Windows Analysis Report awxVepPEpA
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: RedLine |
---|
{"C2 url": "85.209.89.134:41320", "Bot Id": "@flop_tc"}
Yara Overview |
---|
PCAP (Network Traffic) |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security |
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Code function: | 0_2_025E75E8 | |
Source: | Code function: | 0_2_025E76C4 |
Networking: |
---|
Connects to many ports of the same IP (likely port scanning) | Show sources |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | IP Address: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
System Summary: |
---|
PE file has nameless sections | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_3_026ACCEF | |
Source: | Code function: | 0_3_026ACCC7 | |
Source: | Code function: | 0_3_026ACCB8 | |
Source: | Code function: | 0_3_026ACCB1 | |
Source: | Code function: | 0_3_026ACC8F | |
Source: | Code function: | 0_3_026ACC9E | |
Source: | Code function: | 0_3_026ACD2C | |
Source: | Code function: | 0_3_026ACD3C | |
Source: | Code function: | 0_3_026ACD04 | |
Source: | Code function: | 0_3_026ACD1D | |
Source: | Code function: | 0_2_025FB334 | |
Source: | Code function: | 0_2_02606658 | |
Source: | Code function: | 0_2_0261E7B0 | |
Source: | Code function: | 0_2_025F0538 | |
Source: | Code function: | 0_2_025FCADC | |
Source: | Code function: | 0_2_025F5918 | |
Source: | Code function: | 0_2_02611CDC | |
Source: | Code function: | 3_2_06F5EC28 | |
Source: | Code function: | 3_2_0A63E298 | |
Source: | Code function: | 3_2_0A639880 | |
Source: | Code function: | 3_2_0A6351D0 | |
Source: | Code function: | 3_2_0A63B9D8 | |
Source: | Code function: | 3_2_0A63AEB8 | |
Source: | Code function: | 3_2_0A637F70 |
Source: | Code function: | 0_2_0260DC4C |
Source: | Code function: | 0_2_02600270 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_025E7898 |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 0_3_026B3628 | |
Source: | Code function: | 0_3_026AC2A7 | |
Source: | Code function: | 0_3_026B3628 | |
Source: | Code function: | 0_3_026B0F93 | |
Source: | Code function: | 0_3_026AC46C | |
Source: | Code function: | 0_3_026B1470 | |
Source: | Code function: | 0_3_026AECA9 | |
Source: | Code function: | 0_3_026B256D | |
Source: | Code function: | 0_3_026B4951 | |
Source: | Code function: | 0_3_026AD133 | |
Source: | Code function: | 0_3_026AD1AB | |
Source: | Code function: | 0_3_026AF193 | |
Source: | Code function: | 0_2_02615290 | |
Source: | Code function: | 0_2_02615258 | |
Source: | Code function: | 0_2_02605260 | |
Source: | Code function: | 0_2_02605228 | |
Source: | Code function: | 0_2_025FE2FC | |
Source: | Code function: | 0_2_0261D2E0 | |
Source: | Code function: | 0_2_02602344 | |
Source: | Code function: | 0_2_025EF399 | |
Source: | Code function: | 0_2_02620364 | |
Source: | Code function: | 0_2_025EC377 | |
Source: | Code function: | 0_2_0262032C | |
Source: | Code function: | 0_2_02617340 | |
Source: | Code function: | 0_2_025EC3EC | |
Source: | Code function: | 0_2_025EC3B4 | |
Source: | Code function: | 0_2_026153B0 | |
Source: | Code function: | 0_2_025F604C | |
Source: | Code function: | 0_2_025FE0EC | |
Source: | Code function: | 0_2_0260E0C4 | |
Source: | Code function: | 0_2_026100D8 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_026133CC |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 0_2_0260B0FC |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Registry key enumerated: |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_025E75E8 | |
Source: | Code function: | 0_2_025E76C4 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_026133CC |
Source: | Code function: | 0_2_0260B0FC |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_00407497 |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSION | Show sources |
Source: | Message posted: | Jump to behavior |
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior |
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_025E4CB8 | |
Source: | Code function: | 0_2_025E9C9C |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_025ED280 |
Source: | Code function: | 0_2_02610558 |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information: |
---|
Yara detected RedLine Stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to steal Crypto Currency Wallets | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Found many strings related to Crypto-Wallets (likely being stolen) | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected RedLine Stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation221 | Path Interception | Process Injection311 | Masquerading1 | OS Credential Dumping1 | System Time Discovery1 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools11 | Input Capture1 | Security Software Discovery231 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion231 | Security Account Manager | Process Discovery11 | SMB/Windows Admin Shares | Data from Local System3 | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection311 | NTDS | Virtualization/Sandbox Evasion231 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information2 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Software Packing2 | Cached Domain Credentials | File and Directory Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery136 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
54% | Virustotal | Browse | ||
23% | Metadefender | Browse | ||
51% | ReversingLabs | Win32.Infostealer.Convagent | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
85.209.89.134 | unknown | Ukraine | 204601 | ON-LINE-DATAServerlocation-NetherlandsDrontenNL | true |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 546024 |
Start date: | 28.12.2021 |
Start time: | 20:07:09 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | awxVepPEpA (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/1@0/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
20:08:22 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
85.209.89.134 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ON-LINE-DATAServerlocation-NetherlandsDrontenNL | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2291 |
Entropy (8bit): | 5.3192079301865585 |
Encrypted: | false |
SSDEEP: | 48:MOfHK5HKXAHKhBHKdHKB1AHKzvQTHmYHKhQnoPtHoxHImHKAHK1HxLHG1qHqH5HX:vq5qXAqLqdqUqzcGYqhQnoPtIxHbqAqG |
MD5: | 174E563C986AB09114A6F31F870A6E13 |
SHA1: | F68EFDC04D0559B24C448E629A0115F2E6C3B39D |
SHA-256: | 465C8001CEFD747AF8A94EDD62CC829D8DFF4D6BED174591DA0B71E10FDC584F |
SHA-512: | 252A2B615BB7BB4223F0873F41CC7C4BC6576172CD704DD93926E004CD5795CA5DC2DE3332586BF3C44E0B564148A7661563C00B204649C7A5594C097C1E9ECE |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.998681450351388 |
TrID: |
|
File name: | awxVepPEpA.exe |
File size: | 3617280 |
MD5: | 110526d2882da3d46aa3d7023b00f41e |
SHA1: | 250a483cead19e65bc11d215d48289dff51241b0 |
SHA256: | 772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444 |
SHA512: | 46b4bd385342adcbbf52037d8c6b68609aed852dafde949022715f40f18af30f31497f30f49cdc1d0d9cb98a569d8b93079288b0b1926414413a0c20074ad6c6 |
SSDEEP: | 98304:4/lpBz0Mi19cNcuurKu0stiPJajebo04XY4OiCKU:4/lEz9cNnuRDOKio04vOiCR |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......a................. ...................@....@..........................0U.......7.................................... |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401000 |
Entrypoint Section: | |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, NX_COMPAT |
Time Stamp: | 0x61C6DCEB [Sat Dec 25 08:57:15 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | c284fa365c4442728ac859c0f9ed4dc5 |
Entrypoint Preview |
---|
Instruction |
---|
push 00907001h |
call 00007F9CFCE565E6h |
ret |
ret |
js 00007F9CFCE56633h |
jnp 00007F9CFCE5659Eh |
mov dword ptr [0FDE1067h], eax |
lodsd |
lahf |
mov bx, seg? |
xchg eax, ebp |
jns 00007F9CFCE5656Bh |
mov esi, EBD5F1E6h |
cld |
cmp cl, byte ptr [esi+edx] |
or byte ptr [eax-1Ch], FFFFFFD5h |
out 44h, al |
call 00007F9D730C6374h |
cmp esi, dword ptr [esp] |
mov esi, edi |
pop ds |
inc eax |
salc |
pushad |
inc ebp |
outsd |
push ds |
out A0h, al |
into |
jno 00007F9CFCE565F7h |
pop ss |
cmc |
pop edi |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x507c7c | 0x120 | .tZjoKcx |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4ec000 | 0x1a21d | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x507c08 | 0x8 | .tZjoKcx |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x100000 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
0x1000 | 0x22000 | 0x11200 | False | 1.00044194799 | data | 7.99711453077 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ | |
0x23000 | 0x47c | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ | |
0x24000 | 0xf000 | 0x7800 | False | 1.00052083333 | data | 7.9942215702 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ | |
0x33000 | 0x2000 | 0x400 | False | 1.0107421875 | data | 7.79345594108 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ | |
0x35000 | 0x1888fe | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ | |
0x1be000 | 0x32b000 | 0x2f9c00 | unknown | unknown | unknown | unknown | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ | |
0x4e9000 | 0x3000 | 0x1a00 | False | 1.00165264423 | data | 7.97396561553 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ | |
.rsrc | 0x4ec000 | 0x1b000 | 0x13a00 | False | 0.999701433121 | data | 7.99695916307 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.tZjoKcx | 0x507000 | 0x4b000 | 0x4b000 | False | 0.987112630208 | data | 7.91909215806 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.adata | 0x552000 | 0x1000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_RCDATA | 0x4ec0a0 | 0x1a000 | data | Russian | Russia |
RT_MANIFEST | 0x507d9c | 0x17d | XML 1.0 document text | English | United States |
Imports |
---|
DLL | Import |
---|---|
kernel32.dll | GetProcAddress, GetModuleHandleA, LoadLibraryA |
user32.dll | SendNotifyMessageA |
user32.dll | GetProcessWindowStation |
oleaut32.dll | VariantChangeTypeEx |
kernel32.dll | RaiseException |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Russian | Russia | |
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 28, 2021 20:08:11.665426970 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:11.698582888 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:11.698685884 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:11.899445057 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:11.929229975 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:11.981901884 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:13.108572960 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:13.142590046 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:13.185185909 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:19.430566072 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:19.495527983 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:19.495614052 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:19.495673895 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:19.495748043 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:19.545079947 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:22.629884958 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:22.665580988 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:22.679788113 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:22.717155933 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:22.739634991 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:22.768918037 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:22.811012983 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:22.849545002 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:22.877779961 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:22.950139999 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:22.969736099 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:23.003166914 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:23.029328108 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:23.060345888 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:23.107904911 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:23.235726118 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:23.266292095 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:23.311031103 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:24.631264925 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:24.667284966 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:24.669308901 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:24.703490973 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:24.748727083 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:24.850198984 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:24.880192995 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:24.920511961 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:24.972430944 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:25.003037930 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:25.045531034 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:25.209330082 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:25.237601042 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:25.239430904 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:25.279891014 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:25.668306112 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:25.697880983 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:25.748706102 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.614026070 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.642503977 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.642548084 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.642576933 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.642791033 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.642936945 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.643629074 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.672018051 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.672061920 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.672089100 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.672344923 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.672503948 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.672569036 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.700687885 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.700887918 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.700906038 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.701283932 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.701417923 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.701621056 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.701761961 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.703800917 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.704225063 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.706481934 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.730961084 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.731008053 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.731345892 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.731450081 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.731770039 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.731801033 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.732215881 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.732511997 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.732553005 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.732587099 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.759797096 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.759845018 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.762768030 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.762813091 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.762841940 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.764422894 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.764590025 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.764739990 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.764950037 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.765068054 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.765086889 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.765144110 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.765208960 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.793767929 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.793823004 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.793848991 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.793874025 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.793900967 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.793926954 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.793992996 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.794018030 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.794236898 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.794265032 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.794506073 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.794626951 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.794655085 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.794863939 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.794867039 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.794945002 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.795042038 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.795140982 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.795416117 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.795603037 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.795681000 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.795907974 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.796135902 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.822873116 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.822913885 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.823071957 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.823133945 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.823167086 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.823582888 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.823611021 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.823659897 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.823688030 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.823750019 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.823777914 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.828612089 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.828639030 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.828665972 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.828692913 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.828888893 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.828917027 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.828943014 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.828968048 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.829063892 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.829238892 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.829263926 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.829345942 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.829433918 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.829593897 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.829618931 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.829722881 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.829885006 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.829910040 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.829936028 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.829965115 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.829988956 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.830074072 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.830204010 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.830276966 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.830302954 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.830328941 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.830406904 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.830532074 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.850770950 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.850804090 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.850826979 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.850846052 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.850864887 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.851490974 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.852056026 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.852195024 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.852216959 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.852277994 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.852344036 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.879826069 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.879870892 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.879908085 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.879942894 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880007029 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880043983 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880078077 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880131006 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880167007 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880258083 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880296946 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880331039 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880366087 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880460024 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880497932 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880582094 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880616903 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880737066 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880776882 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880812883 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880913973 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880949974 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.880995989 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.881058931 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.881145954 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.881170988 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.881359100 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.881397009 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.881433010 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.881469011 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.881505966 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.881541014 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.882119894 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.908618927 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.908675909 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.912609100 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.912801981 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.912838936 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.912842989 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.912903070 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.912940979 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.912976980 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913012981 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913053989 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913079977 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913109064 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913134098 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913162947 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913188934 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913218021 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913254023 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913291931 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913327932 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913362026 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913399935 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913434982 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913469076 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913503885 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913538933 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913574934 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913611889 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913645983 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913681030 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913716078 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913752079 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913786888 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913821936 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913856983 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913892984 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913925886 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913960934 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.913996935 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.914030075 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.914064884 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.914099932 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.914135933 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.914175034 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.914210081 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.914246082 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.914279938 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.914314985 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.914350033 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.942092896 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.944221973 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:26.972004890 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.972049952 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.972067118 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.972084999 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.972107887 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.972135067 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.972181082 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.972234011 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.972322941 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.972436905 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.972520113 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.972678900 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.972762108 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.972788095 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.973042011 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.973071098 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.973566055 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:26.983208895 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:27.017678976 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:27.046370983 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:27.077893972 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:27.106290102 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:27.109972954 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:27.141921043 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:27.143702984 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:27.172277927 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:27.177479982 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:27.206156969 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:27.207523108 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:27.238094091 CET | 41320 | 49752 | 85.209.89.134 | 192.168.2.5 |
Dec 28, 2021 20:08:27.280128002 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Dec 28, 2021 20:08:28.065448999 CET | 49752 | 41320 | 192.168.2.5 | 85.209.89.134 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 20:07:59 |
Start date: | 28/12/2021 |
Path: | C:\Users\user\Desktop\awxVepPEpA.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 3617280 bytes |
MD5 hash: | 110526D2882DA3D46AA3D7023B00F41E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 20:08:00 |
Start date: | 28/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x13d0000 |
File size: | 98912 bytes |
MD5 hash: | 6807F903AC06FF7E1670181378690B22 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | moderate |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 025E4CB8, Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 151registrystringlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025E75E8, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025EAFA4, Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025E141C, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025E14F8, Relevance: 1.3, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025E15B0, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025E1644, Relevance: 1.3, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0260CDC8, Relevance: 1.3, APIs: 1, Instructions: 15memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0260CDE8, Relevance: 1.3, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02611CDC, Relevance: 11.6, Strings: 9, Instructions: 323COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02600270, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025ED280, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0260B0FC, Relevance: 3.9, Strings: 3, Instructions: 180COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026ACC8F, Relevance: 3.9, Strings: 3, Instructions: 157COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026ACC9E, Relevance: 3.9, Strings: 3, Instructions: 149COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026ACCB1, Relevance: 3.9, Strings: 3, Instructions: 142COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026ACCB8, Relevance: 3.9, Strings: 3, Instructions: 140COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026ACCC7, Relevance: 3.9, Strings: 3, Instructions: 137COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026ACCEF, Relevance: 3.9, Strings: 3, Instructions: 125COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026ACD04, Relevance: 3.9, Strings: 3, Instructions: 120COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026ACD1D, Relevance: 3.9, Strings: 3, Instructions: 111COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026ACD2C, Relevance: 3.9, Strings: 3, Instructions: 109COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026ACD3C, Relevance: 3.9, Strings: 3, Instructions: 103COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025E76C4, Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025E7898, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025E9C9C, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02606658, Relevance: 1.4, Strings: 1, Instructions: 155COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025F5918, Relevance: .6, Instructions: 644COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025F0538, Relevance: .6, Instructions: 566COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025FCADC, Relevance: .3, Instructions: 258COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025FB334, Relevance: .2, Instructions: 209COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0261E7B0, Relevance: .2, Instructions: 172COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0260DE40, Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 165windowregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0260D9D8, Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 173windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02615CCC, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 155libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 52% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025FDF1C, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 109libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025EB05C, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025FE100, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 117libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026175A4, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 112windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025E4B10, Relevance: 12.1, APIs: 5, Strings: 3, Instructions: 127stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025F6B34, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 181fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02614EC0, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 48windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02602A58, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 151fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02602828, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 151fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025FDD38, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 117libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0260DD60, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025E19C8, Relevance: 7.6, APIs: 5, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025E9F88, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 143threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02614FB0, Relevance: 6.1, APIs: 4, Instructions: 58COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025E9ED8, Relevance: 6.0, APIs: 4, Instructions: 50threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025E89A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0260D8F0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 0A63E298, Relevance: 1.7, Strings: 1, Instructions: 406COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5EC28, Relevance: 1.6, Strings: 1, Instructions: 379COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F55528, Relevance: 8.9, Strings: 7, Instructions: 107COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0A63F5B0, Relevance: 5.5, Strings: 4, Instructions: 481COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5E398, Relevance: 2.8, Strings: 2, Instructions: 346COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F523D9, Relevance: 2.6, Strings: 2, Instructions: 111COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F584D8, Relevance: 2.0, Instructions: 1977COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F584E8, Relevance: 2.0, Instructions: 1973COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5D440, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5E388, Relevance: 1.4, Strings: 1, Instructions: 187COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F52A88, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F55EF9, Relevance: 1.3, Strings: 1, Instructions: 49COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5B7A0, Relevance: 1.3, Strings: 1, Instructions: 30COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F53FF8, Relevance: 1.3, Strings: 1, Instructions: 28COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5B7B0, Relevance: 1.3, Strings: 1, Instructions: 26COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5A720, Relevance: 1.3, Strings: 1, Instructions: 25COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5A730, Relevance: 1.3, Strings: 1, Instructions: 16COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5F088, Relevance: .4, Instructions: 428COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F504C8, Relevance: .4, Instructions: 377COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F504A0, Relevance: .4, Instructions: 364COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F55BA8, Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5FDF8, Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5D228, Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5E759, Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0A63E288, Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F57298, Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5A558, Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5D720, Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F57D38, Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F50AE8, Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F550FF, Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5B0C0, Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F57E98, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F55F40, Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5B0D0, Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F57D28, Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F55110, Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F583B8, Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5F110, Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0540D824, Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F55F68, Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0540D4DC, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5B478, Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5B467, Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0541D3F4, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0541D5A4, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F50AD8, Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0A63F5A1, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5B940, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5CD02, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0540D81F, Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0540D4D7, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F55320, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0541D3EF, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0541D59F, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5CD10, Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5F338, Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5C480, Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F53F58, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0540DAF5, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5B92F, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F50A20, Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5C490, Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0540DAF4, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5C4F4, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5B800, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5D70F, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5BA00, Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5D430, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F53140, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F53248, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F53868, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5D3FD, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5B810, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F57FA4, Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F530D8, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5BA10, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F54068, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F54008, Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5A548, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F50457, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F55E40, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0A63EE38, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F53090, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5B75A, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5D858, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F56160, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F572E0, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0A63EE00, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F50468, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0A63EE48, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0A63EE10, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F50440, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F55E7F, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F5A700, Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F55E90, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0A6309A0, Relevance: 14.2, Strings: 11, Instructions: 418COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0A636060, Relevance: 14.0, Strings: 11, Instructions: 252COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0A6362C0, Relevance: 11.3, Strings: 9, Instructions: 55COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F55951, Relevance: 8.9, Strings: 7, Instructions: 114COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06F55960, Relevance: 8.9, Strings: 7, Instructions: 107COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0A6363A8, Relevance: 7.8, Strings: 6, Instructions: 349COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0A630040, Relevance: 7.7, Strings: 6, Instructions: 240COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0A631650, Relevance: 6.4, Strings: 5, Instructions: 169COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |