Windows
Analysis Report
mWyPrcv7Pl
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- mWyPrcv7Pl.exe (PID: 1320 cmdline:
"C:\Users\ user\Deskt op\mWyPrcv 7Pl.exe" MD5: 557232ED6BCC3043CBA02AEDCBC96891) - logagent.exe (PID: 5980 cmdline:
"C:\Window s\System32 \logagent. exe" MD5: E2036AC444AB4AD91EECC1A80FF7212F) - WerFault.exe (PID: 5788 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 980 -s 492 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- Tdceco.exe (PID: 5336 cmdline:
"C:\Users\ Public\Lib raries\Tdc eco.exe" MD5: 557232ED6BCC3043CBA02AEDCBC96891) - logagent.exe (PID: 4004 cmdline:
"C:\Window s\System32 \logagent. exe" MD5: E2036AC444AB4AD91EECC1A80FF7212F) - WerFault.exe (PID: 2124 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 4 004 -s 492 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - WerFault.exe (PID: 5756 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 4 004 -s 532 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- Tdceco.exe (PID: 1316 cmdline:
"C:\Users\ Public\Lib raries\Tdc eco.exe" MD5: 557232ED6BCC3043CBA02AEDCBC96891) - logagent.exe (PID: 1112 cmdline:
"C:\Window s\System32 \logagent. exe" MD5: E2036AC444AB4AD91EECC1A80FF7212F) - logagent.exe (PID: 5060 cmdline:
"C:\Window s\System32 \logagent. exe" MD5: E2036AC444AB4AD91EECC1A80FF7212F)
- cleanup
{"C2 list": ["www.kingnat.xyz/t3c9/"], "decoy": ["waidfu.com", "sjglyshsv.com", "sdztgy.com", "health-magazines.info", "bajoarmadura.com", "oxian.xyz", "jonspearman.com", "fusodu.online", "jx1718.net", "arminva6tinderella.xyz", "susuhiwah.com", "novotherm.online", "superbloomerz.com", "kuaida56.com", "74hc86.com", "stellumml.com", "neurocalibration.com", "pinkspirit.store", "solitaipat.com", "eassiy.com", "w-coinbase.xyz", "transliberation.space", "food2goscunthorpeonline.com", "as2082m.icu", "goodhistoryhealth.com", "albertojanderson.space", "idc169.com", "silverholleorganicfarms.com", "influxpr.com", "lechecondensada.info", "airyflamy.com", "rangersmix.com", "muadogiadungtot.site", "feldfire.store", "splitdrinks.com", "lbzyfj.com", "mydailycash.online", "ifa-samsung.com", "bzfjm.net", "001qr.com", "elylil.com", "coloradogives365.com", "vmpapp.com", "yourcoachsteph.com", "annalenaroeder.com", "gsolartech.com", "vsecom.net", "digihouse.biz", "paxof.com", "spectrumfxstudio.com", "cwmjcs.com", "borilicious.com", "bigmamma1121.com", "future.hockey", "billionaero.com", "ebavconnect.com", "essntialstore.com", "hillbumper.com", "mlnxsw.xyz", "bicyclelover.com", "sabjibajar.com", "abudhabityrerepair.com", "birdpet.store", "www6142.com"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DBatLoader | Yara detected DBatLoader | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Methodology_Shortcut_HotKey | Detects possible shortcut usage for .URL persistence | @itsreallynick (Nick Carr) |
| |
Methodology_Contains_Shortcut_OtherURIhandlers | Detects possible shortcut usage for .URL persistence | @itsreallynick (Nick Carr) |
| |
JoeSecurity_DBatLoader | Yara detected DBatLoader | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Windows_Trojan_Formbook_1112e116 | unknown | unknown |
| |
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Click to see the 125 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
JoeSecurity_DBatLoader | Yara detected DBatLoader | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 5_2_50487B1B |
Networking |
---|
Source: | URLs: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process created: |
Source: | Code function: | 0_3_03C2F88D | |
Source: | Code function: | 0_3_03BE4EE0 | |
Source: | Code function: | 0_3_03BE135B | |
Source: | Code function: | 0_3_03BD80E3 | |
Source: | Code function: | 0_3_04A598BC | |
Source: | Code function: | 5_2_50481030 | |
Source: | Code function: | 5_2_5049D97E | |
Source: | Code function: | 5_2_5049D563 | |
Source: | Code function: | 5_2_50482D90 | |
Source: | Code function: | 5_2_50489E4C | |
Source: | Code function: | 5_2_50489E50 | |
Source: | Code function: | 5_2_5049E68E | |
Source: | Code function: | 5_2_5049E70A | |
Source: | Code function: | 5_2_50482FB0 | |
Source: | Code function: | 9_3_03C8F8C1 | |
Source: | Code function: | 9_3_03C38117 | |
Source: | Code function: | 9_3_03C8F8C1 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | |||
Source: | File read: | |||
Source: | File read: | |||
Source: | File read: |
Source: | Window detected: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_3_03C31DE3 | |
Source: | Code function: | 0_3_03C2F122 | |
Source: | Code function: | 0_3_03C31DB1 | |
Source: | Code function: | 0_3_03C31D27 | |
Source: | Code function: | 0_3_03C2F9C4 | |
Source: | Code function: | 0_3_03C31D6F | |
Source: | Code function: | 0_3_03BDA5C5 | |
Source: | Code function: | 0_3_03BD821A | |
Source: | Code function: | 0_3_03BDA607 | |
Source: | Code function: | 0_3_03BDA639 | |
Source: | Code function: | 0_3_03BDA57D | |
Source: | Code function: | 0_3_03BDA748 | |
Source: | Code function: | 0_3_04A5ACD8 | |
Source: | Code function: | 0_3_04A5C2C8 | |
Source: | Code function: | 0_3_04A5C2C8 | |
Source: | Code function: | 5_2_5049E90D | |
Source: | Code function: | 5_2_5049E8B8 | |
Source: | Code function: | 5_2_504979EF | |
Source: | Code function: | 5_2_5049D4C8 | |
Source: | Code function: | 5_2_5049D532 | |
Source: | Code function: | 5_2_5049D4C8 | |
Source: | Code function: | 5_2_5049D532 | |
Source: | Code function: | 5_2_50496755 | |
Source: | Code function: | 9_3_03C8F156 | |
Source: | Code function: | 9_3_03C81E35 | |
Source: | Code function: | 9_3_03C8F9F8 | |
Source: | Code function: | 9_3_03C91E17 | |
Source: | Code function: | 9_3_03C91DE5 | |
Source: | Code function: | 9_3_03C91DA3 | |
Source: | Code function: | 9_3_03C7F167 | |
Source: | Code function: | 9_3_03C91D5B |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | Code function: | 5_2_50489900 |
Source: | Process information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 5_2_50489900 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_3_04A580BC |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 311 Process Injection | 1 Masquerading | 1 Input Capture | 1 Query Registry | Remote Services | 1 Input Capture | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 1 Virtualization/Sandbox Evasion | LSASS Memory | 121 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 DLL Side-Loading | 311 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 2 Obfuscated Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 13 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Software Packing | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 DLL Side-Loading | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | 2 System Information Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
46% | Metadefender | Browse | ||
76% | ReversingLabs | Win32.Trojan.Remcos |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
46% | Metadefender | Browse | ||
76% | ReversingLabs | Win32.Trojan.Remcos |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
l-0003.l-dc-msedge.net | 13.107.43.12 | true | false | unknown | |
onedrive.live.com | unknown | unknown | false | high | |
p5lwwa.am.files.1drv.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
true |
| low | |
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.43.12 | l-0003.l-dc-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 679238 |
Start date and time: 05/08/202212:50:10 | 2022-08-05 12:50:10 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 37s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | mWyPrcv7Pl (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 32 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.expl.evad.winEXE@14/18@6/2 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 23.211.6.115, 13.107.42.13, 13.89.179.12, 20.189.173.20, 20.42.65.92
- Excluded domains from analysis (whitelisted): odc-web-brs.onedrive.akadns.net, store-images.s-microsoft.com-c.edgekey.net, onedsblobprdcus17.centralus.cloudapp.azure.com, arc.msn.com, l-0004.l-msedge.net, e12564.dspb.akamaiedge.net, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, am-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, www.bing.com, client.wns.windows.com, fs.microsoft.com, odc-web-geo.onedrive.akadns.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, ris.api.iris.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, store-images.s-microsoft.com, odc-am-files-geo.onedrive.akadns.net, blobcollector.events.data.trafficmanager.net, odc-am-files-brs.onedrive.akadns.net
- Execution Graph export aborted for target Tdceco.exe, PID 5336 because there are no executed function
- Execution Graph export aborted for target logagent.exe, PID 5980 because it is empty
- Execution Graph export aborted for target mWyPrcv7Pl.exe, PID 1320 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: mWyPrcv7Pl.exe
Time | Type | Description |
---|---|---|
12:51:15 | API Interceptor | |
12:51:30 | Autostart | |
12:51:39 | Autostart | |
12:51:41 | API Interceptor | |
12:51:52 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
13.107.43.12 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
l-0003.l-dc-msedge.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_logagent.exe_3e894c43284c62ca8825101ba19eb171b9823b5f_0357e9de_162dfe0d\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7895462611229852 |
Encrypted: | false |
SSDEEP: | 96:jdwMFtQKcnNIb6o07JfvpXIQcQDXc6Da6cEEcw3pdDq+HbHgoC5AJkq+h88WpB85:jqMwKcnJHdXHRu/jF7/u7stS274ItQ |
MD5: | 9332A54875F0D84559404C0461F79263 |
SHA1: | A01265CEA6B121CECA815239FEFA0FA69AE9E11A |
SHA-256: | 9B7BD2BCC5A239A1C67474F58DDACE2379E67DA3F2F34213A6ED2182D1AB98AD |
SHA-512: | 1DC1432831F4FEE980D059D80E946E204BA31B59EEFC0B333F8746EE02F3A8A9EA03C59E20A056E814A4FB5AAF9E1DF44C610D75CB11E214DA64E1E9BE2C4066 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_logagent.exe_96c1d13f279867748ea9992828437f88fb7a_0357e9de_081db646\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7894967627729025 |
Encrypted: | false |
SSDEEP: | 96:jrwVIFm9KcneIb6oI7JfxpXIQcQvc6QcEDMcw3DSDq+HbHgoC5AJkq+h88WpB8Op:jMm89KcnQHBUZMXojF7/u7sSS274ItQ |
MD5: | 025AD1EBCBE5145C9239AEBD50654E09 |
SHA1: | F499E3BC76D7291C699C5B35DECE18DA9D1276FD |
SHA-256: | 3BDBED9E4A8C5A79E0F664903B54C6DB6633E3F3D0B1EBC7BB24D8D108010B8B |
SHA-512: | D716665D8F6A53360D6D53F6B754936F1DB1B31D152DED88E23D83A349FA14B0C77EB2D9496184C03DA5738942854CC45578AB6B0B998ACA48CCAA682FE2F700 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_logagent.exe_96c1d13f279867748ea9992828437f88fb7a_0357e9de_16cd672c\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7894223007015567 |
Encrypted: | false |
SSDEEP: | 96:jsFnLYWecnvIb6oI7JfxpXIQcQvc6QcEDMcw3DSDq+HbHgoC5AJkq+h88WpB8OvR:ACWecn5HBUZMXojF7/u7sSS274ItQ |
MD5: | 304ADF2E6EE2AB59483C474F6168FA88 |
SHA1: | E9623DE8667CA08763936B993AEBCEB573CB9F98 |
SHA-256: | 2F129F729AC3F31868C7A9974E476985A785166A667970B7862816B48316C870 |
SHA-512: | 50EA7081451E3FEE0577289F05969248A252F4FB4A52D865AA7405024BFC583F87801D367E650EFF40953BF6EDD9971E7CC7C3E86E6399BFC45E45E7BCE3992C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 68242 |
Entropy (8bit): | 1.7563037976198732 |
Encrypted: | false |
SSDEEP: | 192:n2hDhtVammOWxnliGf/P4alOBhkEb4wPYTAty0aHR8bx4zyxLR:O/V1WxnliGvSJHPYTzyxV |
MD5: | 03D98E1CC879DE3BBBD71E4AEEE8DF33 |
SHA1: | F8EE863176D78DA65131F2613063CEBBCBBBE03E |
SHA-256: | 78791C66074CC6C9B4C39C4777CB50DBA11E2C38E54CFD6634DC2A15FC97C886 |
SHA-512: | EBAC5BFB6D1EED813F9E5FB806298DE4D89FD3B4E788EE7CAD668FECCBAD6EDB140F633A9AB013017A28F27DF55FAEE2BC627535CAF843FD548319278D89DB95 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6326 |
Entropy (8bit): | 3.7227993866947564 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNipmT6xYPGwtYceSuCprG89bdVsfOfm:RrlsNipy68GKYRSZduf3 |
MD5: | B4DD1DCBD65F2D8BC2098882D6158B40 |
SHA1: | BD0BF7D02D78D522F15DA374630BCB0FEA046A85 |
SHA-256: | D969163F79F804A5116701C04565490E684303CDFE5684E1A1B12E8E58547189 |
SHA-512: | D501AA452F5D1FD286EF0BB5047CCAA3C690C2D5A2A6C0A2CD2F78AF97DA7EC877C746725561BDBD8269E41AF591570CED8F9E7B079E544A9A6582BAFCF2DD12 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4670 |
Entropy (8bit): | 4.469556859488255 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsLtJgtWI9VZWgc8sqYjv8fm8M4JemEZFIFz+q86G0fcT7Fcfrmzdd:uITfLHyogrsqYAJ8cFzzET7Furmzdd |
MD5: | BAE211EB62A01570145FD0278712B061 |
SHA1: | 6535A692379F62B6BD38F1EE29F00F5AEA539886 |
SHA-256: | 93033A3C270F9F11C2A0311048C83334B2E403D8136B9FE2398EE313C12F43E4 |
SHA-512: | 71FBE956E73EADE9D70F0121CC7242CFF8702EAEEA0AE03F4D6CA1D00588294DAC42544FE4474BFD67A2BAB69091BEA43C3DF9B0ACA26E480352ED6CDF791A1E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 76486 |
Entropy (8bit): | 1.697254929068589 |
Encrypted: | false |
SSDEEP: | 192:2fKPkvRc4dOWCtO5ngID+GKlgYBk/lKcnnTLGXSKOAII5:3kvRLQWDpgIDrYBk/zM5 |
MD5: | 9399E1632C1FC2E21651634493DE3AA6 |
SHA1: | 89561DB0043B7771B471488B87917ECA17635D65 |
SHA-256: | 8FFF64BA8A31149730CD5513971CA3552A4CD9FCDB0BAA87EFDD2245A4985C24 |
SHA-512: | 8CA9BD653ED64463DB9070FC819AAF32617063A2806E916347971C15986001903A64822471D02B6BE977C0FC5803CD18E80C3AAA0CF36D96118AD48D5B2A8076 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8302 |
Entropy (8bit): | 3.692436327974326 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiuFI6o8Gx6Yxm6UgmfceSuCpri89bDBsfzBm:RrlsNiz6hGx6Yg6UgmfRStD6fI |
MD5: | 888E4562AA7B4EB2B4F3C06260EECD31 |
SHA1: | EA570816E2E2C7EE9332A5D1835257166FD82046 |
SHA-256: | 61C17A98011F6C96313FDCF2C6D679B2FD11DE79D5AA62927D395985BC62781D |
SHA-512: | 323D7AE80F468990D27A5A80FCDDB15A5B59F84122A845F4ED5C0E7BC4C3998CD0DC4A98713BEA17175F4D32F9853A51FEB8A7E240FA2A139DAB1BA869B1F96C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4670 |
Entropy (8bit): | 4.471151372089151 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsLtJgtWI9VZWgc8sqYjR8fm8M4JemEZFVFm+q86G0K7FcfrmPd:uITfLHyogrsqYKJ8RFmzK7FurmPd |
MD5: | 406CC377399D08DA35A09A14A5D133B4 |
SHA1: | 7FD6A69A63D719886C0409688B5FC6B2C830D2BD |
SHA-256: | 865BF2C8C48DCE5A6E212AF88C4EFC424C3E9C45C6353DA10D4C5A08D454C031 |
SHA-512: | C5C6E2902406ECA3019D8323F2B908F304303031FA394D7CD70D7633C4996E96B3DF0276C48E2BAC18849F91110D88E007BF149857E5F71FAC531FBF6DDD2ECB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86848 |
Entropy (8bit): | 1.6525661941532799 |
Encrypted: | false |
SSDEEP: | 192:4WVcD2SZx3CwOWHcZ5nIIlsKNlgYBD/HqMVNSryvYS0YBnkujHC1WTn:UDYHWQpII+BYBrHqiFBnkujHC1WTn |
MD5: | 709F1E591BC441AE2B578D0E65EA45DB |
SHA1: | 23DA9B86F16D1C46C4C960EDEF50051B1CFA3E1F |
SHA-256: | 49828D3F26B0B430B36351A00803FF6B6B3BD34618D4DD01CD0B8C9C366F3D45 |
SHA-512: | 644420868079DBFB483A7B0B2895BC005A83694E81039B3ECF4CBB4A255D5F0282FA17B88ED1917028279D12CF9901A78A3654A6F9D2D7C8606FFE9383826AF8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8290 |
Entropy (8bit): | 3.691915952192265 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiuFW6mcGwu6YxA6UgmfcYSJgCpDs89b/Bsfl1m:RrlsNiN6vGZ6Ym6UgmfrSH/6fm |
MD5: | F7732502782B5043CB90003402FAF93B |
SHA1: | 978B8E9EA109D7BE0F40C1C7A85705D515511A2D |
SHA-256: | 758307408BC510CCCCED144BCAA6479654F411A8BCC70416D4CD640CD97634E5 |
SHA-512: | 774A65FC4690AE6174BC0972EB95A0053A40CC19D3CCB99B68179782A0D1F51004C5E6205028766F722DA1FF7E2088A302418FBB9F1DB0903A995E6F880A1FD2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4670 |
Entropy (8bit): | 4.462355835672097 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsstJgtWI9VZWgc8sqYj0Z8fm8M4Jem+F2+q86IL7FcfrmPd:uITfsHyogrsqYoeJ5y7FurmPd |
MD5: | 5C88382227D1ABA76B1CD557645ADAA0 |
SHA1: | B0B4B7A6B3B53BB618250A312D88BC288C913761 |
SHA-256: | 4F3E4D5589C960668233283FC51A0902BF2189E1AF862CCFE8EC9C794AC77E2B |
SHA-512: | DBE61CC865AD057D01388F012CC46F9A42601F247EB11B8A18C39FCBC3787A99D1AFAC2A25EB920B7D7935930C844E5A224569CB264C4391DD9B3432D7A25CC9 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\mWyPrcv7Pl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1009664 |
Entropy (8bit): | 6.974853442197742 |
Encrypted: | false |
SSDEEP: | 24576:5DA1mchKTwkH17WtMBhiUDxvHiMYStUtVSn52pAf2rDNtl2aCHX:5Dhc8ZPbVI5Sn52KN |
MD5: | 557232ED6BCC3043CBA02AEDCBC96891 |
SHA1: | BD739F8686A3A535B9D2FAEE8990C77F0DE06884 |
SHA-256: | F28FC7B2CB76F0A714EF1E43B37EC0F5AA6C497D25D7DE4379E8E0B91913D1C0 |
SHA-512: | D24BAB222F53B70EC8E551A81AE5524991C58BAA8602FDCD65D37ECE4BFEEE0B470BA3177ACD0CF2C4F3B5E7B7BDD7AE6A88B8E12C24E7B5B0610E465B205D9D |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\mWyPrcv7Pl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\mWyPrcv7Pl.exe |
File Type: | |
Category: | modified |
Size (bytes): | 98 |
Entropy (8bit): | 4.938047957598122 |
Encrypted: | false |
SSDEEP: | 3:HRAbABGQYmTWAX+rSF55i0XMSQssGKd6cyoo:HRYFVmTWDyzbsb3yoo |
MD5: | 97BA409E4D1D5E585313786D114B9AC4 |
SHA1: | E496CA19CC386AC749787C454A43013DF73C401B |
SHA-256: | DF840052CA96F3AC99AB1D19783778F4387E2284E04FB348F7F3A033D2D5C665 |
SHA-512: | A37994040A6FC407DDF942C7FF63F1D163DAB09950EBB9AFCA4D5DE920E873DF588EE7A1B0060025772C4DBAD8C9CE7C0C43817E5453278EA29E1CDBB2EE0BEE |
Malicious: | false |
Yara Hits: |
|
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Tdcecogbbgrxarcelvdgocpkcdmqukp[1]
Download File
Process: | C:\Users\user\Desktop\mWyPrcv7Pl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 376320 |
Entropy (8bit): | 7.5010078258930735 |
Encrypted: | false |
SSDEEP: | 6144:r44w300N1+QkdgiH97nNmDy8ZQtdotlsGP3KtPomplOdzvnKTkrtHXetBqRUcwSc:rsEuQd9M3Zz7/ReGRxk+TVGDt8mtV |
MD5: | 98458E783E96412298C0A2349D450C07 |
SHA1: | 9C1D3799F76BE072EF120C86A50CF714073FE5CC |
SHA-256: | 7BB9C31D92CAF44535718C8B8B2A43EBFB7B2A877B3447EEBBBC0009A68C77F8 |
SHA-512: | 3F10CA558FA623AE12838BAD74D168EAC782D2C0609AFEFDF9914CEB55E85C3114717BE5BCBD42C77D51F9CE1CA3A8A199A6A9F5A1256513779A323CC3E984A2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\Tdcecogbbgrxarcelvdgocpkcdmqukp[2]
Download File
Process: | C:\Users\Public\Libraries\Tdceco.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 376320 |
Entropy (8bit): | 7.5010078258930735 |
Encrypted: | false |
SSDEEP: | 6144:r44w300N1+QkdgiH97nNmDy8ZQtdotlsGP3KtPomplOdzvnKTkrtHXetBqRUcwSc:rsEuQd9M3Zz7/ReGRxk+TVGDt8mtV |
MD5: | 98458E783E96412298C0A2349D450C07 |
SHA1: | 9C1D3799F76BE072EF120C86A50CF714073FE5CC |
SHA-256: | 7BB9C31D92CAF44535718C8B8B2A43EBFB7B2A877B3447EEBBBC0009A68C77F8 |
SHA-512: | 3F10CA558FA623AE12838BAD74D168EAC782D2C0609AFEFDF9914CEB55E85C3114717BE5BCBD42C77D51F9CE1CA3A8A199A6A9F5A1256513779A323CC3E984A2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\Tdcecogbbgrxarcelvdgocpkcdmqukp[1]
Download File
Process: | C:\Users\Public\Libraries\Tdceco.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 376320 |
Entropy (8bit): | 7.5010078258930735 |
Encrypted: | false |
SSDEEP: | 6144:r44w300N1+QkdgiH97nNmDy8ZQtdotlsGP3KtPomplOdzvnKTkrtHXetBqRUcwSc:rsEuQd9M3Zz7/ReGRxk+TVGDt8mtV |
MD5: | 98458E783E96412298C0A2349D450C07 |
SHA1: | 9C1D3799F76BE072EF120C86A50CF714073FE5CC |
SHA-256: | 7BB9C31D92CAF44535718C8B8B2A43EBFB7B2A877B3447EEBBBC0009A68C77F8 |
SHA-512: | 3F10CA558FA623AE12838BAD74D168EAC782D2C0609AFEFDF9914CEB55E85C3114717BE5BCBD42C77D51F9CE1CA3A8A199A6A9F5A1256513779A323CC3E984A2 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.974853442197742 |
TrID: |
|
File name: | mWyPrcv7Pl.exe |
File size: | 1009664 |
MD5: | 557232ed6bcc3043cba02aedcbc96891 |
SHA1: | bd739f8686a3a535b9d2faee8990c77f0de06884 |
SHA256: | f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0 |
SHA512: | d24bab222f53b70ec8e551a81ae5524991c58baa8602fdcd65d37ece4bfeee0b470ba3177acd0cf2c4f3b5e7b7bdd7ae6a88b8e12c24e7b5b0610e465b205d9d |
SSDEEP: | 24576:5DA1mchKTwkH17WtMBhiUDxvHiMYStUtVSn52pAf2rDNtl2aCHX:5Dhc8ZPbVI5Sn52KN |
TLSH: | 7A259E31E6E24433D473277C8E1B466599397E103E78D88A3BEA2D4C2FFD68139252D6 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | c49af2e8ece0e6c8 |
Entrypoint: | 0x4a3b74 |
Entrypoint Section: | CODE |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 205f6434858f3f8cc9e8b96d094507a2 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
mov eax, 004A38D4h |
call 00007FA34C4BFD91h |
mov eax, dword ptr [004A587Ch] |
mov eax, dword ptr [eax] |
call 00007FA34C520AD1h |
mov ecx, dword ptr [004A59E0h] |
mov eax, dword ptr [004A587Ch] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [004A0C1Ch] |
call 00007FA34C520AD1h |
mov eax, dword ptr [004A59E0h] |
mov eax, dword ptr [eax] |
call 00007FA34C51D545h |
mov eax, dword ptr [004A587Ch] |
mov eax, dword ptr [eax] |
call 00007FA34C520B39h |
call 00007FA34C4BD7F4h |
lea eax, dword ptr [eax+00h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa7000 | 0x27a4 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xb9000 | 0x43000 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xac000 | 0xc1ec | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xab000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
CODE | 0x1000 | 0xa2bc8 | 0xa2c00 | False | 0.5100101406490015 | data | 6.535344306379752 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
DATA | 0xa4000 | 0x1aa4 | 0x1c00 | False | 0.42703683035714285 | data | 4.101220909917565 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
BSS | 0xa6000 | 0xef5 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0xa7000 | 0x27a4 | 0x2800 | False | 0.3671875 | data | 5.001062777293974 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0xaa000 | 0x40 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0xab000 | 0x18 | 0x200 | False | 0.05078125 | data | 0.2005819074398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.reloc | 0xac000 | 0xc1ec | 0xc200 | False | 0.5179606958762887 | data | 6.616954325025841 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.rsrc | 0xb9000 | 0x43000 | 0x43000 | False | 0.5515537546641791 | data | 7.276319461848777 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
AUDIOES | 0xb9d88 | 0x3697c | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz | English | United States |
RT_CURSOR | 0xf0704 | 0x134 | data | ||
RT_CURSOR | 0xf0838 | 0x134 | data | ||
RT_CURSOR | 0xf096c | 0x134 | data | ||
RT_CURSOR | 0xf0aa0 | 0x134 | data | ||
RT_CURSOR | 0xf0bd4 | 0x134 | data | ||
RT_CURSOR | 0xf0d08 | 0x134 | data | ||
RT_CURSOR | 0xf0e3c | 0x134 | data | ||
RT_BITMAP | 0xf0f70 | 0x1d0 | data | ||
RT_BITMAP | 0xf1140 | 0x1e4 | data | ||
RT_BITMAP | 0xf1324 | 0x1d0 | data | ||
RT_BITMAP | 0xf14f4 | 0x1d0 | data | ||
RT_BITMAP | 0xf16c4 | 0x1d0 | data | ||
RT_BITMAP | 0xf1894 | 0x1d0 | data | ||
RT_BITMAP | 0xf1a64 | 0x1d0 | data | ||
RT_BITMAP | 0xf1c34 | 0x1d0 | data | ||
RT_BITMAP | 0xf1e04 | 0x1d0 | data | ||
RT_BITMAP | 0xf1fd4 | 0x1d0 | data | ||
RT_BITMAP | 0xf21a4 | 0xe8 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf228c | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xf4834 | 0x988 | data | ||
RT_ICON | 0xf51bc | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_DIALOG | 0xf5624 | 0x52 | data | ||
RT_STRING | 0xf5678 | 0x114 | data | ||
RT_STRING | 0xf578c | 0x3d0 | data | ||
RT_STRING | 0xf5b5c | 0x554 | data | ||
RT_STRING | 0xf60b0 | 0x3cc | data | ||
RT_STRING | 0xf647c | 0x1d4 | data | ||
RT_STRING | 0xf6650 | 0x180 | data | ||
RT_STRING | 0xf67d0 | 0x314 | COM executable for DOS | ||
RT_STRING | 0xf6ae4 | 0x4f4 | data | ||
RT_STRING | 0xf6fd8 | 0x1c0 | data | ||
RT_STRING | 0xf7198 | 0xec | data | ||
RT_STRING | 0xf7284 | 0x134 | data | ||
RT_STRING | 0xf73b8 | 0x314 | data | ||
RT_STRING | 0xf76cc | 0x40c | data | ||
RT_STRING | 0xf7ad8 | 0x380 | data | ||
RT_STRING | 0xf7e58 | 0x3d4 | data | ||
RT_STRING | 0xf822c | 0x250 | data | ||
RT_STRING | 0xf847c | 0xec | data | ||
RT_STRING | 0xf8568 | 0x1dc | data | ||
RT_STRING | 0xf8744 | 0x3ec | data | ||
RT_STRING | 0xf8b30 | 0x3f4 | data | ||
RT_STRING | 0xf8f24 | 0x30c | data | ||
RT_STRING | 0xf9230 | 0x328 | data | ||
RT_RCDATA | 0xf9558 | 0x10 | data | ||
RT_RCDATA | 0xf9568 | 0x370 | data | ||
RT_RCDATA | 0xf98d8 | 0x16ad | Delphi compiled form 'TForm1' | ||
RT_RCDATA | 0xfaf88 | 0x2c3 | Delphi compiled form 'TForm2' | ||
RT_RCDATA | 0xfb24c | 0x39e | Delphi compiled form 'TForm3' | ||
RT_RCDATA | 0xfb5ec | 0x2d0 | Delphi compiled form 'TForm4' | ||
RT_GROUP_CURSOR | 0xfb8bc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb8d0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb8e4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb8f8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb90c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb920 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb934 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_ICON | 0xfb948 | 0x30 | data | ||
RT_VERSION | 0xfb978 | 0x498 | data | German | Germany |
DLL | Import |
---|---|
kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle |
user32.dll | GetKeyboardType, LoadStringA, MessageBoxA, CharNextA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
kernel32.dll | lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProfileStringA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushInstructionCache, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle |
version.dll | VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA |
gdi32.dll | UnrealizeObject, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExcludeClipRect, EndPage, EndDoc, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, BitBlt |
user32.dll | CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, ShowCaret, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, HideCaret, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawStateA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
ole32.dll | CoTaskMemFree, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID |
oleaut32.dll | GetErrorInfo, GetActiveObject, SysFreeString |
comctl32.dll | ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls |
winspool.drv | OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter |
shell32.dll | ShellExecuteA |
comdlg32.dll | GetSaveFileNameA, GetOpenFileNameA |
winmm.dll | sndPlaySoundA |
kernel32 | VirtualProtect, GetProcAddress |
URL | AddMIMEFileTypesPS |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
German | Germany |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 5, 2022 12:51:18.365840912 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.365884066 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.365974903 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.367450953 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.367475033 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.470072031 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.470226049 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.471115112 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.471220970 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.479872942 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.479896069 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.480114937 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.480168104 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.480914116 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.523399115 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.974781036 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.974838972 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.974890947 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.974906921 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.974927902 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.974977016 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.975013018 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.975033045 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.975126028 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.975128889 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.975152016 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.975199938 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.975224018 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.975229979 CEST | 443 | 49737 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:18.975285053 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.977945089 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:18.977972984 CEST | 49737 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:20.569983959 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:20.570049047 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:20.570179939 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:20.571764946 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:20.571798086 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:20.659427881 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:20.659562111 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:20.667293072 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:20.667330980 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:20.671868086 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:20.671906948 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.106112957 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.106147051 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.106209993 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.106226921 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.106254101 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.106352091 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.106355906 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.106359005 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.106379986 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.106451988 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.106475115 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.106481075 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.106539965 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.130923033 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.131006002 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.131120920 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.131201982 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.131221056 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.131237984 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.131242990 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.131279945 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.131287098 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.131325960 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.131331921 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.131369114 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.131390095 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.131450891 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.155745983 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.155836105 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.155874968 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.155901909 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.155916929 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.155922890 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.155961990 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.155973911 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.155998945 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.156044960 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.156126022 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.156202078 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.156212091 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.156265020 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.156338930 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.156516075 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.156518936 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.156533003 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.156585932 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.156615019 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.156624079 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.156675100 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.156677008 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.156689882 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.156754017 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.156764030 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.156814098 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.156840086 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.156918049 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.156925917 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.156975985 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.157233000 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.157257080 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.157326937 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.157339096 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.157373905 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.157383919 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.182027102 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.182071924 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.182141066 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.182162046 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.182177067 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.182219028 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.182598114 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.182687044 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.182733059 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.182810068 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.182905912 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.182944059 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.182970047 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.183008909 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.183017969 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.183077097 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.183166027 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.183254957 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.183284044 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.183370113 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.183535099 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.183564901 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.183628082 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.183677912 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.183687925 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.183697939 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.183747053 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.184139967 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.184218884 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.184235096 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.184259892 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.184272051 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.184317112 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.184346914 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.184390068 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.184421062 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.184469938 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.184483051 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.184518099 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.184529066 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.184541941 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.184554100 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.184570074 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.184575081 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.184623957 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.184637070 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.184652090 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.184679031 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.184907913 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.184947014 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.185020924 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.185034037 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.185074091 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.185091972 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.186120987 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.186177015 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.186233997 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.186252117 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.186292887 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.186341047 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.209897995 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.209937096 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.210000038 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.210025072 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.210037947 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.210139036 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.210153103 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.210164070 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.210182905 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.210208893 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.210273027 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.210279942 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.210325956 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.210616112 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.210648060 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.210695028 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.210707903 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.210722923 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.210762978 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.210809946 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.210815907 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.210830927 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:21.210865974 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.210902929 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:21.305670023 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:26.844928026 CEST | 49755 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:26.844975948 CEST | 443 | 49755 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:44.152018070 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:44.152072906 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:44.152167082 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:44.153337955 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:44.153357029 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:44.236819029 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:44.237087965 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:44.237916946 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:44.237997055 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:44.270272017 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:44.270314932 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:44.270781994 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:44.270857096 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:44.271656990 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:44.315424919 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.289764881 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.289824963 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.289966106 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.289985895 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.289992094 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.290021896 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.290086985 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.290118933 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.290133953 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.290163994 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.290195942 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.290208101 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.290251970 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.290256023 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.290294886 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.290304899 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.290340900 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.290380001 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.314790010 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.314964056 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.315002918 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.315037012 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.315054893 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.315098047 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.315118074 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.315208912 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.315218925 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.315269947 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.315277100 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.315301895 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.315365076 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.315418959 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.315428972 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.315474987 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.315495968 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.315506935 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.315556049 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.315582037 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.315654993 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.315752983 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.315762997 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.315815926 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.340447903 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.340619087 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.340770960 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.340852022 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.340895891 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.340924978 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.340930939 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.340976954 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.341048002 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.341140985 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.341152906 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.341208935 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.341291904 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.341367006 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.341377974 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.341435909 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.341547966 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.341639996 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.341650963 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.341707945 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.341841936 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.341943979 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.341958046 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.342015028 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.342087984 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.342174053 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.342183113 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.342245102 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.342600107 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.342638969 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.342683077 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.342696905 CEST | 443 | 49770 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:45.342731953 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.342765093 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.360913038 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:45.361007929 CEST | 49770 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.377715111 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.377782106 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.377872944 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.378607988 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.378624916 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.464313984 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.464409113 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.465034008 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.465042114 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.469402075 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.469408989 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.938496113 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.938548088 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.938613892 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.938640118 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.938652992 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.938669920 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.938702106 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.938713074 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.938750982 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.938766003 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.938786983 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.938797951 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.938841105 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.938872099 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.962637901 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.962754965 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.962774992 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.962832928 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.962927103 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.963011026 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.963023901 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.963049889 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.963072062 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.963082075 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.963124990 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.963150978 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.963171959 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.963181019 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.963222027 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.963260889 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.963262081 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.963288069 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.963336945 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.963359118 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.963412046 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.963429928 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.963455915 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.963520050 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.963536978 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.963582039 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.987543106 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.987637043 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.987677097 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.987698078 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.987736940 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.987744093 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.987765074 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.987776041 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.987817049 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.987854004 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.987879992 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.987952948 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.987962961 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.988015890 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.988018990 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.988029957 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.988095045 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.988105059 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.988153934 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.988167048 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.988238096 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.988246918 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.988292933 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.988312960 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.988403082 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.988411903 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.988460064 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.988492012 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.988657951 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:47.988672972 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:47.988727093 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.012904882 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013034105 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013056993 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013057947 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013084888 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013123989 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013160944 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013185024 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013186932 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013201952 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013256073 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013297081 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013309956 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013324022 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013361931 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013374090 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013406992 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013413906 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013462067 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013482094 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013503075 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013508081 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013520956 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013561964 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013617992 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013633013 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013657093 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013731003 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013745070 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013761044 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013778925 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013792038 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013838053 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013845921 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013901949 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013923883 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013945103 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.013956070 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.013993025 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.014012098 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.014044046 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.014050961 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.014100075 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.014139891 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.038568020 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.038608074 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.038744926 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.038801908 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.038835049 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.038887978 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.038940907 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.038955927 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039005995 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039021969 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039037943 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039060116 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039133072 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039149046 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039179087 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039228916 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039244890 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039288044 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039294958 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039314985 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039324999 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039343119 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039364100 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039401054 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039412975 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039454937 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039516926 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039524078 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039539099 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039580107 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039591074 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039613962 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039628029 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039635897 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039683104 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039719105 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:48.039724112 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.039769888 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:48.154521942 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:52.897324085 CEST | 49772 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:52.897357941 CEST | 443 | 49772 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.095824003 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.095880985 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.095985889 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.096893072 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.096914053 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.181029081 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.181284904 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.183471918 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.183593035 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.219037056 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.219070911 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.219434977 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.219518900 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.220662117 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.267364025 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.858259916 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.858294964 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.858381987 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.858403921 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.858444929 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.858457088 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.858463049 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.858495951 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.858505964 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.858525038 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.858542919 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.858552933 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.858587027 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.858622074 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.882757902 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.882853031 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.882911921 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.882921934 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.882937908 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.882985115 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.883004904 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.883029938 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.883061886 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.883117914 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.883130074 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.883142948 CEST | 443 | 49782 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:53.883181095 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.883245945 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.891130924 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:53.891168118 CEST | 49782 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:54.695460081 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:54.695503950 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:54.695643902 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:54.696420908 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:54.696439981 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:54.785068989 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:54.785259962 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:54.785825014 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:54.785845041 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:54.790919065 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:54.790940046 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.447597980 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.447649002 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.447767019 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.447788954 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.447808981 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.447853088 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.447860956 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.447901964 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.447917938 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.447926998 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.447940111 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.447995901 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.448029041 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.448035955 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.448151112 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.472213984 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.472364902 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.472404003 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.472423077 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.472470999 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.472476959 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.472486973 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.472502947 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.472563028 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.472594976 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.472600937 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.472640038 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.472721100 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.472727060 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.472754955 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.472775936 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.472781897 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.472830057 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.472866058 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.473004103 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.473105907 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.473110914 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.473247051 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.473265886 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.473272085 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.473339081 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.473381042 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.473386049 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.473438978 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.498039961 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.498199940 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.498204947 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.498231888 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.498291016 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.498321056 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.498327971 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.498390913 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.498475075 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.498568058 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.498575926 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.498629093 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.498795986 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.498883963 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.498891115 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.498964071 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.499111891 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.499197960 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.499206066 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.499254942 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.499538898 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.499639034 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.499645948 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.499696016 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.499887943 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.499994993 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.500003099 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.500058889 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.500231981 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.500334978 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.500343084 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.500396967 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.500943899 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.500988007 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.501050949 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.501058102 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.501104116 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.501128912 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.525667906 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.525718927 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.525863886 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.525886059 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.525928974 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.525974989 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.526053905 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.526124954 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.526138067 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.526170969 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.526207924 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.526352882 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.526392937 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.526478052 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.526492119 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.526530981 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.526707888 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.526747942 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.526827097 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.526840925 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.526876926 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.527085066 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.527126074 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.527206898 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.527223110 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.527254105 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.527277946 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.527525902 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.527566910 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.527641058 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.527653933 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.527698040 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.527704000 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.527896881 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.527940035 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.528027058 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.528042078 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.528095007 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.528135061 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.528286934 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.528327942 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.528466940 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.528490067 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.528593063 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.528603077 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.528690100 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.528728962 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.528877974 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.528889894 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.528925896 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.528966904 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.529051065 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.529090881 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.529165983 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.529290915 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.529366970 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.529376030 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.579463005 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.579571962 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.579665899 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.579696894 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.579714060 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.579860926 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.579941034 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.580032110 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.580060005 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.580081940 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.580136061 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.580149889 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.580195904 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.580229044 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.580257893 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.580265999 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.580307961 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.580344915 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.580385923 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.580426931 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.580527067 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.580539942 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.580621004 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.580634117 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 12:51:55.580708981 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:51:55.602602959 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:52:01.236583948 CEST | 49787 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 12:52:01.236629009 CEST | 443 | 49787 | 13.107.43.12 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 5, 2022 12:51:16.774357080 CEST | 58723 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 12:51:18.238457918 CEST | 51971 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 12:51:42.863626957 CEST | 60350 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 12:51:44.071027040 CEST | 51748 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 12:51:51.932629108 CEST | 50958 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 12:51:53.030025959 CEST | 61607 | 53 | 192.168.2.6 | 8.8.8.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 5, 2022 12:51:16.774357080 CEST | 192.168.2.6 | 8.8.8.8 | 0x5b85 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 12:51:18.238457918 CEST | 192.168.2.6 | 8.8.8.8 | 0xa924 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 12:51:42.863626957 CEST | 192.168.2.6 | 8.8.8.8 | 0x94f9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 12:51:44.071027040 CEST | 192.168.2.6 | 8.8.8.8 | 0x1cfc | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 12:51:51.932629108 CEST | 192.168.2.6 | 8.8.8.8 | 0x1f35 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 12:51:53.030025959 CEST | 192.168.2.6 | 8.8.8.8 | 0x10bc | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 5, 2022 12:51:16.823498011 CEST | 8.8.8.8 | 192.168.2.6 | 0x5b85 | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 12:51:18.337219000 CEST | 8.8.8.8 | 192.168.2.6 | 0xa924 | No error (0) | am-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 12:51:18.337219000 CEST | 8.8.8.8 | 192.168.2.6 | 0xa924 | No error (0) | odc-am-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 12:51:18.337219000 CEST | 8.8.8.8 | 192.168.2.6 | 0xa924 | No error (0) | 13.107.43.12 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 12:51:42.882323980 CEST | 8.8.8.8 | 192.168.2.6 | 0x94f9 | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 12:51:44.128531933 CEST | 8.8.8.8 | 192.168.2.6 | 0x1cfc | No error (0) | am-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 12:51:44.128531933 CEST | 8.8.8.8 | 192.168.2.6 | 0x1cfc | No error (0) | odc-am-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 12:51:44.128531933 CEST | 8.8.8.8 | 192.168.2.6 | 0x1cfc | No error (0) | 13.107.43.12 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 12:51:51.977454901 CEST | 8.8.8.8 | 192.168.2.6 | 0x1f35 | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 12:51:53.086395025 CEST | 8.8.8.8 | 192.168.2.6 | 0x10bc | No error (0) | am-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 12:51:53.086395025 CEST | 8.8.8.8 | 192.168.2.6 | 0x10bc | No error (0) | odc-am-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 12:51:53.086395025 CEST | 8.8.8.8 | 192.168.2.6 | 0x10bc | No error (0) | 13.107.43.12 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49737 | 13.107.43.12 | 443 | C:\Users\user\Desktop\mWyPrcv7Pl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 10:51:18 UTC | 0 | OUT | |
2022-08-05 10:51:18 UTC | 0 | IN | |
2022-08-05 10:51:18 UTC | 1 | IN | |
2022-08-05 10:51:18 UTC | 4 | IN | |
2022-08-05 10:51:18 UTC | 12 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.6 | 49755 | 13.107.43.12 | 443 | C:\Users\user\Desktop\mWyPrcv7Pl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 10:51:20 UTC | 20 | OUT | |
2022-08-05 10:51:21 UTC | 20 | IN | |
2022-08-05 10:51:21 UTC | 21 | IN | |
2022-08-05 10:51:21 UTC | 24 | IN | |
2022-08-05 10:51:21 UTC | 32 | IN | |
2022-08-05 10:51:21 UTC | 40 | IN | |
2022-08-05 10:51:21 UTC | 48 | IN | |
2022-08-05 10:51:21 UTC | 56 | IN | |
2022-08-05 10:51:21 UTC | 64 | IN | |
2022-08-05 10:51:21 UTC | 72 | IN | |
2022-08-05 10:51:21 UTC | 80 | IN | |
2022-08-05 10:51:21 UTC | 88 | IN | |
2022-08-05 10:51:21 UTC | 96 | IN | |
2022-08-05 10:51:21 UTC | 104 | IN | |
2022-08-05 10:51:21 UTC | 112 | IN | |
2022-08-05 10:51:21 UTC | 120 | IN | |
2022-08-05 10:51:21 UTC | 128 | IN | |
2022-08-05 10:51:21 UTC | 136 | IN | |
2022-08-05 10:51:21 UTC | 144 | IN | |
2022-08-05 10:51:21 UTC | 152 | IN | |
2022-08-05 10:51:21 UTC | 160 | IN | |
2022-08-05 10:51:21 UTC | 176 | IN | |
2022-08-05 10:51:21 UTC | 192 | IN | |
2022-08-05 10:51:21 UTC | 208 | IN | |
2022-08-05 10:51:21 UTC | 224 | IN | |
2022-08-05 10:51:21 UTC | 240 | IN | |
2022-08-05 10:51:21 UTC | 256 | IN | |
2022-08-05 10:51:21 UTC | 272 | IN | |
2022-08-05 10:51:21 UTC | 288 | IN | |
2022-08-05 10:51:21 UTC | 304 | IN | |
2022-08-05 10:51:21 UTC | 320 | IN | |
2022-08-05 10:51:21 UTC | 336 | IN | |
2022-08-05 10:51:21 UTC | 352 | IN | |
2022-08-05 10:51:21 UTC | 368 | IN | |
2022-08-05 10:51:21 UTC | 384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.6 | 49770 | 13.107.43.12 | 443 | C:\Users\user\Desktop\mWyPrcv7Pl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 10:51:44 UTC | 389 | OUT | |
2022-08-05 10:51:45 UTC | 389 | IN | |
2022-08-05 10:51:45 UTC | 390 | IN | |
2022-08-05 10:51:45 UTC | 392 | IN | |
2022-08-05 10:51:45 UTC | 400 | IN | |
2022-08-05 10:51:45 UTC | 408 | IN | |
2022-08-05 10:51:45 UTC | 416 | IN | |
2022-08-05 10:51:45 UTC | 424 | IN | |
2022-08-05 10:51:45 UTC | 432 | IN | |
2022-08-05 10:51:45 UTC | 440 | IN | |
2022-08-05 10:51:45 UTC | 448 | IN | |
2022-08-05 10:51:45 UTC | 456 | IN | |
2022-08-05 10:51:45 UTC | 464 | IN | |
2022-08-05 10:51:45 UTC | 472 | IN | |
2022-08-05 10:51:45 UTC | 480 | IN | |
2022-08-05 10:51:45 UTC | 488 | IN | |
2022-08-05 10:51:45 UTC | 496 | IN | |
2022-08-05 10:51:45 UTC | 504 | IN | |
2022-08-05 10:51:45 UTC | 512 | IN | |
2022-08-05 10:51:45 UTC | 520 | IN | |
2022-08-05 10:51:45 UTC | 528 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.6 | 49772 | 13.107.43.12 | 443 | C:\Users\user\Desktop\mWyPrcv7Pl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 10:51:47 UTC | 544 | OUT | |
2022-08-05 10:51:47 UTC | 545 | IN | |
2022-08-05 10:51:47 UTC | 546 | IN | |
2022-08-05 10:51:47 UTC | 549 | IN | |
2022-08-05 10:51:47 UTC | 557 | IN | |
2022-08-05 10:51:47 UTC | 565 | IN | |
2022-08-05 10:51:47 UTC | 573 | IN | |
2022-08-05 10:51:47 UTC | 581 | IN | |
2022-08-05 10:51:47 UTC | 589 | IN | |
2022-08-05 10:51:47 UTC | 597 | IN | |
2022-08-05 10:51:47 UTC | 605 | IN | |
2022-08-05 10:51:47 UTC | 613 | IN | |
2022-08-05 10:51:47 UTC | 621 | IN | |
2022-08-05 10:51:47 UTC | 629 | IN | |
2022-08-05 10:51:47 UTC | 637 | IN | |
2022-08-05 10:51:47 UTC | 645 | IN | |
2022-08-05 10:51:47 UTC | 653 | IN | |
2022-08-05 10:51:47 UTC | 661 | IN | |
2022-08-05 10:51:47 UTC | 669 | IN | |
2022-08-05 10:51:48 UTC | 677 | IN | |
2022-08-05 10:51:48 UTC | 685 | IN | |
2022-08-05 10:51:48 UTC | 701 | IN | |
2022-08-05 10:51:48 UTC | 717 | IN | |
2022-08-05 10:51:48 UTC | 733 | IN | |
2022-08-05 10:51:48 UTC | 749 | IN | |
2022-08-05 10:51:48 UTC | 765 | IN | |
2022-08-05 10:51:48 UTC | 781 | IN | |
2022-08-05 10:51:48 UTC | 797 | IN | |
2022-08-05 10:51:48 UTC | 813 | IN | |
2022-08-05 10:51:48 UTC | 829 | IN | |
2022-08-05 10:51:48 UTC | 845 | IN | |
2022-08-05 10:51:48 UTC | 861 | IN | |
2022-08-05 10:51:48 UTC | 877 | IN | |
2022-08-05 10:51:48 UTC | 893 | IN | |
2022-08-05 10:51:48 UTC | 909 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.6 | 49782 | 13.107.43.12 | 443 | C:\Users\user\Desktop\mWyPrcv7Pl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 10:51:53 UTC | 913 | OUT | |
2022-08-05 10:51:53 UTC | 914 | IN | |
2022-08-05 10:51:53 UTC | 915 | IN | |
2022-08-05 10:51:53 UTC | 916 | IN | |
2022-08-05 10:51:53 UTC | 924 | IN | |
2022-08-05 10:51:53 UTC | 932 | IN | |
2022-08-05 10:51:53 UTC | 940 | IN | |
2022-08-05 10:51:53 UTC | 948 | IN | |
2022-08-05 10:51:53 UTC | 956 | IN | |
2022-08-05 10:51:53 UTC | 964 | IN | |
2022-08-05 10:51:53 UTC | 972 | IN | |
2022-08-05 10:51:53 UTC | 980 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.6 | 49787 | 13.107.43.12 | 443 | C:\Users\user\Desktop\mWyPrcv7Pl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 10:51:54 UTC | 988 | OUT | |
2022-08-05 10:51:55 UTC | 989 | IN | |
2022-08-05 10:51:55 UTC | 990 | IN | |
2022-08-05 10:51:55 UTC | 993 | IN | |
2022-08-05 10:51:55 UTC | 1001 | IN | |
2022-08-05 10:51:55 UTC | 1009 | IN | |
2022-08-05 10:51:55 UTC | 1017 | IN | |
2022-08-05 10:51:55 UTC | 1025 | IN | |
2022-08-05 10:51:55 UTC | 1033 | IN | |
2022-08-05 10:51:55 UTC | 1041 | IN | |
2022-08-05 10:51:55 UTC | 1049 | IN | |
2022-08-05 10:51:55 UTC | 1057 | IN | |
2022-08-05 10:51:55 UTC | 1065 | IN | |
2022-08-05 10:51:55 UTC | 1073 | IN | |
2022-08-05 10:51:55 UTC | 1081 | IN | |
2022-08-05 10:51:55 UTC | 1089 | IN | |
2022-08-05 10:51:55 UTC | 1097 | IN | |
2022-08-05 10:51:55 UTC | 1105 | IN | |
2022-08-05 10:51:55 UTC | 1113 | IN | |
2022-08-05 10:51:55 UTC | 1121 | IN | |
2022-08-05 10:51:55 UTC | 1129 | IN | |
2022-08-05 10:51:55 UTC | 1145 | IN | |
2022-08-05 10:51:55 UTC | 1161 | IN | |
2022-08-05 10:51:55 UTC | 1177 | IN | |
2022-08-05 10:51:55 UTC | 1193 | IN | |
2022-08-05 10:51:55 UTC | 1209 | IN | |
2022-08-05 10:51:55 UTC | 1225 | IN | |
2022-08-05 10:51:55 UTC | 1241 | IN | |
2022-08-05 10:51:55 UTC | 1257 | IN | |
2022-08-05 10:51:55 UTC | 1273 | IN | |
2022-08-05 10:51:55 UTC | 1289 | IN | |
2022-08-05 10:51:55 UTC | 1305 | IN | |
2022-08-05 10:51:55 UTC | 1321 | IN | |
2022-08-05 10:51:55 UTC | 1337 | IN | |
2022-08-05 10:51:55 UTC | 1353 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 12:51:13 |
Start date: | 05/08/2022 |
Path: | C:\Users\user\Desktop\mWyPrcv7Pl.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1009664 bytes |
MD5 hash: | 557232ED6BCC3043CBA02AEDCBC96891 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Target ID: | 5 |
Start time: | 12:51:29 |
Start date: | 05/08/2022 |
Path: | C:\Windows\SysWOW64\logagent.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1240000 |
File size: | 86016 bytes |
MD5 hash: | E2036AC444AB4AD91EECC1A80FF7212F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Target ID: | 8 |
Start time: | 12:51:35 |
Start date: | 05/08/2022 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe0000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 9 |
Start time: | 12:51:39 |
Start date: | 05/08/2022 |
Path: | C:\Users\Public\Libraries\Tdceco.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1009664 bytes |
MD5 hash: | 557232ED6BCC3043CBA02AEDCBC96891 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Target ID: | 12 |
Start time: | 12:51:48 |
Start date: | 05/08/2022 |
Path: | C:\Users\Public\Libraries\Tdceco.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1009664 bytes |
MD5 hash: | 557232ED6BCC3043CBA02AEDCBC96891 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Target ID: | 15 |
Start time: | 12:51:56 |
Start date: | 05/08/2022 |
Path: | C:\Windows\SysWOW64\logagent.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1240000 |
File size: | 86016 bytes |
MD5 hash: | E2036AC444AB4AD91EECC1A80FF7212F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Target ID: | 18 |
Start time: | 12:52:06 |
Start date: | 05/08/2022 |
Path: | C:\Windows\SysWOW64\logagent.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1240000 |
File size: | 86016 bytes |
MD5 hash: | E2036AC444AB4AD91EECC1A80FF7212F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 19 |
Start time: | 12:52:06 |
Start date: | 05/08/2022 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe0000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 20 |
Start time: | 12:52:08 |
Start date: | 05/08/2022 |
Path: | C:\Windows\SysWOW64\logagent.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1240000 |
File size: | 86016 bytes |
MD5 hash: | E2036AC444AB4AD91EECC1A80FF7212F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 24 |
Start time: | 12:52:25 |
Start date: | 05/08/2022 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe0000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Function 03BD80E3 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03C2F88D Relevance: 1.3, Strings: 1, Instructions: 72COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A598BC Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03BE4EE0 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A580BC Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03BE135B Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03C2EE71 Relevance: 31.4, Strings: 25, Instructions: 144COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A5A6D8 Relevance: 11.4, Strings: 9, Instructions: 110COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A59D28 Relevance: 9.0, Strings: 7, Instructions: 254COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A59D26 Relevance: 6.4, Strings: 5, Instructions: 188COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50489C1C Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50489C80 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50498B79 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50498B80 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049B930 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50489C74 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50489D30 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F50000 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50489D28 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049EFDE Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50489BB0 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049EFF0 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50487B1B Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50489900 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048A640 Relevance: 52.7, Strings: 42, Instructions: 166COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50484D40 Relevance: 41.5, Strings: 33, Instructions: 232COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50483BD0 Relevance: 34.1, Strings: 27, Instructions: 363COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50492A40 Relevance: 25.2, Strings: 20, Instructions: 231COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50492D80 Relevance: 25.1, Strings: 20, Instructions: 64COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50492D7B Relevance: 25.1, Strings: 20, Instructions: 60COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50490B20 Relevance: 24.0, Strings: 19, Instructions: 251COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 504936B0 Relevance: 23.9, Strings: 19, Instructions: 142COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 504936A9 Relevance: 23.9, Strings: 19, Instructions: 124COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048DA82 Relevance: 21.6, Strings: 17, Instructions: 305COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048DA90 Relevance: 21.6, Strings: 17, Instructions: 300COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 504960D0 Relevance: 17.8, Strings: 14, Instructions: 250COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048FA90 Relevance: 16.4, Strings: 13, Instructions: 173COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50490E50 Relevance: 15.1, Strings: 12, Instructions: 121COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50485F60 Relevance: 13.9, Strings: 11, Instructions: 124COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 504847B0 Relevance: 13.8, Strings: 11, Instructions: 82COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50492F90 Relevance: 12.8, Strings: 10, Instructions: 345COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 504837B0 Relevance: 12.8, Strings: 10, Instructions: 323COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048CBF0 Relevance: 12.7, Strings: 10, Instructions: 225COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048CBE8 Relevance: 12.7, Strings: 10, Instructions: 218COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50491E70 Relevance: 12.7, Strings: 10, Instructions: 181COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50491370 Relevance: 11.4, Strings: 9, Instructions: 179COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50487B50 Relevance: 11.4, Strings: 9, Instructions: 119COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 504923A0 Relevance: 10.2, Strings: 8, Instructions: 231COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50490880 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50490874 Relevance: 10.2, Strings: 8, Instructions: 227COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049AA30 Relevance: 10.0, Strings: 8, Instructions: 48COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049AA2A Relevance: 10.0, Strings: 8, Instructions: 44COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049AAB0 Relevance: 10.0, Strings: 8, Instructions: 42COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049AB20 Relevance: 10.0, Strings: 8, Instructions: 40COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50498187 Relevance: 10.0, Strings: 8, Instructions: 36COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049AB1F Relevance: 10.0, Strings: 8, Instructions: 35COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049A9B0 Relevance: 8.8, Strings: 7, Instructions: 48COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049AAA6 Relevance: 8.8, Strings: 7, Instructions: 41COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50490590 Relevance: 7.8, Strings: 6, Instructions: 261COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048F860 Relevance: 7.7, Strings: 6, Instructions: 171COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 504938BB Relevance: 7.6, Strings: 6, Instructions: 128COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048CA80 Relevance: 7.6, Strings: 6, Instructions: 114COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048E149 Relevance: 7.6, Strings: 6, Instructions: 91COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048E150 Relevance: 7.6, Strings: 6, Instructions: 91COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 504836B0 Relevance: 7.6, Strings: 6, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50496CC0 Relevance: 7.6, Strings: 6, Instructions: 80COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50496CBD Relevance: 7.6, Strings: 6, Instructions: 77COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049A938 Relevance: 7.5, Strings: 6, Instructions: 47COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049A940 Relevance: 7.5, Strings: 6, Instructions: 41COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049AB90 Relevance: 7.5, Strings: 6, Instructions: 34COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049AB8A Relevance: 7.5, Strings: 6, Instructions: 30COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50498C60 Relevance: 6.4, Strings: 5, Instructions: 180COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 504938C0 Relevance: 6.4, Strings: 5, Instructions: 164COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50498E70 Relevance: 6.4, Strings: 5, Instructions: 154COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50486280 Relevance: 6.4, Strings: 5, Instructions: 120COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048EC50 Relevance: 6.4, Strings: 5, Instructions: 116COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50498E67 Relevance: 6.4, Strings: 5, Instructions: 116COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50487B45 Relevance: 6.4, Strings: 5, Instructions: 112COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50498C58 Relevance: 6.3, Strings: 5, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50483BC4 Relevance: 6.3, Strings: 5, Instructions: 72COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50498190 Relevance: 6.3, Strings: 5, Instructions: 62COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50497300 Relevance: 6.3, Strings: 5, Instructions: 62COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 504972FE Relevance: 6.3, Strings: 5, Instructions: 57COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50498360 Relevance: 5.2, Strings: 4, Instructions: 233COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50484B40 Relevance: 5.2, Strings: 4, Instructions: 177COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50489618 Relevance: 5.1, Strings: 4, Instructions: 137COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50489620 Relevance: 5.1, Strings: 4, Instructions: 133COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049C9BB Relevance: 5.1, Strings: 4, Instructions: 122COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049C9C0 Relevance: 5.1, Strings: 4, Instructions: 121COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048E670 Relevance: 5.1, Strings: 4, Instructions: 120COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50486C70 Relevance: 5.1, Strings: 4, Instructions: 117COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048B7F3 Relevance: 5.1, Strings: 4, Instructions: 111COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048B800 Relevance: 5.1, Strings: 4, Instructions: 109COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50490FD0 Relevance: 5.1, Strings: 4, Instructions: 93COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048B408 Relevance: 5.1, Strings: 4, Instructions: 75COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50487F80 Relevance: 5.1, Strings: 4, Instructions: 71COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5048B410 Relevance: 5.1, Strings: 4, Instructions: 64COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5049D030 Relevance: 5.0, Strings: 4, Instructions: 34COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03C8EEA5 Relevance: 31.4, Strings: 25, Instructions: 144COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |