B30E251816738388C3171519A74B20AB0919C47C04A1E6CF9E1D82547540DF5E1682 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.222834284403675 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723f51n0zxs7+AEszIN723f5/H:p37Lvkmb6K2ah10WZETah/H |
MD5: | 88C71B6719907B92C99029F9DF4C3781 |
SHA1: | 667EDB93A80D214FCD8C7DB39F368586A5FFFD2D |
SHA-256: | D8001B915AA15E64B32C56331B6749F7D4ADAB361228DDB3B81C1DAFEB82BDE3 |
SHA-512: | 6FF6E9812F843FA1AB77B3F176C58F5CABD9A93DCF344EE9AFF4943DB59BBD7A260545445B561A23D537C04F4DAFA79A9ADC45E52CDFA7695D20AA434F34B805 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 872 |
Entropy (8bit): | 5.314771609463602 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2avVETapOKaM5DqBVKVrdFAMBJTH:Akka6C9E+pOKxDcVKdBJj |
MD5: | FBF42D3DC0BCD15D5634FB6E9DCE0B89 |
SHA1: | A1E67FC78A33DC2FF510187D9A143B1980A198D8 |
SHA-256: | 7794B8E2C92DCFAA2E6E0F070A71F1B82EB43D0E1B962A1413E3D7B3DDFA1D97 |
SHA-512: | 8EB85167B7225987874B8EBDEE3EAAA5F7B7B476FBC4855C1E2A202A292B27BA7C398D49027F7647CA70CB217507EDFEE5287FBBF4F4432146C119FCEC142648 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0882008464403055 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryC5ak7YnqqPOPN5Dlq5J:+RI+ycuZhN05akSPOPNnqX |
MD5: | B6905AF467395A55B06B7D723D6F9071 |
SHA1: | DE3FE20DBDC687C7434A1C7598C3EE0CFBBA6ECA |
SHA-256: | 6024F928917A5852278333793A6AC3BB6742E86C4F0095B7467BA1E148AB32B6 |
SHA-512: | 066A42CA9AABF4DF85EAF3B698E80D21F512CDA444C59FA46AA3FE478CDCA0E7998806C08B98CFA2069BA98137984EE352C3C715166DBD04123AB094E42C97E6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 414 |
Entropy (8bit): | 5.049516587690195 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJwMRSR7a1f892RV9SRa+rVSSRnA/fsTfaskNDVzy:V/DTLDfuEB92Ru9rV5nA/ETf5EDVzy |
MD5: | 66D77EA7A947B910D56CFB0FC4B85BE6 |
SHA1: | 9D503A2C0DDAEE23A81802CA8444D8B7039ECE6B |
SHA-256: | 66E86036222F5D3B474370BBBA04C4A7DECC42D05D25675846CBA63F16877D8B |
SHA-512: | A53181798E577ABD31EE4063903E62171903B369B4FF26C337CC0108BE8883BEE39000A858FB24E92D13CDB89EF5782AADF06B7BD6807DD2D46458F813EE772B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.17577930886851 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723f97Gzxs7+AEszIN723f97V9:p37Lvkmb6K2a9GWZETa9V9 |
MD5: | 5A76B660E832AA581281D58BC7BAA5A2 |
SHA1: | 024250002F01662F9AB2370CF4033EA8487665B6 |
SHA-256: | B60360D322E1A93A5509DB4EEA774C5FB09F2D2A8B1B92B51D8385E54B872276 |
SHA-512: | 4461492B81B48FB437055C992CCC555371D16DF08788E6D3AB7512019A7B483D8772D9A3D1192A956736A96A8B0A02B2D3FDD68D84F2EAC82A4B38E95F7BA63E |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.635212339978853 |
Encrypted: | false |
SSDEEP: | 24:etGSN8+mUE7R85z7woel/gE4/eiDPtkZfKGpsDZ0WI+ycuZhN05akSPOPNnq:6DXE7S5gG6iyJKGpCZX1ulua3Kq |
MD5: | EF9522EB6C3500384C36EE79C184EC6B |
SHA1: | FE4AF6485B4A01629F901F753C3DC2D064683718 |
SHA-256: | 527F9A7FF12525547D21900A699B9BCDADD1C109A11EFDF624411C2E3FEA6C1A |
SHA-512: | 7EBD29BDE63276534B24AB60DC274D5D473ED13B20F2AD30B74740D993D9F5C6AAD81F72DC8FA3C42CBA714C3E27B414D5985D2DB617CC68D611DE5A3D7D62EE |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.293151646200869 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2axETa34KaM5DqBVKVrdFAMBJTH:Akka6CxE+oKxDcVKdBJj |
MD5: | 5F3A49EA202366DDFA9816641C833803 |
SHA1: | A7BA847BF2CA2BB118F71E6F12BB879B0DA52F29 |
SHA-256: | 227DF3C5AF341B067B565D4E0BC9C6555F1CCDD660020007014D5DD7C124419B |
SHA-512: | C3E4270BBA10C2213BF049A0A5D6447496D9406848A2C9D2A8BF882F691F4831689E0E10B3A3959464298CC4F7F77FAE6893EB6C4E5035B382C82CDD5D49B9FB |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1379 |
Entropy (8bit): | 5.379442550983847 |
Encrypted: | false |
SSDEEP: | 24:BxSAPRN7vBVLVvx2DOXUW+nELCHu4XWDUHjeTKKjX4CIym1ZJXXRenELCHu4S3eP:BZP/vTLVvoOmbu4GYqDYB1Z9gbu4SAZx |
MD5: | D55F220D9892547788887A8A32831118 |
SHA1: | 1B02881E135C7C81C2D3838A7961A121E7187DD5 |
SHA-256: | 7F26B4B3D12B445417AEF015E2BE4048848B6D814FE8466848C0B69AFA2272AB |
SHA-512: | 858D5CBE3793B79BE8BACCA705F9EA92D39507171ADA3B09FAA71382374AC0A1C719674DB4D7A7BCE8B69BFCACC1CAECDBD7FC97BC6E6CF2FBE655EF08FCDEA3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1379 |
Entropy (8bit): | 5.383650096362091 |
Encrypted: | false |
SSDEEP: | 24:BxSAPRN7vBVLVvx2DOXUW+nELCHu4XW6HjeTKKjX4CIym1ZJXXRenELCHu4SDmnu:BZP/vTLVvoOmbu4G6qDYB1Z9gbu4SDou |
MD5: | 68350C66B532BFF0B584D247AD24F0D5 |
SHA1: | CE1EB6152EE292AFDCBAE05C7057BAEB61FB2996 |
SHA-256: | 88CB4539138955AB926F559B2692348F63792A4ED0EE8B30ACE747FB404ECC94 |
SHA-512: | 80CE793621A577D179F6F633C97D8B39A8EBB79C1E50EFF57EA02BEEBDDD0F320DE6B314913CE7A40077CAE8023957747004AF9C1D9F98E280664CD2822D0828 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1379 |
Entropy (8bit): | 5.383634787556345 |
Encrypted: | false |
SSDEEP: | 24:BxSAPRN7vBVLVvx2DOXUW+nELCHu4XWGHjeTKKjX4CIym1ZJXXRenELCHu4SQDnR:BZP/vTLVvoOmbu4GGqDYB1Z9gbu4SQDR |
MD5: | 19F594408E907A61AD2F2145D3840483 |
SHA1: | FBFD6B66842B9D146C8B200852764C5FF0FDF33E |
SHA-256: | E7AC349B39C99824312EF83330E3D1EE270DDCF84B0C20C4FDC24C35F4EA3523 |
SHA-512: | 4FBDF2CBBC63FCED8296EB738DADA7BBD616759859847D127A8680A9209FD91AB060FD95A441079853857E15E156D3863BE944E74390436885E3F19E7ED5B6E1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1379 |
Entropy (8bit): | 5.38423662326416 |
Encrypted: | false |
SSDEEP: | 24:BxSAPRN7vBVLVvx2DOXUW+nELCHu4XWF3HjeTKKjX4CIym1ZJXXRenELCHu4S/nI:BZP/vTLVvoOmbu4GF3qDYB1Z9gbu4SPI |
MD5: | DB43AE7808126FE5E4B988C75C7F8F7E |
SHA1: | D4A787EA3FDCD788BC0620482E9B5851802B46C7 |
SHA-256: | 8E28E9B5EE4C6FF29D3D1F2763EE64BC8E4E6C04264DE5895EE56861225E6760 |
SHA-512: | 2CE1A34F9A696E42D61D69E37C958E2412229E07B62CABEFBEE1743D1FD59F13F248A94DEEDEC5711E5F5E3DD4067C8E861B5F7569D4F25F4567B115D74F06D4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.271216262919323 |
TrID: |
|
File name: | 61b85f75e6a7c.dll |
File size: | 1781920 |
MD5: | 26788bdf519813ff2600570a5c8e23d9 |
SHA1: | 44f22a053e84cd7afcf34a4fa19dbf512c8a624d |
SHA256: | 25f74513f1f0a72453bf096337daba7268bf77371f7fc210f56672f52b7b3af1 |
SHA512: | 54cad6bdd1ef350a02e6e3645db3fc3f1fadb385c7dcf5eeacf20a8b1d7fbc42aa3cb88d320fda63a7224b2507e7b84e3942cb54fb61cc398800ec95f6f2d505 |
SSDEEP: | 49152:dOMY8UQw8MT8UQw8MT8UQw8MT8UQw8MT8UQw8MT8UQw8Mc:9Y8UQw8MT8UQw8MT8UQw8MT8UQw8MT8Z |
File Content Preview: | MZ......................................................................!..L.!This .ro.ra. cannot be run in DOS m.de....$.......PE..L...[..a...........!....................................................................................................V.. |
File Icon |
---|
Icon Hash: | 82b0f4c6d2c66cb1 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1001f3fe |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | |
Time Stamp: | 0x61B6D25B [Mon Dec 13 04:55:55 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 90a569c76737ac6eae14ae164dabea89 |
Authenticode Signature |
---|
Signature Valid: | false |
Signature Issuer: | CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 8E8056A2284F0304445ED325353454BF |
Thumbprint SHA-1: | E16BB6EE4ED3935C46C356D147E811286BA4BBFE |
Thumbprint SHA-256: | 968F9536C18A4475095B37792855AA62306275DEC05BD72F21653C98026CFC4E |
Serial: | 038EDB2FC6E405731A760F1516144C85 |
Entrypoint Preview |
---|
Instruction |
---|
mov ebx, edi |
or ebx, edi |
jmp 00007FA47086A232h |
ret |
ret |
pop ecx |
push esi |
pop ebx |
ret |
mov edi, dword ptr [1000335Ch] |
call 00007FA470869118h |
mov esp, dword ptr [ebp-18h] |
mov word ptr [100030FCh], es |
mov ecx, dword ptr [ebp-04h] |
lea ebp, dword ptr [esp+10h] |
int3 |
int3 |
push ebp |
push edi |
mov dword ptr [10003120h], eax |
push eax |
je 00007FA470868E06h |
int3 |
mov dword ptr fs:[00000000h], ecx |
mov eax, dword ptr [ebp+0Ch] |
mov ecx, edi |
push eax |
jmp dword ptr [100040BCh] |
add ecx, eax |
mov eax, dword ptr [ecx] |
cmp edi, ecx |
mov eax, dword ptr [ecx] |
push 10000000h |
mov eax, dword ptr [ebp-14h] |
push 00000000h |
push 1001E268h |
ret |
xor esi, esi |
xor esi, esi |
xor esi, esi |
pop eax |
int3 |
int3 |
int3 |
mov esp, dword ptr [ebp-18h] |
int3 |
jmp dword ptr [10004078h] |
pop ebx |
sete cl |
call 00007FA470868CC3h |
int3 |
mov ecx, edi |
ret |
jmp dword ptr [1000406Ch] |
ret |
call 00007FA4708689CCh |
int3 |
int3 |
mov word ptr [100030F8h], fs |
cmp dword ptr [10003010h], 00000000h |
int3 |
int3 |
int3 |
call 00007FA470868E8Fh |
int3 |
int3 |
mov ebp, esp |
push dword ptr [ebp+08h] |
int3 |
sub al, cl |
jmp 00007FA47086BA28h |
int3 |
int3 |
int3 |
push eax |
mov dword ptr [ebp-04h], eax |
int3 |
cmp dword ptr [00000000h], 00000000h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x1cff0 | 0x56 | .text |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x43d04 | 0xb4 | .data |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x47000 | 0x16f8e8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1b1800 | 0x18a0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1b7000 | 0x6ec | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x28d06 | 0x27c | .data |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x26ec0 | 0x24800 | False | 0.51682229238 | data | 5.5020241716 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x28000 | 0x1e4fe | 0x1be00 | False | 0.0578843189462 | data | 6.07273076569 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x47000 | 0x16f8e8 | 0x16fa00 | False | 0.218529518021 | data | 4.81717219526 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1b7000 | 0x6ec | 0x800 | False | 0.75 | data | 6.07315256741 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x4af70 | 0x668 | data | English | United States |
RT_ICON | 0x4b5d8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x4b8c0 | 0x1e8 | data | English | United States |
RT_ICON | 0x4baa8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x4bbd0 | 0xea8 | data | English | United States |
RT_ICON | 0x4ca78 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x4d320 | 0x6c8 | data | English | United States |
RT_ICON | 0x4d9e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x4df50 | 0x25a8 | data | English | United States |
RT_ICON | 0x504f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x515a0 | 0x988 | data | English | United States |
RT_ICON | 0x51f28 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x52390 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x647b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x693e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x6d608 | 0x25a8 | data | English | United States |
RT_ICON | 0x6fbb0 | 0x10a8 | data | English | United States |
RT_ICON | 0x70c58 | 0xeb0 | data | English | United States |
RT_ICON | 0x71b08 | 0x988 | data | English | United States |
RT_ICON | 0x72490 | 0x6b8 | data | English | United States |
RT_ICON | 0x72b48 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x72fb0 | 0x668 | data | English | United States |
RT_ICON | 0x73618 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x73900 | 0x1e8 | data | English | United States |
RT_ICON | 0x73ae8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x73c10 | 0xea8 | data | English | United States |
RT_ICON | 0x74ab8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x75360 | 0x6c8 | data | English | United States |
RT_ICON | 0x75a28 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x75f90 | 0x25a8 | data | English | United States |
RT_ICON | 0x78538 | 0x10a8 | data | English | United States |
RT_ICON | 0x795e0 | 0x988 | data | English | United States |
RT_ICON | 0x79f68 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x7a3d0 | 0x668 | data | English | United States |
RT_ICON | 0x7aa38 | 0x2e8 | data | English | United States |
RT_ICON | 0x7ad20 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x7ae48 | 0xea8 | data | English | United States |
RT_ICON | 0x7bcf0 | 0x8a8 | data | English | United States |
RT_ICON | 0x7c598 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x7cb00 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x81030 | 0x25a8 | data | English | United States |
RT_ICON | 0x835d8 | 0x10a8 | data | English | United States |
RT_ICON | 0x84680 | 0x988 | data | English | United States |
RT_ICON | 0x85008 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x85470 | 0x668 | data | English | United States |
RT_ICON | 0x85ad8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x85dc0 | 0x1e8 | data | English | United States |
RT_ICON | 0x85fa8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x860d0 | 0xea8 | data | English | United States |
RT_ICON | 0x86f78 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x87820 | 0x6c8 | data | English | United States |
RT_ICON | 0x87ee8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x88450 | 0x25a8 | data | English | United States |
RT_ICON | 0x8a9f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x8baa0 | 0x988 | data | English | United States |
RT_ICON | 0x8c428 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x8c890 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x9ecb8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0xa38e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0xa7b08 | 0x25a8 | data | English | United States |
RT_ICON | 0xaa0b0 | 0x10a8 | data | English | United States |
RT_ICON | 0xab158 | 0xeb0 | data | English | United States |
RT_ICON | 0xac008 | 0x988 | data | English | United States |
RT_ICON | 0xac990 | 0x6b8 | data | English | United States |
RT_ICON | 0xad048 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xad4b0 | 0x668 | data | English | United States |
RT_ICON | 0xadb18 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xade00 | 0x1e8 | data | English | United States |
RT_ICON | 0xadfe8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xae110 | 0xea8 | data | English | United States |
RT_ICON | 0xaefb8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xaf860 | 0x6c8 | data | English | United States |
RT_ICON | 0xaff28 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb0490 | 0x25a8 | data | English | United States |
RT_ICON | 0xb2a38 | 0x10a8 | data | English | United States |
RT_ICON | 0xb3ae0 | 0x988 | data | English | United States |
RT_ICON | 0xb4468 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb48d0 | 0x668 | data | English | United States |
RT_ICON | 0xb4f38 | 0x2e8 | data | English | United States |
RT_ICON | 0xb5220 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb5348 | 0xea8 | data | English | United States |
RT_ICON | 0xb61f0 | 0x8a8 | data | English | United States |
RT_ICON | 0xb6a98 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb7000 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0xbb530 | 0x25a8 | data | English | United States |
RT_ICON | 0xbdad8 | 0x10a8 | data | English | United States |
RT_ICON | 0xbeb80 | 0x988 | data | English | United States |
RT_ICON | 0xbf508 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xbf970 | 0x668 | data | English | United States |
RT_ICON | 0xbffd8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xc02c0 | 0x1e8 | data | English | United States |
RT_ICON | 0xc04a8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc05d0 | 0xea8 | data | English | United States |
RT_ICON | 0xc1478 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xc1d20 | 0x6c8 | data | English | United States |
RT_ICON | 0xc23e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc2950 | 0x25a8 | data | English | United States |
RT_ICON | 0xc4ef8 | 0x10a8 | data | English | United States |
RT_ICON | 0xc5fa0 | 0x988 | data | English | United States |
RT_ICON | 0xc6928 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc6d90 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0xd91b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0xddde0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0xe2008 | 0x25a8 | data | English | United States |
RT_ICON | 0xe45b0 | 0x10a8 | data | English | United States |
RT_ICON | 0xe5658 | 0xeb0 | data | English | United States |
RT_ICON | 0xe6508 | 0x988 | data | English | United States |
RT_ICON | 0xe6e90 | 0x6b8 | data | English | United States |
RT_ICON | 0xe7548 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xe79b0 | 0x668 | data | English | United States |
RT_ICON | 0xe8018 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xe8300 | 0x1e8 | data | English | United States |
RT_ICON | 0xe84e8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xe8610 | 0xea8 | data | English | United States |
RT_ICON | 0xe94b8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xe9d60 | 0x6c8 | data | English | United States |
RT_ICON | 0xea428 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xea990 | 0x25a8 | data | English | United States |
RT_ICON | 0xecf38 | 0x10a8 | data | English | United States |
RT_ICON | 0xedfe0 | 0x988 | data | English | United States |
RT_ICON | 0xee968 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xeedd0 | 0x668 | data | English | United States |
RT_ICON | 0xef438 | 0x2e8 | data | English | United States |
RT_ICON | 0xef720 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xef848 | 0xea8 | data | English | United States |
RT_ICON | 0xf06f0 | 0x8a8 | data | English | United States |
RT_ICON | 0xf0f98 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf1500 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0xf5a30 | 0x25a8 | data | English | United States |
RT_ICON | 0xf7fd8 | 0x10a8 | data | English | United States |
RT_ICON | 0xf9080 | 0x988 | data | English | United States |
RT_ICON | 0xf9a08 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf9e70 | 0x668 | data | English | United States |
RT_ICON | 0xfa4d8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xfa7c0 | 0x1e8 | data | English | United States |
RT_ICON | 0xfa9a8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xfaad0 | 0xea8 | data | English | United States |
RT_ICON | 0xfb978 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xfc220 | 0x6c8 | data | English | United States |
RT_ICON | 0xfc8e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xfce50 | 0x25a8 | data | English | United States |
RT_ICON | 0xff3f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x1004a0 | 0x988 | data | English | United States |
RT_ICON | 0x100e28 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x101290 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x1136b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x1182e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x11c508 | 0x25a8 | data | English | United States |
RT_ICON | 0x11eab0 | 0x10a8 | data | English | United States |
RT_ICON | 0x11fb58 | 0xeb0 | data | English | United States |
RT_ICON | 0x120a08 | 0x988 | data | English | United States |
RT_ICON | 0x121390 | 0x6b8 | data | English | United States |
RT_ICON | 0x121a48 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x121eb0 | 0x668 | data | English | United States |
RT_ICON | 0x122518 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x122800 | 0x1e8 | data | English | United States |
RT_ICON | 0x1229e8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x122b10 | 0xea8 | data | English | United States |
RT_ICON | 0x1239b8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x124260 | 0x6c8 | data | English | United States |
RT_ICON | 0x124928 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x124e90 | 0x25a8 | data | English | United States |
RT_ICON | 0x127438 | 0x10a8 | data | English | United States |
RT_ICON | 0x1284e0 | 0x988 | data | English | United States |
RT_ICON | 0x128e68 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1292d0 | 0x668 | data | English | United States |
RT_ICON | 0x129938 | 0x2e8 | data | English | United States |
RT_ICON | 0x129c20 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x129d48 | 0xea8 | data | English | United States |
RT_ICON | 0x12abf0 | 0x8a8 | data | English | United States |
RT_ICON | 0x12b498 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x12ba00 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x12ff30 | 0x25a8 | data | English | United States |
RT_ICON | 0x1324d8 | 0x10a8 | data | English | United States |
RT_ICON | 0x133580 | 0x988 | data | English | United States |
RT_ICON | 0x133f08 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x134370 | 0x668 | data | English | United States |
RT_ICON | 0x1349d8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x134cc0 | 0x1e8 | data | English | United States |
RT_ICON | 0x134ea8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x134fd0 | 0xea8 | data | English | United States |
RT_ICON | 0x135e78 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x136720 | 0x6c8 | data | English | United States |
RT_ICON | 0x136de8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x137350 | 0x25a8 | data | English | United States |
RT_ICON | 0x1398f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x13a9a0 | 0x988 | data | English | United States |
RT_ICON | 0x13b328 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x13b790 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x14dbb8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x1527e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x156a08 | 0x25a8 | data | English | United States |
RT_ICON | 0x158fb0 | 0x10a8 | data | English | United States |
RT_ICON | 0x15a058 | 0xeb0 | data | English | United States |
RT_ICON | 0x15af08 | 0x988 | data | English | United States |
RT_ICON | 0x15b890 | 0x6b8 | data | English | United States |
RT_ICON | 0x15bf48 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x15c3b0 | 0x668 | data | English | United States |
RT_ICON | 0x15ca18 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x15cd00 | 0x1e8 | data | English | United States |
RT_ICON | 0x15cee8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x15d010 | 0xea8 | data | English | United States |
RT_ICON | 0x15deb8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x15e760 | 0x6c8 | data | English | United States |
RT_ICON | 0x15ee28 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x15f390 | 0x25a8 | data | English | United States |
RT_ICON | 0x161938 | 0x10a8 | data | English | United States |
RT_ICON | 0x1629e0 | 0x988 | data | English | United States |
RT_ICON | 0x163368 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1637d0 | 0x668 | data | English | United States |
RT_ICON | 0x163e38 | 0x2e8 | data | English | United States |
RT_ICON | 0x164120 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x164248 | 0xea8 | data | English | United States |
RT_ICON | 0x1650f0 | 0x8a8 | data | English | United States |
RT_ICON | 0x165998 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x165f00 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x16a430 | 0x25a8 | data | English | United States |
RT_ICON | 0x16c9d8 | 0x10a8 | data | English | United States |
RT_ICON | 0x16da80 | 0x988 | data | English | United States |
RT_ICON | 0x16e408 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x16e870 | 0x668 | data | English | United States |
RT_ICON | 0x16eed8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x16f1c0 | 0x1e8 | data | English | United States |
RT_ICON | 0x16f3a8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x16f4d0 | 0xea8 | data | English | United States |
RT_ICON | 0x170378 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x170c20 | 0x6c8 | data | English | United States |
RT_ICON | 0x1712e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x171850 | 0x25a8 | data | English | United States |
RT_ICON | 0x173df8 | 0x10a8 | data | English | United States |
RT_ICON | 0x174ea0 | 0x988 | data | English | United States |
RT_ICON | 0x175828 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x175c90 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x1880b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x18cce0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x190f08 | 0x25a8 | data | English | United States |
RT_ICON | 0x1934b0 | 0x10a8 | data | English | United States |
RT_ICON | 0x194558 | 0xeb0 | data | English | United States |
RT_ICON | 0x195408 | 0x988 | data | English | United States |
RT_ICON | 0x195d90 | 0x6b8 | data | English | United States |
RT_ICON | 0x196448 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1968b0 | 0x668 | data | English | United States |
RT_ICON | 0x196f18 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x197200 | 0x1e8 | data | English | United States |
RT_ICON | 0x1973e8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x197510 | 0xea8 | data | English | United States |
RT_ICON | 0x1983b8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x198c60 | 0x6c8 | data | English | United States |
RT_ICON | 0x199328 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x199890 | 0x25a8 | data | English | United States |
RT_ICON | 0x19be38 | 0x10a8 | data | English | United States |
RT_ICON | 0x19cee0 | 0x988 | data | English | United States |
RT_ICON | 0x19d868 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x19dcd0 | 0x668 | data | English | United States |
RT_ICON | 0x19e338 | 0x2e8 | data | English | United States |
RT_ICON | 0x19e620 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x19e748 | 0xea8 | data | English | United States |
RT_ICON | 0x19f5f0 | 0x8a8 | data | English | United States |
RT_ICON | 0x19fe98 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1a0400 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x1a4930 | 0x25a8 | data | English | United States |
RT_ICON | 0x1a6ed8 | 0x10a8 | data | English | United States |
RT_ICON | 0x1a7f80 | 0x988 | data | English | United States |
RT_ICON | 0x1a8908 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_GROUP_ICON | 0x1a8d70 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a8e20 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a8ea4 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a8f54 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a8ff4 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a90a4 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a9128 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a91d8 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a9278 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9328 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a93ac | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a945c | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a94fc | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a95ac | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a9630 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a96e0 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a9780 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9830 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a98b4 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9964 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a9a04 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9ab4 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a9b38 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9be8 | 0xa0 | data | English | United States |
RT_VERSION | 0x1a9c88 | 0x340 | data | English | United States |
RT_VERSION | 0x1a9fc8 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1aa2c0 | 0x344 | data | English | United States |
RT_VERSION | 0x1aa604 | 0x318 | data | English | United States |
RT_VERSION | 0x1aa91c | 0x340 | data | English | United States |
RT_VERSION | 0x1aac5c | 0x2f8 | data | English | United States |
RT_VERSION | 0x1aaf54 | 0x344 | data | English | United States |
RT_VERSION | 0x1ab298 | 0x318 | data | English | United States |
RT_VERSION | 0x1ab5b0 | 0x340 | data | English | United States |
RT_VERSION | 0x1ab8f0 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1abbe8 | 0x344 | data | English | United States |
RT_VERSION | 0x1abf2c | 0x318 | data | English | United States |
RT_VERSION | 0x1ac244 | 0x340 | data | English | United States |
RT_VERSION | 0x1ac584 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1ac87c | 0x344 | data | English | United States |
RT_VERSION | 0x1acbc0 | 0x318 | data | English | United States |
RT_VERSION | 0x1aced8 | 0x340 | data | English | United States |
RT_VERSION | 0x1ad218 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1ad510 | 0x344 | data | English | United States |
RT_VERSION | 0x1ad854 | 0x318 | data | English | United States |
RT_VERSION | 0x1adb6c | 0x340 | data | English | United States |
RT_VERSION | 0x1adeac | 0x2f8 | data | English | United States |
RT_VERSION | 0x1ae1a4 | 0x344 | data | English | United States |
RT_VERSION | 0x1ae4e8 | 0x318 | data | English | United States |
RT_MANIFEST | 0x1ae800 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1aef80 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1af1c8 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1af594 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1afd7c | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b04fc | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b0744 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b0b10 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b12f8 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b1a78 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b1cc0 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b208c | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b2874 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b2ff4 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b323c | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b3608 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b3df0 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b4570 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b47b8 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b4b84 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b536c | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b5aec | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b5d34 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b6100 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
advapi32.dll | RegDeleteKeyA, RegCreateKeyExA, RegQueryValueExA, RegCloseKey, RegEnumValueA, RegSetValueExA, RegDeleteValueA, RegEnumKeyA, RegOpenKeyExA |
comctl32.dll | ImageList_Destroy, ImageList_AddMasked, ImageList_Create |
gdi32.dll | GetDeviceCaps, SetBkColor, CreateBrushIndirect, CreateFontIndirectA, SetTextColor, SetBkMode, SelectObject, DeleteObject |
kernel32.dll | GetCommandLineA, CreateThread, LoadLibraryExA, GetFullPathNameA, SetFileAttributesA, GlobalUnlock, WaitForSingleObject, GetTempPathA, GlobalAlloc, GetTempFileNameA, VirtualProtect, GetFileAttributesA, GetProcAddress, GetSystemDirectoryA, Sleep, SearchPathA, GlobalLock, GetPrivateProfileStringA, GetDiskFreeSpaceA, GetCurrentDirectoryA, MultiByteToWideChar, MulDiv, FindClose, lstrcpynA, GetVersion, MoveFileA, SetErrorMode, GetCurrentProcess, FindFirstFileA, GetShortPathNameA, ExpandEnvironmentStringsA, SetFilePointer, GetFileSize, lstrcmpiA, FreeLibrary, GetTickCount, RemoveDirectoryA, ReadFile, CreateDirectoryA, ExitProcess, FindNextFileA, SetCurrentDirectoryA, LoadLibraryA, SetFileTime, CreateFileA, lstrlenA, lstrcmpA, GetModuleHandleA, GetModuleFileNameA, DeleteFileA, WriteFile, CloseHandle, CompareFileTime, lstrcatA, GlobalFree, GetWindowsDirectoryA, WritePrivateProfileStringA, CopyFileA, CreateProcessA, GetExitCodeProcess, GetLastError |
ole32.dll | CoTaskMemFree, OleInitialize, CoCreateInstance, OleUninitialize |
shell32.dll | SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHGetSpecialFolderLocation, ShellExecuteA, SHFileOperationA |
user32.dll | IsWindowVisible, DispatchMessageA, SendMessageTimeoutA, CreateWindowExA, GetClientRect, SetWindowPos, SystemParametersInfoA, LoadBitmapA, CharPrevA, EndPaint, DestroyWindow, EnableMenuItem, AppendMenuA, ShowWindow, SetWindowLongA, InvalidateRect, EnableWindow, OpenClipboard, EmptyClipboard, GetMessagePos, SendMessageA, ExitWindowsEx, IsWindowEnabled, BeginPaint, GetSysColor, PostQuitMessage, GetSystemMetrics, MessageBoxIndirectA, SetDlgItemTextA, EndDialog, SetClassLongA, GetDC, DefWindowProcA, CloseClipboard, GetDlgItemTextA, SetForegroundWindow, FillRect, LoadCursorA, CharNextA, IsWindow, GetSystemMenu, CreateDialogParamA, GetWindowRect, RegisterClassA, GetWindowLongA, DrawTextA, FindWindowExA, CheckDlgButton, TrackPopupMenu, wsprintfA, DialogBoxParamA, CreatePopupMenu, SetCursor, SetWindowTextA, ScreenToClient, LoadImageA, SetClipboardData |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
DllRegisterServer | 1 | 0x1002513f |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright 2016 Symantec Corporation. All rights reserved. |
InternalName | SymErr |
FileVersion | 7.6.2.5 |
CompanyName | Symantec Corporation |
ProductName | Symantec Shared Component |
ProductVersion | 7.6 |
FileDescription | Symantec Error Reporting |
OriginalFilename | SymErr.exe |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 14, 2021 10:21:27.900134087 CET | 49789 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:27.900198936 CET | 443 | 49789 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:27.900322914 CET | 49789 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:27.901295900 CET | 49789 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:27.901324987 CET | 443 | 49789 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.024019957 CET | 49790 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.024051905 CET | 443 | 49790 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.024136066 CET | 49790 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.024764061 CET | 49790 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.024785042 CET | 443 | 49790 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.052880049 CET | 443 | 49789 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.056920052 CET | 49791 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.057018042 CET | 443 | 49791 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.057200909 CET | 49791 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.058237076 CET | 49791 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.058257103 CET | 443 | 49791 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.123307943 CET | 49792 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.123363972 CET | 443 | 49792 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.123461962 CET | 49792 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.124365091 CET | 49792 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.124394894 CET | 443 | 49792 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.175709963 CET | 443 | 49790 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.180037022 CET | 49793 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.180089951 CET | 443 | 49793 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.180481911 CET | 49793 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.182934046 CET | 49793 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.182969093 CET | 443 | 49793 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.208842039 CET | 443 | 49791 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.211349010 CET | 49794 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.211389065 CET | 443 | 49794 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.211477995 CET | 49794 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.212294102 CET | 49794 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.212321043 CET | 443 | 49794 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.275163889 CET | 443 | 49792 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.276987076 CET | 49795 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.277040005 CET | 443 | 49795 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.277153015 CET | 49795 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.278369904 CET | 49795 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.278393030 CET | 443 | 49795 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.333843946 CET | 443 | 49793 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.335545063 CET | 49796 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.335588932 CET | 443 | 49796 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.335671902 CET | 49796 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.336436033 CET | 49796 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.336460114 CET | 443 | 49796 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.362796068 CET | 443 | 49794 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.364227057 CET | 49797 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.364257097 CET | 443 | 49797 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.364918947 CET | 49797 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.368439913 CET | 49797 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.368453979 CET | 443 | 49797 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.429214001 CET | 443 | 49795 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.430900097 CET | 49798 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.430928946 CET | 443 | 49798 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.431081057 CET | 49798 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.438911915 CET | 49798 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.438926935 CET | 443 | 49798 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.486751080 CET | 443 | 49796 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.488133907 CET | 49799 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.488176107 CET | 443 | 49799 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.488295078 CET | 49799 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.489048958 CET | 49799 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.489072084 CET | 443 | 49799 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.518722057 CET | 443 | 49797 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.589646101 CET | 443 | 49798 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.591161013 CET | 49800 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.591188908 CET | 443 | 49800 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.591268063 CET | 49800 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.592097044 CET | 49800 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.592108965 CET | 443 | 49800 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.637002945 CET | 49801 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.637041092 CET | 443 | 49801 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.637135983 CET | 49801 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.637778997 CET | 49801 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.637794018 CET | 443 | 49801 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.639578104 CET | 443 | 49799 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.743098974 CET | 443 | 49800 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.787904024 CET | 443 | 49801 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.789566994 CET | 49802 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.789603949 CET | 443 | 49802 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.789686918 CET | 49802 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.790296078 CET | 49802 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.790307999 CET | 443 | 49802 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.940563917 CET | 443 | 49802 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.942121983 CET | 49804 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.942163944 CET | 443 | 49804 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.942245007 CET | 49804 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.942936897 CET | 49804 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.942955971 CET | 443 | 49804 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:29.093247890 CET | 443 | 49804 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:29.094662905 CET | 49805 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:29.094701052 CET | 443 | 49805 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:29.097589970 CET | 49805 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:29.098216057 CET | 49805 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:29.098229885 CET | 443 | 49805 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:29.248668909 CET | 443 | 49805 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:38.708416939 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.708446980 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.708522081 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.709014893 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.709026098 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.812561035 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.812678099 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.818627119 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.818644047 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.818837881 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.821546078 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.868865013 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.895740032 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.895788908 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.895823956 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.895881891 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.895908117 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.895921946 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.895970106 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.896814108 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.896878004 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.896907091 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.896925926 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.896939039 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.896982908 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.919553995 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.919608116 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.919663906 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.919684887 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.919723034 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.919763088 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.920202017 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.920242071 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.920300961 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.920322895 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.920331955 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.920371056 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.920844078 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.920913935 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.920945883 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.920960903 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.921022892 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.943222046 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.943335056 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.943341017 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.943401098 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.943459034 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.943470001 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.943770885 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.943866014 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.943867922 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.943922043 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.943957090 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.943969965 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.945060968 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.945126057 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.945135117 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.945178032 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.945194006 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.945215940 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.945285082 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.945322990 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.945354939 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.945370913 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.945380926 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.945413113 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.945445061 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.945621014 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.945666075 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.945712090 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.945723057 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.945758104 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.945776939 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.946294069 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.946332932 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.946379900 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.946394920 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.946429968 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.946451902 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.946983099 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.947024107 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.947072029 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.947086096 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.947117090 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.947139025 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.956989050 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.957047939 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.957148075 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.957725048 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.957755089 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.966953039 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.967008114 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.967073917 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.967087030 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.967103958 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.967129946 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.967206001 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.967363119 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.967434883 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.967904091 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.967917919 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.045392990 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.045533895 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.047442913 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.047477007 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.048007965 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.050126076 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.092864990 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.095210075 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.095249891 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.095319986 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.095864058 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.095892906 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.136797905 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.136888981 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.136944056 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.136993885 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.137047052 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.137068033 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.137155056 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.137592077 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.137648106 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.137692928 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.137712002 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.137728930 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.137762070 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.160866022 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.160929918 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.161022902 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.161073923 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.161093950 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.161140919 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.161875010 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.161921024 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.161966085 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.161979914 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.162035942 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.162045956 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.162628889 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.162668943 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.162754059 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.162770033 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.162823915 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.174510002 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.174618006 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.176249027 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.176270008 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.176887035 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.178611994 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.184570074 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.184639931 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.184688091 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.184720993 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.184741020 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.185272932 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.185314894 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.185360909 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.185378075 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.185395002 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.185935974 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.185975075 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.186021090 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.186048031 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.186075926 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.186110020 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.186441898 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.186482906 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.186532021 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.186547995 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.186564922 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.187046051 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.187084913 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.187138081 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.187154055 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.187175989 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.187221050 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.188011885 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.188050032 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.188102007 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.188119888 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.188142061 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.188179016 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.188937902 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.188981056 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.189028978 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.189043999 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.189091921 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.189105034 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.195647001 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.208705902 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.208759069 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.208823919 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.208841085 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.208882093 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.208888054 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.208890915 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.209031105 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.209109068 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.209394932 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.209427118 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.209445000 CET | 49813 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.209458113 CET | 443 | 49813 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.220905066 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.226923943 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.226979971 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.227076054 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.227619886 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.227648020 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.258375883 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.258434057 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.258536100 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.258575916 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.258680105 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.259692907 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.259748936 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.259808064 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.259835005 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.259850979 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.259903908 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.282447100 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.282505989 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.282553911 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.282582045 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.282601118 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.282658100 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.284025908 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.284064054 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.284125090 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.284142017 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.284174919 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.284919977 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.284960032 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.285021067 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.285038948 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.285053015 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.285933971 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.305588961 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.305641890 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.305763006 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.305788040 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.305818081 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.305897951 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.305903912 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.305944920 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.306397915 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.306437969 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.306490898 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.306508064 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.306539059 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.306572914 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.306974888 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.307017088 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.307080030 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.307096004 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.307112932 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.307187080 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.307637930 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.307673931 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.307723999 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.307743073 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.307774067 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.307801008 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.307817936 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.307898998 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.308372021 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.308706999 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.308746099 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.308808088 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.308830023 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.308851004 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.308887959 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.309483051 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.309523106 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.309588909 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.309609890 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.309633017 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.309674025 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.310422897 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.322355986 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.322402000 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.322501898 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.322987080 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.323014975 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.329354048 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.329412937 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.329461098 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.329483986 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.329540014 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.329560041 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.329663038 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.329701900 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.329783916 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.329802036 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.329874992 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.329878092 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.329938889 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.330358028 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.330379009 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.330447912 CET | 49814 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.330462933 CET | 443 | 49814 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.352863073 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.388778925 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.388822079 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.388885975 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.388916016 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.388952017 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.388976097 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.389036894 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.389807940 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.389849901 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.389935970 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.389954090 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.389997959 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.390011072 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.401732922 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.401771069 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.401864052 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.402520895 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.402549028 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.403845072 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.403939962 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.405621052 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.405631065 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.406097889 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.407932043 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.412658930 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.412718058 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.412772894 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.412792921 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.412821054 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.412841082 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.413609982 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.413650036 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.413717985 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.413732052 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.413779974 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.413794041 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.415193081 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.415232897 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.415308952 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.415323973 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.415366888 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.415380001 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.435996056 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.436043978 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.436110020 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.436125040 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.436172962 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.436197042 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.436434031 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.436475039 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.436531067 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.436547995 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.436573982 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.436614037 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.437021017 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.437062979 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.437107086 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.437120914 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.437151909 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.437167883 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.438282013 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.438321114 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.438381910 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.438394070 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.438436985 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.438456059 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.438683033 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.438724041 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.438772917 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.438787937 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.438823938 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.438843012 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.439093113 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.439132929 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.439178944 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.439189911 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.439229965 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.439241886 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.440414906 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.440454960 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.440512896 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.440527916 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.440563917 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.440579891 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.448872089 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.459743023 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.459786892 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.460012913 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.460031033 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.460253954 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.460292101 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.460295916 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.460304976 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.460325003 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.460391998 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.460465908 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.460686922 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.460728884 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.460908890 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.460923910 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.461033106 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.461131096 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.461169958 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.461236954 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.461247921 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.461340904 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.461405993 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.461504936 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.461519003 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.461540937 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.461672068 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.461689949 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.465207100 CET | 49815 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.465233088 CET | 443 | 49815 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.484955072 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.485085964 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.487296104 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.487332106 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.487806082 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.489798069 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.499596119 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.499648094 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.499699116 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.499754906 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.499779940 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.499799013 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.499886036 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.500494957 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.500535965 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.500585079 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.500605106 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.500636101 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.500657082 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.523483992 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.523538113 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.523596048 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.523622036 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.523643017 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.523869038 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.524446011 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.524487019 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.524611950 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.524636030 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.524770975 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.524959087 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.526329994 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.526375055 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.526498079 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.526520967 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.526536942 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.526603937 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.532861948 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.546981096 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.547039032 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.547087908 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.547122002 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.547173023 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.547180891 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.547393084 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.547435045 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.547473907 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.547487974 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.547529936 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.547583103 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.548878908 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.548924923 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.548985004 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.549001932 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.549014091 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.549280882 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.549351931 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.549392939 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.549460888 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.549474955 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.549484968 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.549542904 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.549851894 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.549891949 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.549978971 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.549993992 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.550004959 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.550365925 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.551050901 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.551090002 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.551139116 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.551155090 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.551188946 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.551219940 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.555684090 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.555726051 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.555846930 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.555864096 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.555877924 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.556050062 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.571001053 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.571058035 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.571173906 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.571203947 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.571239948 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.571254969 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.571263075 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.571309090 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.571513891 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.571659088 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.571676016 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.571685076 CET | 49816 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.571691990 CET | 443 | 49816 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.585860014 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.585910082 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.585948944 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.585994005 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.586039066 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.586059093 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.586107969 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.586832047 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.586870909 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.586911917 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.586925983 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.586956024 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.586978912 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.609600067 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.609653950 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.609700918 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.609720945 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.609762907 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.609776974 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.610551119 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.610588074 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.610630989 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.610644102 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.610691071 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.610727072 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.611474037 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.611512899 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.611558914 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.611573935 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.611603975 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.611622095 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.633047104 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.633090019 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.633099079 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.633161068 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.633163929 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.633182049 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.633198977 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.633248091 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.633291006 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.633626938 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.633666039 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.633745909 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.633763075 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.633774042 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.633829117 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.634150982 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.634179115 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.634579897 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.634615898 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.634681940 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.634694099 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.634732008 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.634757996 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.635075092 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.635129929 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.635189056 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.635201931 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.635267019 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.635274887 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.635920048 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.635962009 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.636034966 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.636048079 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.636099100 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.636106968 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.636914015 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.636955976 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.637008905 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.637022018 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.637068033 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.637085915 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.637578011 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.637618065 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.637674093 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.637686968 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.637725115 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.637751102 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.657089949 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.657135963 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.657207012 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.657233000 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.657277107 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.657406092 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.657493114 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.657530069 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.657613993 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.657627106 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.657658100 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.657706976 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.658324003 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.658361912 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.658411026 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.658422947 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.658458948 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.658555984 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.658915997 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.658956051 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.659167051 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.659183025 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.659279108 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.659838915 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.659864902 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.659899950 CET | 49817 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.659912109 CET | 443 | 49817 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.713520050 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.713650942 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.715202093 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.715219975 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.715676069 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.718283892 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.750345945 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.750397921 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.750510931 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.750963926 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.750997066 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.760863066 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.789665937 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.789716959 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.789763927 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.789885044 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.789927006 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.789954901 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.790030003 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.791812897 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.791856050 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.791924953 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.791945934 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.791990995 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.792098045 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.813865900 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.813920975 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.814013958 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.814038992 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.814064980 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.814196110 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.816654921 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.816696882 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.816768885 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.816787958 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.816812038 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.816867113 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.817365885 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.817392111 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.817486048 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.817506075 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.817528963 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.817555904 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.830785990 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.830928087 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.832468033 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.832488060 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.832977057 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.837209940 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.837260008 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.837357998 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.837374926 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.837435961 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.837451935 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.838043928 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.838083982 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.838140965 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.838155031 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.838238001 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.838252068 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.839551926 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.839591026 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.839657068 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.839670897 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.839689970 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.840059042 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.841238976 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.841279030 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.841348886 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.841365099 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.841383934 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.841459990 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.842237949 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.842276096 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.842333078 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.842348099 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.842377901 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.842418909 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.843292952 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.843332052 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.843410015 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.843422890 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.843468904 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.843486071 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.861192942 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.861243963 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.861326933 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.861342907 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.861394882 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.861406088 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.861552954 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.861593962 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.861665010 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.861682892 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.861712933 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.861733913 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.862003088 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.862041950 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.862112045 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.862127066 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.862145901 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.862176895 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.862404108 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.862440109 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.862495899 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.862514019 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.862533092 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.862581968 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.863373995 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.863413095 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.863481045 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.863492966 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.863516092 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.863534927 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.863564968 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.863666058 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.863895893 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.864196062 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.865024090 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.865048885 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.865123034 CET | 49819 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.865138054 CET | 443 | 49819 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.904871941 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.925302982 CET | 49821 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.925340891 CET | 443 | 49821 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.925645113 CET | 49821 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.926302910 CET | 49821 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.926326036 CET | 443 | 49821 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.945446014 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.945509911 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.945528984 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.945565939 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.945583105 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.945585966 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.945605993 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.945646048 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.945658922 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.945686102 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.945735931 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.946459055 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.946521044 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.946567059 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.946605921 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.946643114 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.946715117 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.969054937 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.969101906 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.969177008 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.969198942 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.969238997 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.969269037 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.970139980 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.970256090 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.970276117 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.970376968 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.970979929 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.971021891 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.971066952 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.971080065 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.971219063 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.971302986 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.992409945 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.992444038 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.992516994 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.992537022 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.992579937 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.992604017 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.993185043 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.993206024 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.993280888 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.993297100 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.993346930 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.994023085 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.994050980 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.994102001 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.994112968 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.994148970 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.994185925 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.994430065 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.994457960 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.994514942 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.994524956 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.994565964 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.994640112 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.995099068 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.995126009 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.995187044 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.995197058 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.995353937 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.995358944 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.995440960 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.995469093 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.995528936 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.995538950 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:39.995560884 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:39.995583057 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.013417959 CET | 443 | 49821 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.013533115 CET | 49821 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.015100956 CET | 49821 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.015117884 CET | 443 | 49821 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.015575886 CET | 443 | 49821 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.016118050 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.016175032 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.016231060 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.016243935 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.016259909 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.016288042 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.016438961 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.016479969 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.016514063 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.016522884 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.016551018 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.016572952 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.016916037 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.016973019 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.016999006 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.017008066 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.017055035 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.017076015 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.017349958 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.017401934 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.017422915 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.017429113 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.017461061 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.017482996 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.017869949 CET | 49821 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.018013954 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.018054008 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.018167019 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.018176079 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.018184900 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.018189907 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.018250942 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.018253088 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.018332958 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.019790888 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.021358013 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.021373987 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.021435022 CET | 49820 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.021445036 CET | 443 | 49820 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.036642075 CET | 49822 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.036705971 CET | 443 | 49822 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.036819935 CET | 49822 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.037522078 CET | 49822 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.037543058 CET | 443 | 49822 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.064874887 CET | 443 | 49821 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.079672098 CET | 443 | 49821 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.079788923 CET | 443 | 49821 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.079900980 CET | 443 | 49821 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.079957008 CET | 49821 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.080010891 CET | 49821 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.080570936 CET | 49821 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.080594063 CET | 443 | 49821 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.080688000 CET | 49821 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.080698967 CET | 443 | 49821 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.119164944 CET | 443 | 49822 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.119303942 CET | 49822 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.121375084 CET | 49822 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.121393919 CET | 443 | 49822 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.121696949 CET | 443 | 49822 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.123877048 CET | 49822 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.164869070 CET | 443 | 49822 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.202713966 CET | 443 | 49822 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.202754974 CET | 443 | 49822 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.202840090 CET | 443 | 49822 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.202900887 CET | 49822 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.204139948 CET | 49822 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.204320908 CET | 49822 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.204350948 CET | 443 | 49822 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.204624891 CET | 49822 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.204637051 CET | 443 | 49822 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.510907888 CET | 49823 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.510943890 CET | 443 | 49823 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.511760950 CET | 49823 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.511806011 CET | 49823 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.511816025 CET | 443 | 49823 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.590121031 CET | 443 | 49823 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.590529919 CET | 49823 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.591964006 CET | 49823 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.591984034 CET | 443 | 49823 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.592453003 CET | 443 | 49823 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.594264984 CET | 49823 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.636878967 CET | 443 | 49823 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.662166119 CET | 443 | 49823 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.662188053 CET | 443 | 49823 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.662326097 CET | 443 | 49823 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.662374973 CET | 49823 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.662494898 CET | 49823 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.662801981 CET | 49823 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.662818909 CET | 443 | 49823 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.662827015 CET | 49823 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.662837982 CET | 443 | 49823 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.839658976 CET | 49825 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.839715958 CET | 443 | 49825 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.839895010 CET | 49825 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.843355894 CET | 49825 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.843389034 CET | 443 | 49825 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.922907114 CET | 443 | 49825 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.923186064 CET | 49825 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.925105095 CET | 49825 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.925117016 CET | 443 | 49825 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.925614119 CET | 443 | 49825 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.929003000 CET | 49825 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.972866058 CET | 443 | 49825 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.977659941 CET | 443 | 49825 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.977699041 CET | 443 | 49825 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.977782965 CET | 443 | 49825 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.977938890 CET | 49825 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.978286982 CET | 49825 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.978313923 CET | 443 | 49825 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:40.978327036 CET | 49825 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:40.978338957 CET | 443 | 49825 | 79.110.52.144 | 192.168.2.6 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 14, 2021 10:21:27.879158020 CET | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:27.897459030 CET | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:28.005357981 CET | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:28.022103071 CET | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:28.100939989 CET | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:28.121263027 CET | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:28.618268013 CET | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:28.635057926 CET | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:38.683651924 CET | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:38.706058979 CET | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:38.937886000 CET | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:38.955063105 CET | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.074219942 CET | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.093746901 CET | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.206109047 CET | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.223566055 CET | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.301306009 CET | 54683 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.320144892 CET | 53 | 54683 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.382054090 CET | 59329 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.399878979 CET | 53 | 59329 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.611248016 CET | 64021 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.629395008 CET | 53 | 64021 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.729481936 CET | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.748024940 CET | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.907537937 CET | 58177 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.923528910 CET | 53 | 58177 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:40.019191027 CET | 50700 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:40.035238981 CET | 53 | 50700 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:40.492409945 CET | 54069 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:40.508769035 CET | 53 | 54069 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:40.775444984 CET | 61178 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:40.791791916 CET | 53 | 61178 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:22:41.757524967 CET | 55181 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:22:41.773610115 CET | 53 | 55181 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:22:41.779015064 CET | 55182 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:22:41.797523975 CET | 53 | 55182 | 8.8.8.8 | 192.168.2.6 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Dec 14, 2021 10:21:27.879158020 CET | 192.168.2.6 | 8.8.8.8 | 0xe710 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:28.005357981 CET | 192.168.2.6 | 8.8.8.8 | 0x8816 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:28.100939989 CET | 192.168.2.6 | 8.8.8.8 | 0x9c94 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:28.618268013 CET | 192.168.2.6 | 8.8.8.8 | 0x9cd0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:38.683651924 CET | 192.168.2.6 | 8.8.8.8 | 0x766e | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:38.937886000 CET | 192.168.2.6 | 8.8.8.8 | 0x1f47 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.074219942 CET | 192.168.2.6 | 8.8.8.8 | 0x1098 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.206109047 CET | 192.168.2.6 | 8.8.8.8 | 0x3ff7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.301306009 CET | 192.168.2.6 | 8.8.8.8 | 0x48be | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.382054090 CET | 192.168.2.6 | 8.8.8.8 | 0xc3c5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.611248016 CET | 192.168.2.6 | 8.8.8.8 | 0xdf42 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.729481936 CET | 192.168.2.6 | 8.8.8.8 | 0xbf7b | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.907537937 CET | 192.168.2.6 | 8.8.8.8 | 0xd2f2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:40.019191027 CET | 192.168.2.6 | 8.8.8.8 | 0xbbba | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:40.492409945 CET | 192.168.2.6 | 8.8.8.8 | 0x1433 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:40.775444984 CET | 192.168.2.6 | 8.8.8.8 | 0xe94f | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:22:41.757524967 CET | 192.168.2.6 | 8.8.8.8 | 0x1 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Dec 14, 2021 10:22:41.779015064 CET | 192.168.2.6 | 8.8.8.8 | 0x2 | Standard query (0) | PTR (Pointer record) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Dec 14, 2021 10:21:27.897459030 CET | 8.8.8.8 | 192.168.2.6 | 0xe710 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 10:21:27.897459030 CET | 8.8.8.8 | 192.168.2.6 | 0xe710 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:27.897459030 CET | 8.8.8.8 | 192.168.2.6 | 0xe710 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:27.897459030 CET | 8.8.8.8 | 192.168.2.6 | 0xe710 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.022103071 CET | 8.8.8.8 | 192.168.2.6 | 0x8816 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.022103071 CET | 8.8.8.8 | 192.168.2.6 | 0x8816 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.022103071 CET | 8.8.8.8 | 192.168.2.6 | 0x8816 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.022103071 CET | 8.8.8.8 | 192.168.2.6 | 0x8816 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.121263027 CET | 8.8.8.8 | 192.168.2.6 | 0x9c94 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.121263027 CET | 8.8.8.8 | 192.168.2.6 | 0x9c94 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.121263027 CET | 8.8.8.8 | 192.168.2.6 | 0x9c94 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.121263027 CET | 8.8.8.8 | 192.168.2.6 | 0x9c94 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.635057926 CET | 8.8.8.8 | 192.168.2.6 | 0x9cd0 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.635057926 CET | 8.8.8.8 | 192.168.2.6 | 0x9cd0 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.635057926 CET | 8.8.8.8 | 192.168.2.6 | 0x9cd0 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.635057926 CET | 8.8.8.8 | 192.168.2.6 | 0x9cd0 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:38.706058979 CET | 8.8.8.8 | 192.168.2.6 | 0x766e | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:38.955063105 CET | 8.8.8.8 | 192.168.2.6 | 0x1f47 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.093746901 CET | 8.8.8.8 | 192.168.2.6 | 0x1098 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.223566055 CET | 8.8.8.8 | 192.168.2.6 | 0x3ff7 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.320144892 CET | 8.8.8.8 | 192.168.2.6 | 0x48be | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.399878979 CET | 8.8.8.8 | 192.168.2.6 | 0xc3c5 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.629395008 CET | 8.8.8.8 | 192.168.2.6 | 0xdf42 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.748024940 CET | 8.8.8.8 | 192.168.2.6 | 0xbf7b | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.923528910 CET | 8.8.8.8 | 192.168.2.6 | 0xd2f2 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:40.035238981 CET | 8.8.8.8 | 192.168.2.6 | 0xbbba | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:40.508769035 CET | 8.8.8.8 | 192.168.2.6 | 0x1433 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:40.791791916 CET | 8.8.8.8 | 192.168.2.6 | 0xe94f | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:22:41.773610115 CET | 8.8.8.8 | 192.168.2.6 | 0x1 | No error (0) | PTR (Pointer record) | IN (0x0001) | |||
Dec 14, 2021 10:22:41.797523975 CET | 8.8.8.8 | 192.168.2.6 | 0x2 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49812 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:38 UTC | 0 | OUT | |
2021-12-14 09:21:38 UTC | 0 | IN | |
2021-12-14 09:21:38 UTC | 0 | IN | |
2021-12-14 09:21:38 UTC | 16 | IN | |
2021-12-14 09:21:38 UTC | 32 | IN | |
2021-12-14 09:21:38 UTC | 48 | IN | |
2021-12-14 09:21:38 UTC | 64 | IN | |
2021-12-14 09:21:38 UTC | 80 | IN | |
2021-12-14 09:21:38 UTC | 96 | IN | |
2021-12-14 09:21:38 UTC | 112 | IN | |
2021-12-14 09:21:38 UTC | 128 | IN | |
2021-12-14 09:21:38 UTC | 144 | IN | |
2021-12-14 09:21:38 UTC | 160 | IN | |
2021-12-14 09:21:38 UTC | 176 | IN | |
2021-12-14 09:21:38 UTC | 192 | IN | |
2021-12-14 09:21:38 UTC | 208 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.6 | 49813 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 209 | OUT | |
2021-12-14 09:21:39 UTC | 209 | IN | |
2021-12-14 09:21:39 UTC | 210 | IN | |
2021-12-14 09:21:39 UTC | 225 | IN | |
2021-12-14 09:21:39 UTC | 241 | IN | |
2021-12-14 09:21:39 UTC | 257 | IN | |
2021-12-14 09:21:39 UTC | 273 | IN | |
2021-12-14 09:21:39 UTC | 290 | IN | |
2021-12-14 09:21:39 UTC | 306 | IN | |
2021-12-14 09:21:39 UTC | 322 | IN | |
2021-12-14 09:21:39 UTC | 338 | IN | |
2021-12-14 09:21:39 UTC | 354 | IN | |
2021-12-14 09:21:39 UTC | 370 | IN | |
2021-12-14 09:21:39 UTC | 386 | IN | |
2021-12-14 09:21:39 UTC | 402 | IN | |
2021-12-14 09:21:39 UTC | 418 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.6 | 49823 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:40 UTC | 1895 | OUT | |
2021-12-14 09:21:40 UTC | 1896 | IN | |
2021-12-14 09:21:40 UTC | 1896 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.6 | 49825 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:40 UTC | 1898 | OUT | |
2021-12-14 09:21:40 UTC | 1898 | IN | |
2021-12-14 09:21:40 UTC | 1899 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.6 | 49814 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 289 | OUT | |
2021-12-14 09:21:39 UTC | 419 | IN | |
2021-12-14 09:21:39 UTC | 419 | IN | |
2021-12-14 09:21:39 UTC | 435 | IN | |
2021-12-14 09:21:39 UTC | 451 | IN | |
2021-12-14 09:21:39 UTC | 467 | IN | |
2021-12-14 09:21:39 UTC | 483 | IN | |
2021-12-14 09:21:39 UTC | 499 | IN | |
2021-12-14 09:21:39 UTC | 515 | IN | |
2021-12-14 09:21:39 UTC | 531 | IN | |
2021-12-14 09:21:39 UTC | 547 | IN | |
2021-12-14 09:21:39 UTC | 563 | IN | |
2021-12-14 09:21:39 UTC | 579 | IN | |
2021-12-14 09:21:39 UTC | 595 | IN | |
2021-12-14 09:21:39 UTC | 611 | IN | |
2021-12-14 09:21:39 UTC | 627 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.6 | 49815 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 595 | OUT | |
2021-12-14 09:21:39 UTC | 629 | IN | |
2021-12-14 09:21:39 UTC | 629 | IN | |
2021-12-14 09:21:39 UTC | 645 | IN | |
2021-12-14 09:21:39 UTC | 661 | IN | |
2021-12-14 09:21:39 UTC | 677 | IN | |
2021-12-14 09:21:39 UTC | 693 | IN | |
2021-12-14 09:21:39 UTC | 709 | IN | |
2021-12-14 09:21:39 UTC | 725 | IN | |
2021-12-14 09:21:39 UTC | 741 | IN | |
2021-12-14 09:21:39 UTC | 757 | IN | |
2021-12-14 09:21:39 UTC | 773 | IN | |
2021-12-14 09:21:39 UTC | 789 | IN | |
2021-12-14 09:21:39 UTC | 805 | IN | |
2021-12-14 09:21:39 UTC | 821 | IN | |
2021-12-14 09:21:39 UTC | 837 | IN | |
2021-12-14 09:21:39 UTC | 853 | IN | |
2021-12-14 09:21:39 UTC | 869 | IN | |
2021-12-14 09:21:39 UTC | 885 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.6 | 49816 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 661 | OUT | |
2021-12-14 09:21:39 UTC | 892 | IN | |
2021-12-14 09:21:39 UTC | 892 | IN | |
2021-12-14 09:21:39 UTC | 908 | IN | |
2021-12-14 09:21:39 UTC | 924 | IN | |
2021-12-14 09:21:39 UTC | 940 | IN | |
2021-12-14 09:21:39 UTC | 956 | IN | |
2021-12-14 09:21:39 UTC | 972 | IN | |
2021-12-14 09:21:39 UTC | 988 | IN | |
2021-12-14 09:21:39 UTC | 1004 | IN | |
2021-12-14 09:21:39 UTC | 1020 | IN | |
2021-12-14 09:21:39 UTC | 1036 | IN | |
2021-12-14 09:21:39 UTC | 1052 | IN | |
2021-12-14 09:21:39 UTC | 1068 | IN | |
2021-12-14 09:21:39 UTC | 1084 | IN | |
2021-12-14 09:21:39 UTC | 1100 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.6 | 49817 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 892 | OUT | |
2021-12-14 09:21:39 UTC | 1101 | IN | |
2021-12-14 09:21:39 UTC | 1102 | IN | |
2021-12-14 09:21:39 UTC | 1117 | IN | |
2021-12-14 09:21:39 UTC | 1133 | IN | |
2021-12-14 09:21:39 UTC | 1149 | IN | |
2021-12-14 09:21:39 UTC | 1165 | IN | |
2021-12-14 09:21:39 UTC | 1181 | IN | |
2021-12-14 09:21:39 UTC | 1197 | IN | |
2021-12-14 09:21:39 UTC | 1213 | IN | |
2021-12-14 09:21:39 UTC | 1229 | IN | |
2021-12-14 09:21:39 UTC | 1245 | IN | |
2021-12-14 09:21:39 UTC | 1261 | IN | |
2021-12-14 09:21:39 UTC | 1277 | IN | |
2021-12-14 09:21:39 UTC | 1293 | IN | |
2021-12-14 09:21:39 UTC | 1309 | IN | |
2021-12-14 09:21:39 UTC | 1325 | IN | |
2021-12-14 09:21:39 UTC | 1341 | IN | |
2021-12-14 09:21:39 UTC | 1357 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.6 | 49819 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 1364 | OUT | |
2021-12-14 09:21:39 UTC | 1364 | IN | |
2021-12-14 09:21:39 UTC | 1365 | IN | |
2021-12-14 09:21:39 UTC | 1380 | IN | |
2021-12-14 09:21:39 UTC | 1396 | IN | |
2021-12-14 09:21:39 UTC | 1412 | IN | |
2021-12-14 09:21:39 UTC | 1428 | IN | |
2021-12-14 09:21:39 UTC | 1444 | IN | |
2021-12-14 09:21:39 UTC | 1460 | IN | |
2021-12-14 09:21:39 UTC | 1476 | IN | |
2021-12-14 09:21:39 UTC | 1492 | IN | |
2021-12-14 09:21:39 UTC | 1508 | IN | |
2021-12-14 09:21:39 UTC | 1524 | IN | |
2021-12-14 09:21:39 UTC | 1540 | IN | |
2021-12-14 09:21:39 UTC | 1556 | IN | |
2021-12-14 09:21:39 UTC | 1572 | IN | |
2021-12-14 09:21:39 UTC | 1588 | IN | |
2021-12-14 09:21:39 UTC | 1604 | IN | |
2021-12-14 09:21:39 UTC | 1620 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.6 | 49820 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 1627 | OUT | |
2021-12-14 09:21:39 UTC | 1627 | IN | |
2021-12-14 09:21:39 UTC | 1628 | IN | |
2021-12-14 09:21:39 UTC | 1643 | IN | |
2021-12-14 09:21:39 UTC | 1659 | IN | |
2021-12-14 09:21:39 UTC | 1675 | IN | |
2021-12-14 09:21:39 UTC | 1691 | IN | |
2021-12-14 09:21:39 UTC | 1707 | IN | |
2021-12-14 09:21:39 UTC | 1723 | IN | |
2021-12-14 09:21:39 UTC | 1739 | IN | |
2021-12-14 09:21:39 UTC | 1755 | IN | |
2021-12-14 09:21:39 UTC | 1771 | IN | |
2021-12-14 09:21:39 UTC | 1787 | IN | |
2021-12-14 09:21:40 UTC | 1803 | IN | |
2021-12-14 09:21:40 UTC | 1819 | IN | |
2021-12-14 09:21:40 UTC | 1835 | IN | |
2021-12-14 09:21:40 UTC | 1851 | IN | |
2021-12-14 09:21:40 UTC | 1867 | IN | |
2021-12-14 09:21:40 UTC | 1884 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.6 | 49821 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:40 UTC | 1883 | OUT | |
2021-12-14 09:21:40 UTC | 1890 | IN | |
2021-12-14 09:21:40 UTC | 1891 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.6 | 49822 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:40 UTC | 1892 | OUT | |
2021-12-14 09:21:40 UTC | 1893 | IN | |
2021-12-14 09:21:40 UTC | 1893 | IN |
Code Manipulations |
---|
User Modules |
---|
Hook Summary |
---|
Function Name | Hook Type | Active in Processes |
---|---|---|
api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW | IAT | explorer.exe |
api-ms-win-core-registry-l1-1-0.dll:RegGetValueW | IAT | explorer.exe |
CreateProcessAsUserW | EAT | explorer.exe |
CreateProcessAsUserW | INLINE | explorer.exe |
CreateProcessW | EAT | explorer.exe |
CreateProcessW | INLINE | explorer.exe |
CreateProcessA | EAT | explorer.exe |
CreateProcessA | INLINE | explorer.exe |
Processes |
---|
Process: explorer.exe, Module: user32.dll |
---|
Function Name | Hook Type | New Data |
---|---|---|
api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW | IAT | 7FFD88935200 |
api-ms-win-core-registry-l1-1-0.dll:RegGetValueW | IAT | 4E12000 |
Process: explorer.exe, Module: WININET.dll |
---|
Function Name | Hook Type | New Data |
---|---|---|
api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW | IAT | 7FFD88935200 |
api-ms-win-core-registry-l1-1-0.dll:RegGetValueW | IAT | 4E12000 |
Process: explorer.exe, Module: KERNEL32.DLL |
---|
Function Name | Hook Type | New Data |
---|---|---|
CreateProcessAsUserW | EAT | 7FFD8893521C |
CreateProcessAsUserW | INLINE | 0xFF 0xF2 0x25 0x50 0x00 0x00 |
CreateProcessW | EAT | 7FFD88935200 |
CreateProcessW | INLINE | 0xFF 0xF2 0x25 0x50 0x00 0x00 |
CreateProcessA | EAT | 7FFD8893520E |
CreateProcessA | INLINE | 0xFF 0xF2 0x25 0x50 0x00 0x00 |
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 10:20:20 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2d0000 |
File size: | 116736 bytes |
MD5 hash: | 7DEB5DB86C0AC789123DEC286286B938 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 10:20:20 |
Start date: | 14/12/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:20:21 |
Start date: | 14/12/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x940000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 10:20:21 |
Start date: | 14/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xad0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 10:20:21 |
Start date: | 14/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xad0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 10:21:44 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b8c0000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 10:21:44 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b8c0000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 10:21:44 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b8c0000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 10:21:45 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b8c0000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 10:21:46 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff743d60000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 10:21:47 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:21:47 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff743d60000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:21:47 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff743d60000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:21:47 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:21:47 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff743d60000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:21:47 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:21:48 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:22:01 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746f40000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:22:03 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746f40000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:22:06 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff60c110000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:22:06 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61bc20000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:22:08 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746f40000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:22:09 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff60c110000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 10:22:09 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff60c110000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 10:22:10 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61bc20000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:22:11 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff60c110000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 10:22:11 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746f40000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:22:13 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61bc20000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:22:15 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746f40000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:22:15 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61bc20000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 01024D95, Relevance: 37.8, APIs: 25, Instructions: 331memorylibrarynativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013EA303, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 102memoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103D9F4, Relevance: 9.1, APIs: 6, Instructions: 94threadmemorynativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103963A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010467CD, Relevance: 4.7, APIs: 3, Instructions: 168librarynativeloaderCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103C51B, Relevance: 4.6, APIs: 3, Instructions: 56librarynativeloaderCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01044FEA, Relevance: 4.5, APIs: 3, Instructions: 26nativeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E4638, Relevance: 3.1, APIs: 2, Instructions: 123COMMON
C-Code - Quality: 21% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E7562, Relevance: 3.1, APIs: 2, Instructions: 70nativeCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01031635, Relevance: 3.0, APIs: 2, Instructions: 35librarynativeloaderCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01023EB7, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E65B4, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01044582, Relevance: 1.5, APIs: 1, Instructions: 33nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E6367, Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 180memorystringCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E5038, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 152timememoryCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010422AA, Relevance: 21.1, APIs: 14, Instructions: 121memorysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E87A1, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109librarymemoryloaderCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102ADDF, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E4DCF, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01033B45, Relevance: 9.1, APIs: 6, Instructions: 123threadsynchronizationinjectionCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E48E5, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167stringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010315C8, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E3A19, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29sleepmemoryCOMMON
C-Code - Quality: 50% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01044E7E, Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E4C56, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E5B5B, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76memoryCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E4788, Relevance: 6.1, APIs: 4, Instructions: 120synchronizationCOMMON
C-Code - Quality: 62% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01022520, Relevance: 6.1, APIs: 4, Instructions: 108threadsynchronizationinjectionCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013EA614, Relevance: 6.1, APIs: 4, Instructions: 98registrysynchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E6A4D, Relevance: 6.1, APIs: 4, Instructions: 98memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E6006, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01039288, Relevance: 6.0, APIs: 4, Instructions: 42stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E230A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102EA7F, Relevance: 5.1, APIs: 4, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E301A, Relevance: 4.6, APIs: 3, Instructions: 96COMMON
C-Code - Quality: 18% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E311C, Relevance: 4.6, APIs: 3, Instructions: 58COMMON
C-Code - Quality: 47% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01042501, Relevance: 4.5, APIs: 3, Instructions: 18memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E60DD, Relevance: 3.8, APIs: 3, Instructions: 81COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E447C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41memoryCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E6DFA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E5A5E, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E5F72, Relevance: 3.1, APIs: 2, Instructions: 62COMMON
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103CDFE, Relevance: 3.1, APIs: 2, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E249A, Relevance: 3.1, APIs: 2, Instructions: 51COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E262B, Relevance: 3.0, APIs: 2, Instructions: 42memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013EA415, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 42memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E40AC, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01043BE1, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010434D9, Relevance: 2.6, APIs: 2, Instructions: 70memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E8F5E, Relevance: 2.6, APIs: 2, Instructions: 52COMMON
C-Code - Quality: 32% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102B1DA, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E78A8, Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010435B6, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E3196, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102B16F, Relevance: 1.5, APIs: 1, Instructions: 15threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01048553, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0104856E, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010469F0, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103032D, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E55DC, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E2363, Relevance: 1.3, APIs: 1, Instructions: 98COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102CAEC, Relevance: 1.3, APIs: 1, Instructions: 63memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103C8EB, Relevance: 1.3, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102311B, Relevance: 1.3, APIs: 1, Instructions: 50memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01032E8A, Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01026C21, Relevance: 1.3, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E4FA0, Relevance: 1.3, APIs: 1, Instructions: 26stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E6A16, Relevance: 1.3, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01022E31, Relevance: 1.3, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01043589, Relevance: 1.3, APIs: 1, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0103F63F, Relevance: 28.7, APIs: 19, Instructions: 233stringfilesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102B8F7, Relevance: 16.6, APIs: 11, Instructions: 130libraryloadernativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103E230, Relevance: 16.6, APIs: 11, Instructions: 94memorystringsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E294D, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 258memoryCOMMONCrypto
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102D1A3, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010449B3, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 87registrylibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010262CD, Relevance: 7.9, APIs: 6, Instructions: 399COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102E521, Relevance: 6.0, APIs: 4, Instructions: 45pipeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01029690, Relevance: 3.0, APIs: 2, Instructions: 48nativeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01042CA5, Relevance: 3.0, APIs: 2, Instructions: 37nativeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01027E6C, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01034F12, Relevance: 2.9, APIs: 2, Instructions: 416COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010298C2, Relevance: 1.9, APIs: 1, Instructions: 610COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102366D, Relevance: 1.8, Strings: 1, Instructions: 583COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010353A6, Relevance: 1.8, APIs: 1, Instructions: 556COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01027A06, Relevance: 1.6, Strings: 1, Instructions: 343COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102D049, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01035B0C, Relevance: .7, Instructions: 669COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01021D4F, Relevance: .4, Instructions: 386COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01031690, Relevance: .3, Instructions: 298COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013A08B7, Relevance: .2, Instructions: 250COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013A0B14, Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013A0BFC, Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013A0DF7, Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013A0DF9, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013A0CE8, Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010492C4, Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013EB084, Relevance: .1, Instructions: 77COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013A0C57, Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013A0CA5, Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013A0ABA, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013A0880, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010476C9, Relevance: 56.0, APIs: 37, Instructions: 454synchronizationtimethreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E7132, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 244memorystringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01037269, Relevance: 37.1, APIs: 15, Strings: 6, Instructions: 389memorystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01039D35, Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 219memoryfilestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102F601, Relevance: 24.3, APIs: 16, Instructions: 258memorystringfileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102D8D8, Relevance: 24.1, APIs: 16, Instructions: 131memoryregistrythreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01022E6B, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 149stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0104339E, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 121processstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01043F93, Relevance: 21.2, APIs: 14, Instructions: 201memorystringthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01041D86, Relevance: 21.2, APIs: 14, Instructions: 161memorystringfileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103FA4B, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 128timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01033FE6, Relevance: 21.1, APIs: 14, Instructions: 107libraryloaderstringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010295C5, Relevance: 21.1, APIs: 14, Instructions: 79stringmemoryfileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102F3F5, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 110librarymemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010283B5, Relevance: 18.2, APIs: 12, Instructions: 195memorystringthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102FAF3, Relevance: 18.2, APIs: 12, Instructions: 183synchronizationstringthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01032AB7, Relevance: 18.1, APIs: 12, Instructions: 104synchronizationpipethreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01042F15, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 119memorythreadstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01032BFA, Relevance: 16.7, APIs: 11, Instructions: 155registrystringfileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01029172, Relevance: 16.6, APIs: 11, Instructions: 144memoryregistryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102A4B8, Relevance: 16.6, APIs: 11, Instructions: 94memoryregistrystringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01043080, Relevance: 15.1, APIs: 10, Instructions: 102registrymemorystringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102A740, Relevance: 15.1, APIs: 10, Instructions: 96filememorystringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103D6A6, Relevance: 15.1, APIs: 10, Instructions: 78stringfilememoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102AF6F, Relevance: 15.1, APIs: 10, Instructions: 68threadprocesslibraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103E5FC, Relevance: 15.1, APIs: 10, Instructions: 59sleepsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01041218, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 125memorystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102536B, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 111memoryfilestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102FD22, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 89memorystringpipeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01026D99, Relevance: 13.6, APIs: 9, Instructions: 90filesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010297EA, Relevance: 13.6, APIs: 9, Instructions: 82fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102B32D, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 190stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01038B6D, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 145timestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102DA7D, Relevance: 12.1, APIs: 8, Instructions: 123memoryregistrysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102888F, Relevance: 11.5, APIs: 9, Instructions: 298COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01026A4D, Relevance: 10.6, APIs: 7, Instructions: 123registrymemoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01030BBF, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010431EF, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01021000, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01030B0F, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013EA7FB, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010328ED, Relevance: 10.6, APIs: 7, Instructions: 62memorysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01041FD9, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103D8F9, Relevance: 10.6, APIs: 7, Instructions: 57memoryregistrystringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102B029, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01046A05, Relevance: 9.2, APIs: 6, Instructions: 202synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102E933, Relevance: 9.1, APIs: 6, Instructions: 117COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102177F, Relevance: 9.1, APIs: 6, Instructions: 104stringsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010448B8, Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102490A, Relevance: 9.1, APIs: 6, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010255B3, Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01025CC5, Relevance: 9.1, APIs: 6, Instructions: 67stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103D619, Relevance: 9.1, APIs: 6, Instructions: 61stringthreadtimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102DCEE, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119memorystringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E4D70, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28sleepmemoryCOMMON
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010400E2, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 146stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013EA90C, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 145stringCOMMON
C-Code - Quality: 22% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01041BD5, Relevance: 7.6, APIs: 5, Instructions: 133registrysynchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01028BF0, Relevance: 7.6, APIs: 5, Instructions: 102synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E8941, Relevance: 7.6, APIs: 5, Instructions: 81COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010252BE, Relevance: 7.6, APIs: 5, Instructions: 72fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103C474, Relevance: 7.6, APIs: 5, Instructions: 71memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01047026, Relevance: 7.6, APIs: 5, Instructions: 68memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102D06A, Relevance: 7.6, APIs: 5, Instructions: 67memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01044EFF, Relevance: 7.6, APIs: 5, Instructions: 62memorystringtimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010428B5, Relevance: 7.6, APIs: 5, Instructions: 60stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102F559, Relevance: 7.6, APIs: 5, Instructions: 59memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103F568, Relevance: 7.5, APIs: 5, Instructions: 42stringCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103E6A2, Relevance: 7.5, APIs: 5, Instructions: 42memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010279AA, Relevance: 7.5, APIs: 5, Instructions: 35synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010322F0, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E2CBF, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102B778, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102CBF6, Relevance: 6.3, APIs: 5, Instructions: 92memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102818B, Relevance: 6.2, APIs: 4, Instructions: 192COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01043CD4, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E2698, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01025853, Relevance: 6.1, APIs: 4, Instructions: 120synchronizationCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103E3CD, Relevance: 6.1, APIs: 4, Instructions: 113COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01021C03, Relevance: 6.1, APIs: 4, Instructions: 83COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102EEDE, Relevance: 6.1, APIs: 4, Instructions: 75stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01024CC5, Relevance: 6.1, APIs: 4, Instructions: 73stringCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01023E09, Relevance: 6.1, APIs: 4, Instructions: 70fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01034B11, Relevance: 6.1, APIs: 4, Instructions: 68stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01032DDE, Relevance: 6.1, APIs: 4, Instructions: 68stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103E330, Relevance: 6.1, APIs: 4, Instructions: 58threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103154C, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010269C9, Relevance: 6.1, APIs: 4, Instructions: 56stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010345D5, Relevance: 6.1, APIs: 4, Instructions: 54memorystringtimeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010445CE, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01025B4D, Relevance: 6.0, APIs: 4, Instructions: 49sleepCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103D444, Relevance: 6.0, APIs: 4, Instructions: 48fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01033EE7, Relevance: 6.0, APIs: 4, Instructions: 41filestringsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102CF8A, Relevance: 6.0, APIs: 4, Instructions: 39filesynchronizationpipeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E5C2B, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E3A79, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memorytimeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01029449, Relevance: 5.1, APIs: 4, Instructions: 83memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103EC94, Relevance: 5.1, APIs: 4, Instructions: 83memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103C263, Relevance: 5.1, APIs: 4, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01038EAC, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E282F, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102E707, Relevance: 5.1, APIs: 4, Instructions: 64COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E5434, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103951E, Relevance: 5.0, APIs: 4, Instructions: 38stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01033EA2, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013E6F6D, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 053C4D95, Relevance: 37.8, APIs: 25, Instructions: 331memorylibrarynativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053DD9F4, Relevance: 9.1, APIs: 6, Instructions: 94threadmemorynativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D963A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E67CD, Relevance: 4.7, APIs: 3, Instructions: 168librarynativeloaderCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053DC51B, Relevance: 4.6, APIs: 3, Instructions: 56librarynativeloaderCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E4FEA, Relevance: 4.5, APIs: 3, Instructions: 26nativeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D7562, Relevance: 3.1, APIs: 2, Instructions: 70nativeCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D1635, Relevance: 3.0, APIs: 2, Instructions: 35librarynativeloaderCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D65B4, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C3EB7, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E4582, Relevance: 1.5, APIs: 1, Instructions: 33nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D6367, Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 180memorystringCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D5038, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 152timememoryCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E22AA, Relevance: 21.1, APIs: 14, Instructions: 121memorysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049DA303, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 102memoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D87A1, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109librarymemoryloaderCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CADDF, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D4DCF, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D3B45, Relevance: 9.1, APIs: 6, Instructions: 123threadsynchronizationinjectionCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D48E5, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167stringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D15C8, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D3A19, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29sleepmemoryCOMMON
C-Code - Quality: 50% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E4E7E, Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D4C56, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D5B5B, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76memoryCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D4788, Relevance: 6.1, APIs: 4, Instructions: 120synchronizationCOMMON
C-Code - Quality: 62% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C2520, Relevance: 6.1, APIs: 4, Instructions: 108threadsynchronizationinjectionCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049DA614, Relevance: 6.1, APIs: 4, Instructions: 98registrysynchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D6A4D, Relevance: 6.1, APIs: 4, Instructions: 98memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D6006, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D9288, Relevance: 6.0, APIs: 4, Instructions: 42stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D230A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CEA7F, Relevance: 5.1, APIs: 4, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D311C, Relevance: 4.6, APIs: 3, Instructions: 58COMMON
C-Code - Quality: 47% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E2501, Relevance: 4.5, APIs: 3, Instructions: 18memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D60DD, Relevance: 3.8, APIs: 3, Instructions: 81COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D447C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41memoryCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D6DFA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D4638, Relevance: 3.1, APIs: 2, Instructions: 123COMMON
C-Code - Quality: 21% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D5A5E, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D5F72, Relevance: 3.1, APIs: 2, Instructions: 62COMMON
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053DCDFE, Relevance: 3.1, APIs: 2, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D249A, Relevance: 3.1, APIs: 2, Instructions: 51COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049DA415, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 42memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D262B, Relevance: 3.0, APIs: 2, Instructions: 42memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D40AC, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E3BE1, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E34D9, Relevance: 2.6, APIs: 2, Instructions: 70memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D8F5E, Relevance: 2.6, APIs: 2, Instructions: 52COMMON
C-Code - Quality: 32% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CB1DA, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D78A8, Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E35B6, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D3196, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CB16F, Relevance: 1.5, APIs: 1, Instructions: 15threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E856E, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E8553, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D55DC, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E69F0, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D032D, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D2363, Relevance: 1.3, APIs: 1, Instructions: 98COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CCAEC, Relevance: 1.3, APIs: 1, Instructions: 63memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053DC8EB, Relevance: 1.3, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C311B, Relevance: 1.3, APIs: 1, Instructions: 50memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D2E8A, Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C6C21, Relevance: 1.3, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D4FA0, Relevance: 1.3, APIs: 1, Instructions: 26stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D6A16, Relevance: 1.3, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C2E31, Relevance: 1.3, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E3589, Relevance: 1.3, APIs: 1, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 053DF63F, Relevance: 28.7, APIs: 19, Instructions: 233stringfilesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D294D, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 258memoryCOMMONCrypto
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D7132, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 244memorystringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D9D35, Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 219memoryfilestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CF601, Relevance: 24.3, APIs: 16, Instructions: 258memorystringfileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C2E6B, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 149stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E3F93, Relevance: 21.2, APIs: 14, Instructions: 201memorystringthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E1D86, Relevance: 21.2, APIs: 14, Instructions: 161memorystringfileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D3FE6, Relevance: 21.1, APIs: 14, Instructions: 107libraryloaderstringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C95C5, Relevance: 21.1, APIs: 14, Instructions: 79stringmemoryfileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E2F15, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 119memorythreadstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CA4B8, Relevance: 16.6, APIs: 11, Instructions: 94memoryregistrystringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CA740, Relevance: 15.1, APIs: 10, Instructions: 96filememorystringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053DD6A6, Relevance: 15.1, APIs: 10, Instructions: 78stringfilememoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CAF6F, Relevance: 15.1, APIs: 10, Instructions: 68threadprocesslibraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053DE5FC, Relevance: 15.1, APIs: 10, Instructions: 59sleepsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CFD22, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 89memorystringpipeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C6D99, Relevance: 13.6, APIs: 9, Instructions: 90filesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C97EA, Relevance: 13.6, APIs: 9, Instructions: 82fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049DA7FB, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E1FD9, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C177F, Relevance: 9.1, APIs: 6, Instructions: 104stringsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C55B3, Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C5CC5, Relevance: 9.1, APIs: 6, Instructions: 67stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053DD619, Relevance: 9.1, APIs: 6, Instructions: 61stringthreadtimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CDCEE, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119memorystringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D4D70, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28sleepmemoryCOMMON
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049DA90C, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 145stringCOMMON
C-Code - Quality: 22% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D8941, Relevance: 7.6, APIs: 5, Instructions: 81COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053DC474, Relevance: 7.6, APIs: 5, Instructions: 71memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E4EFF, Relevance: 7.6, APIs: 5, Instructions: 62memorystringtimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CF559, Relevance: 7.6, APIs: 5, Instructions: 59memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053DF568, Relevance: 7.5, APIs: 5, Instructions: 42stringCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053DE6A2, Relevance: 7.5, APIs: 5, Instructions: 42memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D2CBF, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CB778, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D2698, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E3CD4, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C1C03, Relevance: 6.1, APIs: 4, Instructions: 83COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CEEDE, Relevance: 6.1, APIs: 4, Instructions: 75stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C4CC5, Relevance: 6.1, APIs: 4, Instructions: 73stringCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C3E09, Relevance: 6.1, APIs: 4, Instructions: 70fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D2DDE, Relevance: 6.1, APIs: 4, Instructions: 68stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D154C, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D45D5, Relevance: 6.1, APIs: 4, Instructions: 54memorystringtimeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E45CE, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053DD444, Relevance: 6.0, APIs: 4, Instructions: 48fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CE521, Relevance: 6.0, APIs: 4, Instructions: 45pipeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D3EE7, Relevance: 6.0, APIs: 4, Instructions: 41filestringsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CCF8A, Relevance: 6.0, APIs: 4, Instructions: 39filesynchronizationpipeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D5C2B, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D3A79, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memorytimeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053C9449, Relevance: 5.1, APIs: 4, Instructions: 83memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053DEC94, Relevance: 5.1, APIs: 4, Instructions: 83memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D282F, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D8EAC, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053CE707, Relevance: 5.1, APIs: 4, Instructions: 64COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D5434, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D951E, Relevance: 5.0, APIs: 4, Instructions: 38stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D6F6D, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053D3EA2, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |