Windows
Analysis Report
Player reports algnet 07-10-2024 .pdf www.skype.com.exe
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Player reports algnet 07-10-2024 .pdf www.skype.com.exe (PID: 6444 cmdline:
"C:\Users\ user\Deskt op\Player reports al gnet 07-10 -2024 .pdf www.sk ype.com.ex e" MD5: 005245FCBCA50A836235392C802198A8) - HitPawInfo.exe (PID: 6652 cmdline:
"C:\Users\ user~1\App Data\Local \Temp\HitP awInfo.exe " MD5: 00CED89A573AD1E1F96C94C763222E1E) - regsvr32.exe (PID: 7284 cmdline:
ResPrompt. dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E) - WerFault.exe (PID: 7356 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 6 652 -s 524 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- regsvr32.exe (PID: 7412 cmdline:
regsvr32.e xe /s ResP rompt.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
- reg.exe (PID: 7428 cmdline:
C:\Windows \system32\ REG.EXE AD D "HKCU\SO FTWARE\Mic rosoft\Win dows\Curre ntVersion\ Run" /V "P MP" /t REG _SZ /F /D "schtasks /run /tn P MP" MD5: 227F63E1D9008B36BDBCC4B397780BE4) - conhost.exe (PID: 7436 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- regsvr32.exe (PID: 1964 cmdline:
regsvr32.e xe /s ResP rompt.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
- cleanup
System Summary |
---|
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: |
Source: | Author: Dmitriy Lifanov, oscd.community: |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: frack113, Nasreddine Bencherchali: |
Click to jump to signature section
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 8_2_00007FFB0C4EBC74 | |
Source: | Code function: | 8_2_00007FFB0C4B3530 | |
Source: | Code function: | 8_2_00007FFB0C4B3250 | |
Source: | Code function: | 12_2_00007FFB0C4EBC74 | |
Source: | Code function: | 12_2_00007FFB0C4B3530 | |
Source: | Code function: | 12_2_00007FFB0C4B3250 | |
Source: | Code function: | 20_2_00007FFB0C4EBC74 | |
Source: | Code function: | 20_2_00007FFB0C4B3530 | |
Source: | Code function: | 20_2_00007FFB0C4B3250 |
Source: | Code function: | 8_2_00007FFB0C4B3830 |
Networking |
---|
Source: | Network Connect: | Jump to behavior |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 8_2_00007FFB0C498340 |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Static PE information: |
Source: | Process Stats: |
Source: | Code function: | 8_2_00007FFB0C4DF694 | |
Source: | Code function: | 8_2_00007FFB0C4EACC4 | |
Source: | Code function: | 8_2_00007FFB0C4E2DD8 | |
Source: | Code function: | 8_2_00007FFB0C4E4FE4 | |
Source: | Code function: | 8_2_00007FFB0C4EE8F8 | |
Source: | Code function: | 8_2_00007FFB0C4DABD8 | |
Source: | Code function: | 8_2_00007FFB0C4F2500 | |
Source: | Code function: | 8_2_00007FFB0C4DA840 | |
Source: | Code function: | 8_2_00007FFB0C4DA0E0 | |
Source: | Code function: | 8_2_00007FFB0C4E0310 | |
Source: | Code function: | 8_2_00007FFB0C4F03E8 | |
Source: | Code function: | 8_2_00007FFB0C4D9CD8 | |
Source: | Code function: | 8_2_00007FFB0C4F1E64 | |
Source: | Code function: | 8_2_00007FFB0C4D9EDC | |
Source: | Code function: | 8_2_00007FFB0C4E1958 | |
Source: | Code function: | 8_2_00007FFB0C4DFA40 | |
Source: | Code function: | 8_2_00007FFB0C4E5AF8 | |
Source: | Code function: | 8_2_00007FFB0C4E9B1C | |
Source: | Code function: | 8_2_00007FFB0C4EBC74 | |
Source: | Code function: | 8_2_00007FFB0C4ED680 | |
Source: | Code function: | 8_2_00007FFB0C4DB6A4 | |
Source: | Code function: | 8_2_00007FFB0C4C16D0 | |
Source: | Code function: | 8_2_00007FFB0C4DB26C | |
Source: | Code function: | 8_2_00007FFB0C4E5478 | |
Source: | Code function: | 12_2_00007FFB0C4EACC4 | |
Source: | Code function: | 12_2_00007FFB0C4E2DD8 | |
Source: | Code function: | 12_2_00007FFB0C4E4FE4 | |
Source: | Code function: | 12_2_00007FFB0C4EE8F8 | |
Source: | Code function: | 12_2_00007FFB0C4DABD8 | |
Source: | Code function: | 12_2_00007FFB0C4F2500 | |
Source: | Code function: | 12_2_00007FFB0C4DA840 | |
Source: | Code function: | 12_2_00007FFB0C4DA0E0 | |
Source: | Code function: | 12_2_00007FFB0C4E0310 | |
Source: | Code function: | 12_2_00007FFB0C4F03E8 | |
Source: | Code function: | 12_2_00007FFB0C4D9CD8 | |
Source: | Code function: | 12_2_00007FFB0C4F1E64 | |
Source: | Code function: | 12_2_00007FFB0C4D9EDC | |
Source: | Code function: | 12_2_00007FFB0C4E1958 | |
Source: | Code function: | 12_2_00007FFB0C4DFA40 | |
Source: | Code function: | 12_2_00007FFB0C4E5AF8 | |
Source: | Code function: | 12_2_00007FFB0C4E9B1C | |
Source: | Code function: | 12_2_00007FFB0C4EBC74 | |
Source: | Code function: | 12_2_00007FFB0C4DF694 | |
Source: | Code function: | 12_2_00007FFB0C4ED680 | |
Source: | Code function: | 12_2_00007FFB0C4DB6A4 | |
Source: | Code function: | 12_2_00007FFB0C4C16D0 | |
Source: | Code function: | 12_2_00007FFB0C4DB26C | |
Source: | Code function: | 12_2_00007FFB0C4E5478 | |
Source: | Code function: | 20_2_00007FFB0C4EACC4 | |
Source: | Code function: | 20_2_00007FFB0C4E2DD8 | |
Source: | Code function: | 20_2_00007FFB0C4E4FE4 | |
Source: | Code function: | 20_2_00007FFB0C4EE8F8 | |
Source: | Code function: | 20_2_00007FFB0C4DABD8 | |
Source: | Code function: | 20_2_00007FFB0C4F2500 | |
Source: | Code function: | 20_2_00007FFB0C4DA840 | |
Source: | Code function: | 20_2_00007FFB0C4DA0E0 | |
Source: | Code function: | 20_2_00007FFB0C4E0310 | |
Source: | Code function: | 20_2_00007FFB0C4F03E8 | |
Source: | Code function: | 20_2_00007FFB0C4D9CD8 | |
Source: | Code function: | 20_2_00007FFB0C4F1E64 | |
Source: | Code function: | 20_2_00007FFB0C4D9EDC | |
Source: | Code function: | 20_2_00007FFB0C4E1958 | |
Source: | Code function: | 20_2_00007FFB0C4DFA40 | |
Source: | Code function: | 20_2_00007FFB0C4E5AF8 | |
Source: | Code function: | 20_2_00007FFB0C4E9B1C | |
Source: | Code function: | 20_2_00007FFB0C4EBC74 | |
Source: | Code function: | 20_2_00007FFB0C4DF694 | |
Source: | Code function: | 20_2_00007FFB0C4ED680 | |
Source: | Code function: | 20_2_00007FFB0C4DB6A4 | |
Source: | Code function: | 20_2_00007FFB0C4C16D0 | |
Source: | Code function: | 20_2_00007FFB0C4DB26C | |
Source: | Code function: | 20_2_00007FFB0C4E5478 |
Source: | Dropped File: |
Source: | Process created: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Process created: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File written: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 8_2_00007FFB0C4B9030 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Process created: |
Source: | File created: | |||
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Registry value created or modified: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Evasive API call chain: | graph_8-38746 |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 8_2_00007FFB0C4EBC74 | |
Source: | Code function: | 8_2_00007FFB0C4B3530 | |
Source: | Code function: | 8_2_00007FFB0C4B3250 | |
Source: | Code function: | 12_2_00007FFB0C4EBC74 | |
Source: | Code function: | 12_2_00007FFB0C4B3530 | |
Source: | Code function: | 12_2_00007FFB0C4B3250 | |
Source: | Code function: | 20_2_00007FFB0C4EBC74 | |
Source: | Code function: | 20_2_00007FFB0C4B3530 | |
Source: | Code function: | 20_2_00007FFB0C4B3250 |
Source: | Code function: | 8_2_00007FFB0C4B3830 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 8_2_00007FFB0C4D40A0 |
Source: | Code function: | 8_2_00007FFB0C4B9030 |
Source: | Code function: | 8_2_00007FFB0C4ED000 |
Source: | Code function: | 8_2_00007FFB0C4D40A0 | |
Source: | Code function: | 8_2_00007FFB0C4D4354 | |
Source: | Code function: | 8_2_00007FFB0C4D9238 | |
Source: | Code function: | 12_2_00007FFB0C4D40A0 | |
Source: | Code function: | 12_2_00007FFB0C4D4354 | |
Source: | Code function: | 12_2_00007FFB0C4D9238 | |
Source: | Code function: | 20_2_00007FFB0C4D40A0 | |
Source: | Code function: | 20_2_00007FFB0C4D4354 | |
Source: | Code function: | 20_2_00007FFB0C4D9238 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | NtCreateUserProcess: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 8_2_00007FFB0C4F4F90 |
Source: | Code function: | 8_2_00007FFB0C4EEE88 | |
Source: | Code function: | 8_2_00007FFB0C4E44C4 | |
Source: | Code function: | 8_2_00007FFB0C4E40D8 | |
Source: | Code function: | 8_2_00007FFB0C4EF8D0 | |
Source: | Code function: | 8_2_00007FFB0C4EF594 | |
Source: | Code function: | 8_2_00007FFB0C4EF6EC | |
Source: | Code function: | 8_2_00007FFB0C4EF79C | |
Source: | Code function: | 8_2_00007FFB0C4EF1E4 | |
Source: | Code function: | 8_2_00007FFB0C4EF2B4 | |
Source: | Code function: | 8_2_00007FFB0C4EF34C | |
Source: | Code function: | 12_2_00007FFB0C4EEE88 | |
Source: | Code function: | 12_2_00007FFB0C4E44C4 | |
Source: | Code function: | 12_2_00007FFB0C4E40D8 | |
Source: | Code function: | 12_2_00007FFB0C4EF8D0 | |
Source: | Code function: | 12_2_00007FFB0C4EF594 | |
Source: | Code function: | 12_2_00007FFB0C4EF6EC | |
Source: | Code function: | 12_2_00007FFB0C4EF79C | |
Source: | Code function: | 12_2_00007FFB0C4EF1E4 | |
Source: | Code function: | 12_2_00007FFB0C4EF2B4 | |
Source: | Code function: | 12_2_00007FFB0C4EF34C | |
Source: | Code function: | 20_2_00007FFB0C4EEE88 | |
Source: | Code function: | 20_2_00007FFB0C4E44C4 | |
Source: | Code function: | 20_2_00007FFB0C4E40D8 | |
Source: | Code function: | 20_2_00007FFB0C4EF8D0 | |
Source: | Code function: | 20_2_00007FFB0C4EF594 | |
Source: | Code function: | 20_2_00007FFB0C4EF6EC | |
Source: | Code function: | 20_2_00007FFB0C4EF79C | |
Source: | Code function: | 20_2_00007FFB0C4EF1E4 | |
Source: | Code function: | 20_2_00007FFB0C4EF2B4 | |
Source: | Code function: | 20_2_00007FFB0C4EF34C |
Source: | Code function: | 8_2_00007FFB0C4D2F8C |
Source: | Code function: | 8_2_00007FFB0C4B9030 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Native API | 1 DLL Side-Loading | 1 Abuse Elevation Control Mechanism | 1 Deobfuscate/Decode Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 1 DLL Side-Loading | 1 Abuse Elevation Control Mechanism | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 11 Registry Run Keys / Startup Folder | 112 Process Injection | 1 Obfuscated Files or Information | Security Account Manager | 4 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Scheduled Task/Job | 1 DLL Side-Loading | NTDS | 22 System Information Discovery | Distributed Component Object Model | Input Capture | 1 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 11 Registry Run Keys / Startup Folder | 1 Masquerading | LSA Secrets | 41 Security Software Discovery | SSH | Keylogging | 1 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Modify Registry | Cached Domain Credentials | 1 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Virtualization/Sandbox Evasion | DCSync | 1 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 112 Process Injection | Proc Filesystem | 1 System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 Regsvr32 | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs | |||
8% | ReversingLabs | Win64.Trojan.SpywareX |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
gibbooc2.com | 154.21.14.89 | true | true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
154.21.14.89 | gibbooc2.com | United States | 174 | COGENT-174US | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528513 |
Start date and time: | 2024-10-08 00:39:46 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Detection: | MAL |
Classification: | mal60.evad.winEXE@10/17@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: Player reports algnet 07-10-2024 .pdf www.skype.com.exe
Time | Type | Description |
---|---|---|
00:40:55 | Task Scheduler | |
00:40:55 | Task Scheduler | |
00:40:58 | Autostart | |
02:08:00 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
154.21.14.89 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
gibbooc2.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
COGENT-174US | Get hash | malicious | Mirai, Okiru | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Roaming\ResourceCommander\ResPrompt.dll | Get hash | malicious | Unknown | Browse | ||
C:\Users\user\AppData\Local\Temp\PCInfo.dll | Get hash | malicious | Unknown | Browse | ||
C:\Users\user\AppData\Local\Temp\HitPawInfo.exe | Get hash | malicious | Unknown | Browse |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_HitPawInfo.exe_4f927396ed7e1d24c97d8c6f3e8aee163dda5_092f0bdd_a9ecca0d-28b0-422f-a7be-50a9e18e0010\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8150383911723728 |
Encrypted: | false |
SSDEEP: | 384:r7WtYs7HnAP7zAKrkqjHzuiFCY4lO8Ty:WlAP7zAK7jHzuiFCY4lO8 |
MD5: | 03698524701246C881403C8980A0FBF2 |
SHA1: | 33250B6F954A295083EB332495CF16F3E9F0815B |
SHA-256: | ADC30D0926D144869462D503437E236392DDDC209F34E77797ADE284747A3252 |
SHA-512: | 9CAB9F1DC13208D6DFDD8DC9D9B8BBCEAB6AC74C2E46EC007C69789834E66BE98C13A1E0D436E725DF4F7A43965BA83CD43F63F1DBCB941A97EC4B013E51C40F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65048 |
Entropy (8bit): | 1.7297642325618234 |
Encrypted: | false |
SSDEEP: | 192:EISagvWOyjYPZ89REpSg/RXWQmOSJXjn6:3chkYPZ8c8MRmQpSx6 |
MD5: | 525FBCB9F2FA3E975CF9A9C51A4AE2FD |
SHA1: | CB9838B6A942ADACC725C69A3EE15C7A9F153D97 |
SHA-256: | F17391BC11DDA5BBEE47387BD3FB351052DBF26909D48B92A10C1A487DCA3BC0 |
SHA-512: | 1543A25CE9A53865869C565A47C2F853F5C7F80B7A7CF99B5486C0B2846F0444D67088905AFF3D88A3357169E4884A675523BC62F8778E8BFCEEBC48A4E20A6F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6722 |
Entropy (8bit): | 3.7176785443667146 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJlxhqvGYpM4hrLfpBy89b8O+f0oBUm:R6lXJlHqOYpM4hrLL83fzH |
MD5: | 67DC1D76CD68AA96D8B7E5908FDA447F |
SHA1: | A905DDE37543F2457E619CA307EE18C5FE137DD1 |
SHA-256: | AC7C5DD0ABCB9E82FBB733F359D7833F83CA7CFD79FE5072C6ED89247DD3D368 |
SHA-512: | F5D3BC4CB3EDC3287824A5AEB3A2722226E3AC6E5F62DE44C80316AC9913C283F6A06C585734A67A4DD39FF34DF304A9CFACEA15532C0F9B430FFB5E8DFBC641 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4657 |
Entropy (8bit): | 4.484496955120546 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsYJg771I94rWpW8VY72Ym8M4JL8F4yq85USCr9PBvzEpTd:uIjfeI7ba7Ve/JxJr9PBvzEpTd |
MD5: | 30A6927ABDB42B091B87F35A7C8813B5 |
SHA1: | B5BC38DE263D5C7C47A5522F1F341A8227F5EBF9 |
SHA-256: | AF94AFF81F8D0FD50CD87230602EA2B3E3D4810D858B449A0BEF13221A9FC5DD |
SHA-512: | EBB2D5EC7687BB2C47A300BC7EDCA5F8A1FFA8CA71F430A77ABA09E702991292257D999B34BDEA3ADA1C70122C7F7061133A9EA4E6A683B4EF6675F17DA373CF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9854 |
Entropy (8bit): | 4.955567924478758 |
Encrypted: | false |
SSDEEP: | 192:G6bfLftPfe6WyeDf5Z/tesgtqbkktW/8plKJAxzt6:RLft3e6WyeTIltqtw8pn76 |
MD5: | 95291CB96482A97215C2C2EE737619F4 |
SHA1: | A256C8E1A5D12EEA3FF5FB5A7A3891B0CFB6AC2E |
SHA-256: | B58A44302AA11D1FA02732879F806B35E65E7C7C2FF6A6E7C48C66E327E66373 |
SHA-512: | D176A38B52E8DC8C33C08A405108541D576AA0AAD7FA8CA0AEFD55FBC811DC1A8EE2CC555FA29883B25397968575A12F97E1299FAD834F4EC3B4A4F397A09268 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1294 |
Entropy (8bit): | 4.998390290636298 |
Encrypted: | false |
SSDEEP: | 24:EyMtE0ZIaRZY+Z5V14hmtEs5HjI4He93hmtEswba/2PNRyZag+:Ee0rRZY+ZR1tEdMSgtENbaqNYZ2 |
MD5: | 98EF129CD7FC258ECE3C468F089B04CE |
SHA1: | 14DFA1715C7BF50DB4B78D3AC60C1CD906137EB9 |
SHA-256: | 9BBEC2A97023FAFB540D6B346636C3F4362B12CFB2ECC0002E183C6DDDF376B7 |
SHA-512: | F83305A6BEDE9EF60612A066CD47DB089BD30F80287348FF10AC63844D05777221666B1EDDB5D220686A38C04BD1EA86CA4FAC63028A840C751504149B847A05 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1030414 |
Entropy (8bit): | 7.995083770357619 |
Encrypted: | true |
SSDEEP: | 24576:/MfC0TKcWCOnqrftqSXv6SAGIzY9EGajR/5Pevhv3:/MfZWgftq4bIzY98jR/5PeZv |
MD5: | 76258CA71C5D5200C20FF1C5309AA8F2 |
SHA1: | CCB79681CA9CE13D5B60888564C5E9FE35059237 |
SHA-256: | 2CEF521504F3C843B22C9F7B2EE203DE17493D9738FF4467D2967F85FAB61CA2 |
SHA-512: | BE2E5331B2F41130F6076E2AC1360EB2B677EAECFA3D87FCB2EDB22C128663BE71D93DE75EACC0D8EDAB6951099DA7DE1ACD72DAD18FB0802E5E60EA5790753A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 82334 |
Entropy (8bit): | 0.6686601662037086 |
Encrypted: | false |
SSDEEP: | 96:NxPnHCSst/INv/Q/6760tuLAdPhfvejG9NscS11wolaIsp7Jzx7:fgtc/tJdtejd11Y7Jzx7 |
MD5: | A620C87E69889F459C022578F3F5E420 |
SHA1: | 125AF2C1D2D822982109D79A56703063EADCB683 |
SHA-256: | AC34D2317F948C0D02E90C6F2473C4CC2A78D99D21C341FFA02FF4908B48DB2B |
SHA-512: | 8CBD9CEAA52204B9049618170579AE99C4425DE37DBD89787CF00A192C8A69A8390D692BF25A38C83A1D72BB05516EE6857B429EAAB995B92DEF12C68D6E3027 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1880 |
Entropy (8bit): | 5.3763216431025045 |
Encrypted: | false |
SSDEEP: | 48:adMJ34BYIvCrN2SJ/dpvvYrvz3fb46OxVOsOSiXwlZoxsDp:adm37sCZdJ/dp3WvLoiXwboxsDp |
MD5: | BAA63F11F9C2E4DDC827B0B36DA75C4F |
SHA1: | A882761158CC5271EBC889642CD5BFC1EB957139 |
SHA-256: | C7F53E52BCAFB0F9975AC2EBA6F6B8DE434B30E88656EFF2B5721C24EE3213F4 |
SHA-512: | 0D6B6819D5234FCB2C38174D68303F254CAFD94562601D6CD0A2DFD0C3FEDCC92A2B47A990F0BC2558AC1B89DF01D16EC9798C53EB9B4F9689D5FBC2415A87DC |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 93930 |
Entropy (8bit): | 7.979028337427802 |
Encrypted: | false |
SSDEEP: | 1536:Lo5J7yB3siNX6YmFOXg69t6vEPtZbP8xM7odVBUXF/J07khE9RV:eyCuKYnXRmUbP8modVBUHUtp |
MD5: | 493C36038828A5EF850DA2106AB956C3 |
SHA1: | 8DDEEE9E5A5266982B41EB33F26676D7B0797E41 |
SHA-256: | F18F571A0826A626095C6D81E1F7063340436156569FAEC173474A2EEEC5B29B |
SHA-512: | D422D8BBF7E5E121D7A63045E7BBD4FC81AB742157F05503748F089106102505DE2FDA6154456AD6709F5DB7B9007E5A1BF246A4F75749E408B412CC2D71953B |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 471054 |
Entropy (8bit): | 3.2443524520002636 |
Encrypted: | false |
SSDEEP: | 1536:/tfIWZ9jM6WivZDowwJH2lg0t5zspYuGDkGJK+HZky/iDOhyNlLgyOXwBJJPwcMG:52iv24SYxDmkZ3qOsBggr6Jla |
MD5: | 5B5B3247038C1AF153DFCB567B11DAA8 |
SHA1: | F35F529797188E9ABA2F7C5BECBD70309BD14541 |
SHA-256: | 48260B05BA47BF1CE3ECA2FC7899C65E95609CA3B6AB3A9F71F61C67493A3604 |
SHA-512: | 9396A455BAD36896F33F5456B89E4B7D0AF401399A8603939F485061143EAEB90A9EF5418844A4117975E6850FE3C9EAD7E913D3979D44314D1EF70B2459DC8F |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 500488 |
Entropy (8bit): | 7.912186742228876 |
Encrypted: | false |
SSDEEP: | 12288:8NgbfebCK2Zc88TonN0jeidRntIYRRCQYffq+:ugbEjkc8ConiFztIwR92j |
MD5: | 00CED89A573AD1E1F96C94C763222E1E |
SHA1: | 808183D9160A89AD3C8730D2B6B76803CA97F38F |
SHA-256: | 5FC1BD27C679B1B5306996CFA518FA1A7B4FB60E0FE6EA92BB4BA3B82C471A85 |
SHA-512: | A527A55B7874E619379F18DF0EBF3BE17505D310B9AFD9E1FCCF21210EB4B93AA358F7A7BE1AA4616309D99810A0629389024738D36AEF867910419A410E0F55 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358400 |
Entropy (8bit): | 6.138682134890285 |
Encrypted: | false |
SSDEEP: | 6144:jZdYCSKWdQPJLxlAG10PT02qHfhLLnII0E0Mu2:k59QPJLxlAGOPTQHFDV0 |
MD5: | 438909882796242739C542D4AA5E94DA |
SHA1: | E2A82D09C76C6A59F909CB35D4BF4F4F862213E1 |
SHA-256: | B81A96A53AB20F43624CE4E8D25468AB8F65EF88441368CDA0C9C54525DB31F6 |
SHA-512: | 2F972CE6901734E3217AA1982695DA589A52926C7C49C0A340C41E963B3CC03D2EFD3DE5A6AF6E61691CAE211D756710D722234457D01B4642BF463EFE641652 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 770719 |
Entropy (8bit): | 6.712677731362388 |
Encrypted: | false |
SSDEEP: | 12288:SIO0TqHrAKgmuN0KeNtK7781ybIsOCuy+kj62iBYzZx1ldbO52/i:pULj9oQyAf2aYpbG |
MD5: | E9FC238F898B1F0763B4A2EA5BF6DA2B |
SHA1: | 090CC66E5C8CBA33C1B0F63F76B33C3190F6D789 |
SHA-256: | F7249877EA94D997512FD5CF67C64DE8E9302D164FED5F2C2F3B6180E0DFC293 |
SHA-512: | 1FBAA8DA4D1A1F791133B126AE66E587215C73DCBE73B2F93687097C87A283F2BCD16D340CD8ED3A30506A47549156D6BF4575A8250BC0F96E4CD610894AFE6F |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 970 |
Entropy (8bit): | 5.5220747862495365 |
Encrypted: | false |
SSDEEP: | 24:VnA/LJ/L59/L5QSIDO/LJ/Lbxw/Lp+/L6vSIDn/Lzb:VM1fNcS11cpiXcjzb |
MD5: | 923CCF347E169F5533DBFC41D829B9DA |
SHA1: | 0360807D4C2A4923A679FC6F1175BB87A8749841 |
SHA-256: | C57D35C439689668E10C53E86662E297DEDE3B96F1D37E4A9FAD20689DE646FB |
SHA-512: | F5CA8F9F7206FFDE49CA4C3A106C68A7F076665042BD9E53FCD0FF01B0E71C847B157C493AB0C3202033ACB30A87BC50E9627B97DFC20AC62B81505C10346BFA |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32843280 |
Entropy (8bit): | 7.9672098266294284 |
Encrypted: | false |
SSDEEP: | 49152:r+NwYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYVYT:Cm |
MD5: | E1BDFA7BC2EC8370102E69DE1FDC2800 |
SHA1: | 1B26BCEC613EE069C0905055B40F0E858143562D |
SHA-256: | 15C4C03C0E4345A3FCC08E55164ED5CF004D8C2C40A46D7F7DB891F312226497 |
SHA-512: | 333F62FB4ABBA81F09A5D12AFAAFD8ED716CA03E7EF251C49B4DCF75EEA7D6ADF790C1FA9EED346AC8D22831904B8729DC771F9D66CE94C8F23F23BD0643A6E8 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.416756136146776 |
Encrypted: | false |
SSDEEP: | 6144:gcifpi6ceLPL9skLmb0mnSWSPtaJG8nAgex285i2MMhA20X4WABlGuNi5+:Fi58nSWIZBk2MM6AFBYo |
MD5: | 50FB39C82E93073338034769D715E7CD |
SHA1: | B2EA561B148D74A81227AAF4289F1B4AF5433A2E |
SHA-256: | E9301DA96E65A854DFC5C669866767BDE8E4350FC59B71745C49B919FA7419EA |
SHA-512: | 3F750ABAD30BC6CFA66D56AB8B9EAD79B304521DD57D964EB641B0E5C0F8D801E821BCE516CF094CBF39FDC1B14A7C4CDCF98A4296C56EA644B617E6E4A0E8E4 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.211500858406131 |
TrID: |
|
File name: | Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
File size: | 4'284'934 bytes |
MD5: | 005245fcbca50a836235392c802198a8 |
SHA1: | e53c665ed01e497874627ac654d6f90832dba1af |
SHA256: | be1d320f773a860897be73dd16f805902effaead313873b0c622bc6eff9db715 |
SHA512: | c4297732536440eee0d666e1e52b4777d2444f4d91ab77c779e3fb0acbbc20b61ccd3d6654d8ab7ff3af71283109fb633f5d83b21be00fd14e52720a8eab0d26 |
SSDEEP: | 98304:gqwsVKHOycs8IZPGQe92Mxvtq44djR/1eZhRj:gHrelDVq4OjR/+Rj |
TLSH: | 5816AF13B285A53EC07B1E396937D710993BBA213A53DC4B57F40A8CDF359902E3A687 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 13fb8f9cd15b3c2f |
Entrypoint: | 0x677dcc |
Entrypoint Section: | .itext |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6700C0CE [Sat Oct 5 04:30:06 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 2b038313242eff88172dd3dbdaa72202 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
mov eax, 0066E544h |
call 00007F3568C2E58Dh |
mov eax, dword ptr [00682278h] |
mov eax, dword ptr [eax] |
call 00007F3568E2C401h |
mov eax, dword ptr [00682278h] |
mov eax, dword ptr [eax] |
mov edx, 00677E30h |
call 00007F3568E2BE24h |
mov ecx, dword ptr [00681EF0h] |
mov eax, dword ptr [00682278h] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [006401B0h] |
call 00007F3568E2C3F0h |
mov eax, dword ptr [00682278h] |
mov eax, dword ptr [eax] |
call 00007F3568E2C544h |
call 00007F3568C26E8Fh |
add byte ptr [eax], al |
mov al, 04h |
add al, byte ptr [eax] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x290000 | 0x97 | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x28b000 | 0x3a9c | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2c9000 | 0x475b4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x293000 | 0x35dcc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x292000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x28ba14 | 0x8fc | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x28f000 | 0xce2 | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x274c18 | 0x274e00 | 68e4c2a381f4345dbbb44ee41c8fa94a | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0x276000 | 0x1e3c | 0x2000 | 81fb32b1ce226bae6b5c8fdf4a80376e | False | 0.511962890625 | data | 6.150585523530168 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x278000 | 0xa59c | 0xa600 | f80101c37a15ec9291d0930e8a30dc0e | False | 0.5673004518072289 | data | 6.177864641492512 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x283000 | 0x72c8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x28b000 | 0x3a9c | 0x3c00 | 9795ff32dc393b54c43a05fdbf42b9ac | False | 0.3219401041666667 | data | 5.218146922474968 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didata | 0x28f000 | 0xce2 | 0xe00 | 1c62b6eb4dc46277eff26ad45ad7c4d7 | False | 0.337890625 | data | 4.190105521637175 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x290000 | 0x97 | 0x200 | 9749a8241934d1ca1139755eb913449b | False | 0.251953125 | data | 1.7561102101709039 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x291000 | 0x54 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x292000 | 0x5d | 0x200 | f73729dda1bbfa72002223975ffe4b57 | False | 0.189453125 | data | 1.375319454273433 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x293000 | 0x35dcc | 0x35e00 | c42b5ac91a6b48bda088a98cedc9634a | False | 0.5711599115429234 | data | 6.728160253041536 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0x2c9000 | 0x475b4 | 0x47600 | 129c8b3bf1bdc6341fa25ac8f34f20a4 | False | 0.4300877024956217 | data | 6.824922097379193 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x2ca53c | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_CURSOR | 0x2ca670 | 0x134 | data | English | United States | 0.4642857142857143 |
RT_CURSOR | 0x2ca7a4 | 0x134 | data | English | United States | 0.4805194805194805 |
RT_CURSOR | 0x2ca8d8 | 0x134 | data | English | United States | 0.38311688311688313 |
RT_CURSOR | 0x2caa0c | 0x134 | data | English | United States | 0.36038961038961037 |
RT_CURSOR | 0x2cab40 | 0x134 | data | English | United States | 0.4090909090909091 |
RT_CURSOR | 0x2cac74 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
RT_BITMAP | 0x2cada8 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.5208333333333334 |
RT_BITMAP | 0x2cae68 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.42857142857142855 |
RT_BITMAP | 0x2caf48 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.4955357142857143 |
RT_BITMAP | 0x2cb028 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.38392857142857145 |
RT_BITMAP | 0x2cb108 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.4947916666666667 |
RT_BITMAP | 0x2cb1c8 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.484375 |
RT_BITMAP | 0x2cb288 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.42410714285714285 |
RT_BITMAP | 0x2cb368 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.5104166666666666 |
RT_BITMAP | 0x2cb428 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.5 |
RT_BITMAP | 0x2cb508 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.4895833333333333 |
RT_BITMAP | 0x2cb5c8 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.3794642857142857 |
RT_ICON | 0x2cb6a8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688 | English | United States | 0.6934968017057569 |
RT_ICON | 0x2cc550 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | English | United States | 0.8055054151624549 |
RT_ICON | 0x2ccdf8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | English | United States | 0.6560693641618497 |
RT_ICON | 0x2cd360 | 0x8695 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9864453022958813 |
RT_ICON | 0x2d59f8 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.38150656571631375 |
RT_ICON | 0x2e6220 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.4750630649569056 |
RT_ICON | 0x2ef6c8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.599896265560166 |
RT_ICON | 0x2f1c70 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.6836303939962477 |
RT_ICON | 0x2f2d18 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.7978723404255319 |
RT_STRING | 0x2f3180 | 0x760 | data | 0.3172669491525424 | ||
RT_STRING | 0x2f38e0 | 0xba8 | data | 0.2272117962466488 | ||
RT_STRING | 0x2f4488 | 0x45c | data | 0.35842293906810035 | ||
RT_STRING | 0x2f48e4 | 0x328 | data | 0.40470297029702973 | ||
RT_STRING | 0x2f4c0c | 0x454 | data | 0.40703971119133575 | ||
RT_STRING | 0x2f5060 | 0xf0 | data | 0.6583333333333333 | ||
RT_STRING | 0x2f5150 | 0xcc | data | 0.6764705882352942 | ||
RT_STRING | 0x2f521c | 0x124 | data | 0.6027397260273972 | ||
RT_STRING | 0x2f5340 | 0x358 | data | 0.4264018691588785 | ||
RT_STRING | 0x2f5698 | 0x3f8 | data | 0.375 | ||
RT_STRING | 0x2f5a90 | 0x3ac | data | 0.3829787234042553 | ||
RT_STRING | 0x2f5e3c | 0x4f8 | data | 0.31446540880503143 | ||
RT_STRING | 0x2f6334 | 0x2f4 | data | 0.3637566137566138 | ||
RT_STRING | 0x2f6628 | 0x2e0 | data | 0.35733695652173914 | ||
RT_STRING | 0x2f6908 | 0x3f8 | data | 0.4005905511811024 | ||
RT_STRING | 0x2f6d00 | 0x584 | data | 0.38526912181303113 | ||
RT_STRING | 0x2f7284 | 0x4a8 | data | 0.3087248322147651 | ||
RT_STRING | 0x2f772c | 0x37c | data | 0.39349775784753366 | ||
RT_STRING | 0x2f7aa8 | 0x3bc | data | 0.32217573221757323 | ||
RT_STRING | 0x2f7e64 | 0x40c | data | 0.3735521235521235 | ||
RT_STRING | 0x2f8270 | 0xf4 | data | 0.5491803278688525 | ||
RT_STRING | 0x2f8364 | 0xc4 | data | 0.6275510204081632 | ||
RT_STRING | 0x2f8428 | 0x268 | data | 0.48863636363636365 | ||
RT_STRING | 0x2f8690 | 0x434 | data | 0.3308550185873606 | ||
RT_STRING | 0x2f8ac4 | 0x360 | data | 0.3912037037037037 | ||
RT_STRING | 0x2f8e24 | 0x2dc | data | 0.3770491803278688 | ||
RT_STRING | 0x2f9100 | 0x318 | data | 0.33080808080808083 | ||
RT_RCDATA | 0x2f9418 | 0xd5d | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0032154340836013 |
RT_RCDATA | 0x2fa178 | 0xd57 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.003221083455344 |
RT_RCDATA | 0x2faed0 | 0xcfc | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.003309265944645 |
RT_RCDATA | 0x2fbbcc | 0xcd9 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033444816053512 |
RT_RCDATA | 0x2fc8a8 | 0xd5d | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0032154340836013 |
RT_RCDATA | 0x2fd608 | 0xd57 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.003221083455344 |
RT_RCDATA | 0x2fe360 | 0xc4e | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0034920634920634 |
RT_RCDATA | 0x2fefb0 | 0xc4e | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0034920634920634 |
RT_RCDATA | 0x2ffc00 | 0xcb5 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033814940055334 |
RT_RCDATA | 0x3008b8 | 0xcb0 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033866995073892 |
RT_RCDATA | 0x301568 | 0xd56 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0032220269478618 |
RT_RCDATA | 0x3022c0 | 0xd47 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0032362459546926 |
RT_RCDATA | 0x303008 | 0xdc2 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031232254400908 |
RT_RCDATA | 0x303dcc | 0xdc5 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031205673758865 |
RT_RCDATA | 0x304b94 | 0xcf3 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.003318250377074 |
RT_RCDATA | 0x305888 | 0xced | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033242671501965 |
RT_RCDATA | 0x306578 | 0xda9 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031455533314269 |
RT_RCDATA | 0x307324 | 0xda6 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031482541499714 |
RT_RCDATA | 0x3080cc | 0xcf3 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.003318250377074 |
RT_RCDATA | 0x308dc0 | 0xced | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033242671501965 |
RT_RCDATA | 0x309ab0 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x309ac0 | 0x148b | PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 1.0020916524054002 |
RT_RCDATA | 0x30af4c | 0x111e | PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 1.0025102692834322 |
RT_RCDATA | 0x30c06c | 0xd8c | PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031718569780854 |
RT_RCDATA | 0x30cdf8 | 0x780 | data | 0.5161458333333333 | ||
RT_RCDATA | 0x30d578 | 0x2 | data | English | United States | 5.0 |
RT_RCDATA | 0x30d57c | 0x2644 | Delphi compiled form 'TFormMain' | 0.27133523887300937 | ||
RT_GROUP_CURSOR | 0x30fbc0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x30fbd4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x30fbe8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x30fbfc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x30fc10 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x30fc24 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x30fc38 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x30fc4c | 0x84 | data | English | United States | 0.6742424242424242 |
RT_VERSION | 0x30fcd0 | 0x250 | data | English | United States | 0.4814189189189189 |
RT_MANIFEST | 0x30ff20 | 0x691 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.40690065437239736 |
DLL | Import |
---|---|
wininet.dll | InternetCloseHandle, InternetReadFile, HttpOpenRequestW, HttpSendRequestW, InternetConnectW, InternetOpenW, InternetOpenUrlW, HttpQueryInfoW |
winspool.drv | DocumentPropertiesW, ClosePrinter, OpenPrinterW, GetDefaultPrinterW, EnumPrintersW |
comdlg32.dll | GetSaveFileNameW, GetOpenFileNameW |
comctl32.dll | ImageList_GetImageInfo, FlatSB_SetScrollInfo, InitCommonControls, ImageList_DragMove, ImageList_Destroy, _TrackMouseEvent, ImageList_DragShowNolock, ImageList_Add, FlatSB_SetScrollProp, ImageList_GetDragImage, ImageList_Create, ImageList_EndDrag, ImageList_DrawEx, ImageList_SetImageCount, FlatSB_GetScrollPos, FlatSB_SetScrollPos, InitializeFlatSB, ImageList_Copy, FlatSB_GetScrollInfo, ImageList_Write, ImageList_DrawIndirect, ImageList_SetBkColor, ImageList_GetBkColor, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Replace, ImageList_GetImageCount, ImageList_DragEnter, ImageList_GetIconSize, ImageList_SetIconSize, ImageList_Read, ImageList_DragLeave, ImageList_LoadImageW, ImageList_Draw, ImageList_Remove, ImageList_ReplaceIcon, ImageList_SetOverlayImage |
shell32.dll | SHBrowseForFolderW, SHGetSpecialFolderLocation, Shell_NotifyIconW, ShellExecuteExW, SHGetPathFromIDListW, SHGetFileInfoW, SHGetFolderPathW, SHGetMalloc, SHGetDesktopFolder, SHChangeNotify, SHAppBarMessage, ShellExecuteW |
user32.dll | MoveWindow, CopyImage, SetMenuItemInfoW, GetMenuItemInfoW, DefFrameProcW, GetDlgCtrlID, FrameRect, RegisterWindowMessageW, GetMenuStringW, FillRect, SendMessageA, EnumWindows, ShowOwnedPopups, GetClassInfoW, GetScrollRange, SetActiveWindow, GetActiveWindow, DrawEdge, GetKeyboardLayoutList, LoadBitmapW, EnumChildWindows, GetScrollBarInfo, UnhookWindowsHookEx, SetCapture, GetCapture, ShowCaret, CreatePopupMenu, GetMenuItemID, CharLowerBuffW, PostMessageW, SetWindowLongW, IsZoomed, SetParent, DrawMenuBar, GetClientRect, IsChild, IsIconic, CallNextHookEx, ShowWindow, GetWindowTextW, SetForegroundWindow, IsDialogMessageW, DestroyWindow, RegisterClassW, EndMenu, CharNextW, GetFocus, GetDC, SetFocus, ReleaseDC, ExitWindowsEx, GetClassLongW, SetScrollRange, DrawTextW, PeekMessageA, MessageBeep, SetClassLongW, RemovePropW, GetSubMenu, DestroyIcon, IsWindowVisible, FlashWindow, DispatchMessageA, UnregisterClassW, GetTopWindow, SendMessageW, SendMessageTimeoutW, LoadStringW, CreateMenu, CharLowerW, SetWindowRgn, SetWindowPos, GetMenuItemCount, GetSysColorBrush, GetWindowDC, DrawTextExW, GetScrollInfo, SetWindowTextW, GetMessageExtraInfo, GetSysColor, EnableScrollBar, TrackPopupMenu, DrawIconEx, GetClassNameW, GetMessagePos, GetIconInfo, SetScrollInfo, GetKeyNameTextW, GetDesktopWindow, SetCursorPos, GetCursorPos, SetMenu, GetMenuState, GetMenu, SetRect, GetKeyState, ValidateRect, GetCursor, KillTimer, BeginDeferWindowPos, WaitMessage, TranslateMDISysAccel, GetWindowPlacement, CreateIconIndirect, CreateWindowExW, GetDCEx, PeekMessageW, MonitorFromWindow, GetUpdateRect, SetTimer, WindowFromPoint, BeginPaint, RegisterClipboardFormatW, MapVirtualKeyW, IsWindowUnicode, DispatchMessageW, CreateAcceleratorTableW, DefMDIChildProcW, GetSystemMenu, SetScrollPos, GetScrollPos, DrawFocusRect, ReleaseCapture, LoadCursorW, ScrollWindow, GetLastActivePopup, GetSystemMetrics, CharUpperBuffW, SetClipboardData, GetClipboardData, ClientToScreen, SetWindowPlacement, GetMonitorInfoW, CheckMenuItem, CharUpperW, DefWindowProcW, GetForegroundWindow, EnableWindow, GetWindowThreadProcessId, RedrawWindow, EndPaint, MsgWaitForMultipleObjectsEx, LoadKeyboardLayoutW, ActivateKeyboardLayout, GetParent, MonitorFromRect, InsertMenuItemW, GetPropW, MessageBoxW, SetPropW, UpdateWindow, MsgWaitForMultipleObjects, DestroyMenu, SetWindowsHookExW, EmptyClipboard, GetDlgItem, AdjustWindowRectEx, IsWindow, DrawIcon, EnumThreadWindows, InvalidateRect, GetKeyboardState, ScreenToClient, DrawFrameControl, SetCursor, CreateIcon, RemoveMenu, GetKeyboardLayoutNameW, OpenClipboard, TranslateMessage, MapWindowPoints, EnumDisplayMonitors, CallWindowProcW, CloseClipboard, DestroyCursor, CopyIcon, PostQuitMessage, ShowScrollBar, EnableMenuItem, DeferWindowPos, HideCaret, EndDeferWindowPos, FindWindowExW, MonitorFromPoint, LoadIconW, SystemParametersInfoW, GetWindow, GetWindowRect, GetWindowLongW, InsertMenuW, IsWindowEnabled, IsDialogMessageA, FindWindowW, GetKeyboardLayout, DeleteMenu |
version.dll | GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW |
oleaut32.dll | LoadTypeLib, SysFreeString, VariantClear, VariantInit, GetErrorInfo, SysReAllocStringLen, SafeArrayCreate, SysAllocStringLen, SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, VariantCopy, RegisterTypeLib, VariantChangeType |
advapi32.dll | RegSetValueExW, RegConnectRegistryW, OpenThreadToken, RegQueryInfoKeyW, RegUnLoadKeyW, RegSaveKeyW, EqualSid, RegReplaceKeyW, GetTokenInformation, RegCreateKeyExW, RegLoadKeyW, RegEnumKeyExW, AdjustTokenPrivileges, RegDeleteKeyW, LookupPrivilegeValueW, RegOpenKeyExW, OpenProcessToken, FreeSid, AllocateAndInitializeSid, RegDeleteValueW, RegFlushKey, RegEnumValueW, RegQueryValueExW, RegCloseKey, RegRestoreKeyW |
msvcrt.dll | memcpy, memset |
kernel32.dll | SetFileAttributesW, GetFileType, SetFileTime, QueryDosDeviceW, GetACP, GetExitCodeProcess, CloseHandle, LocalFree, GetCurrentProcessId, GetSystemDefaultLangID, SizeofResource, QueryPerformanceFrequency, IsDebuggerPresent, FindNextFileW, GetFullPathNameW, VirtualFree, HeapAlloc, ExitProcess, GetCPInfoExW, GetSystemTime, GetLongPathNameW, RtlUnwind, GetCPInfo, EnumSystemLocalesW, GetStdHandle, GetTimeZoneInformation, FileTimeToLocalFileTime, SystemTimeToTzSpecificLocalTime, GetModuleHandleW, FreeLibrary, TryEnterCriticalSection, HeapDestroy, FileTimeToDosDateTime, ReadFile, GetLastError, GetModuleFileNameW, SetLastError, GlobalAlloc, GlobalUnlock, FindResourceW, lstrlenA, CreateThread, CompareStringW, CopyFileW, MapViewOfFile, LoadLibraryA, GetVolumeInformationW, ResetEvent, MulDiv, FreeResource, GetDriveTypeW, GetVersion, RaiseException, GlobalAddAtomW, FormatMessageW, OpenProcess, SwitchToThread, GetExitCodeThread, GetCurrentThread, GetLogicalDrives, GetFileAttributesExW, LoadLibraryExW, TerminateProcess, LockResource, FileTimeToSystemTime, GetCurrentThreadId, UnhandledExceptionFilter, GlobalFindAtomW, VirtualQuery, GlobalFree, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GlobalDeleteAtom, GetStartupInfoW, GetFileAttributesW, GetCurrentDirectoryW, SetCurrentDirectoryW, InitializeCriticalSection, GetThreadPriority, GetCurrentProcess, GlobalLock, SetThreadPriority, VirtualAlloc, GetTempPathW, GetCommandLineW, GetSystemInfo, LeaveCriticalSection, GetProcAddress, ResumeThread, GetLogicalDriveStringsW, GetVersionExW, VerifyVersionInfoW, HeapCreate, LCMapStringW, GetDiskFreeSpaceW, VerSetConditionMask, FindFirstFileW, GetUserDefaultUILanguage, GetConsoleOutputCP, UnmapViewOfFile, GetConsoleCP, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, GetLocaleInfoW, CreateFileW, SystemTimeToFileTime, EnumResourceNamesW, DeleteFileW, IsDBCSLeadByteEx, GetEnvironmentVariableW, GetLocalTime, WaitForSingleObject, WriteFile, CreateFileMappingW, ExitThread, DeleteCriticalSection, GetDateFormatW, TlsGetValue, SetErrorMode, TzSpecificLocalTimeToSystemTime, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, WaitForMultipleObjectsEx, GetThreadLocale, SetThreadLocale |
ole32.dll | IsEqualGUID, OleInitialize, OleUninitialize, CoInitialize, CoCreateGuid, CoCreateInstance, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc, StringFromCLSID |
gdi32.dll | Pie, SetBkMode, CreateCompatibleBitmap, GetEnhMetaFileHeader, RectVisible, AngleArc, ResizePalette, SetAbortProc, SetTextColor, StretchBlt, RoundRect, SelectClipRgn, RestoreDC, SetRectRgn, GetTextMetricsW, RemoveFontResourceW, GetWindowOrgEx, CreatePalette, PolyBezierTo, CreateICW, CreateDCW, GetStockObject, CreateSolidBrush, Polygon, MoveToEx, PlayEnhMetaFile, Ellipse, StartPage, GetBitmapBits, StartDocW, AbortDoc, GetSystemPaletteEntries, GetEnhMetaFileBits, AddFontResourceW, GetEnhMetaFilePaletteEntries, CreatePenIndirect, SetMapMode, CreateFontIndirectW, PolyBezier, RemoveFontResourceExW, EndDoc, GetObjectW, GetWinMetaFileBits, SetROP2, GetEnhMetaFileDescriptionW, ArcTo, Arc, SelectPalette, ExcludeClipRect, MaskBlt, SetWindowOrgEx, EndPage, DeleteEnhMetaFile, Chord, SetDIBits, SetViewportOrgEx, CreateRectRgn, RealizePalette, SetDIBColorTable, GetDIBColorTable, CreateBrushIndirect, PatBlt, SetEnhMetaFileBits, AddFontResourceExW, Rectangle, SaveDC, DeleteDC, BitBlt, FrameRgn, GetDeviceCaps, GetTextExtentPoint32W, GetClipBox, IntersectClipRect, Polyline, CreateBitmap, SetWinMetaFileBits, GetStretchBltMode, CreateDIBitmap, SetStretchBltMode, GetDIBits, CreateDIBSection, LineTo, GetRgnBox, EnumFontsW, CreateHalftonePalette, SelectObject, DeleteObject, ExtFloodFill, UnrealizeObject, CopyEnhMetaFileW, SetBkColor, CreateCompatibleDC, GetBrushOrgEx, GetCurrentPositionEx, GetNearestPaletteIndex, GetTextExtentPointW, ExtTextOutW, SetBrushOrgEx, GetPixel, GdiFlush, SetPixel, EnumFontFamiliesExW, StretchDIBits, GetPaletteEntries |
Name | Ordinal | Address |
---|---|---|
TMethodImplementationIntercept | 3 | 0x471050 |
__dbk_fcall_wrapper | 2 | 0x4126d8 |
dbkFCallWrapperAddr | 1 | 0x68663c |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 00:41:00.207323074 CEST | 49753 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:00.212357044 CEST | 22455 | 49753 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:00.212440014 CEST | 49753 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:00.215517998 CEST | 49753 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:00.223222971 CEST | 22455 | 49753 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:00.223278999 CEST | 49753 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:00.228336096 CEST | 22455 | 49753 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:01.930526972 CEST | 22455 | 49753 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:01.932346106 CEST | 49753 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:05.300762892 CEST | 49788 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:05.307121992 CEST | 22455 | 49788 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:05.307216883 CEST | 49788 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:05.307917118 CEST | 49788 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:05.308254957 CEST | 49753 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:05.312728882 CEST | 22455 | 49788 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:05.312796116 CEST | 49788 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:05.313174009 CEST | 22455 | 49753 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:05.318564892 CEST | 22455 | 49788 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:07.020719051 CEST | 22455 | 49788 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:07.020771027 CEST | 49788 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:09.332336903 CEST | 49814 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:09.339513063 CEST | 22455 | 49814 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:09.339647055 CEST | 49814 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:09.340564966 CEST | 49814 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:09.341135979 CEST | 49788 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:09.348381042 CEST | 22455 | 49814 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:09.348438978 CEST | 49814 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:09.348464012 CEST | 22455 | 49788 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:09.355849028 CEST | 22455 | 49814 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:11.067265034 CEST | 22455 | 49814 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:11.067420959 CEST | 49814 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:13.363399982 CEST | 49836 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:13.370292902 CEST | 22455 | 49836 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:13.370408058 CEST | 49836 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:13.371057034 CEST | 49836 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:13.371951103 CEST | 49814 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:13.377968073 CEST | 22455 | 49836 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:13.378041983 CEST | 49836 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:13.378823042 CEST | 22455 | 49814 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:13.384656906 CEST | 22455 | 49836 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:15.200669050 CEST | 22455 | 49836 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:15.200730085 CEST | 49836 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:17.394459963 CEST | 49862 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:17.399339914 CEST | 22455 | 49862 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:17.399424076 CEST | 49862 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:17.400264978 CEST | 49862 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:17.400516987 CEST | 49836 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:17.405397892 CEST | 22455 | 49862 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:17.405457020 CEST | 49862 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:17.405546904 CEST | 22455 | 49836 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:17.410609007 CEST | 22455 | 49862 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:19.217902899 CEST | 22455 | 49862 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:19.218065023 CEST | 49862 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:21.425961018 CEST | 49887 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:21.432321072 CEST | 22455 | 49887 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:21.432424068 CEST | 49887 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:21.433084965 CEST | 49887 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:21.433463097 CEST | 49862 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:21.439956903 CEST | 22455 | 49887 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:21.440022945 CEST | 49887 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:21.440206051 CEST | 22455 | 49862 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:21.446948051 CEST | 22455 | 49887 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:23.195993900 CEST | 22455 | 49887 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:23.196090937 CEST | 49887 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:25.457287073 CEST | 49913 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:25.462104082 CEST | 22455 | 49913 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:25.462263107 CEST | 49913 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:25.470081091 CEST | 49913 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:25.471170902 CEST | 49887 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:25.474944115 CEST | 22455 | 49913 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:25.475020885 CEST | 49913 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:25.475929022 CEST | 22455 | 49887 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:25.479827881 CEST | 22455 | 49913 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:26.065853119 CEST | 49913 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:26.070911884 CEST | 22455 | 49913 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:26.070992947 CEST | 49913 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:26.075803995 CEST | 22455 | 49913 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:27.175410032 CEST | 22455 | 49913 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:27.175503016 CEST | 49913 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:29.488234043 CEST | 49943 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:29.495275021 CEST | 22455 | 49943 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:29.495405912 CEST | 49943 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:29.496001005 CEST | 49943 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:29.496402025 CEST | 49913 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:29.503062010 CEST | 22455 | 49943 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:29.503222942 CEST | 49943 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:29.503712893 CEST | 22455 | 49913 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:29.510596037 CEST | 22455 | 49943 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:31.222316980 CEST | 49943 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:31.227806091 CEST | 22455 | 49943 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:31.228915930 CEST | 49943 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:31.234549999 CEST | 22455 | 49943 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:31.243427038 CEST | 22455 | 49943 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:31.245991945 CEST | 49943 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:33.535276890 CEST | 49969 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:33.542371035 CEST | 22455 | 49969 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:33.542485952 CEST | 49969 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:33.543184042 CEST | 49969 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:33.543668985 CEST | 49943 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:33.550409079 CEST | 22455 | 49969 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:33.550425053 CEST | 22455 | 49943 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:33.550514936 CEST | 49969 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:33.556905031 CEST | 22455 | 49969 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:35.271652937 CEST | 22455 | 49969 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:35.271771908 CEST | 49969 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:37.566363096 CEST | 49980 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:37.574450016 CEST | 22455 | 49980 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:37.574544907 CEST | 49980 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:37.575162888 CEST | 49980 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:37.575517893 CEST | 49969 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:37.801166058 CEST | 22455 | 49980 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:37.801182032 CEST | 22455 | 49969 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:37.801234007 CEST | 49980 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:37.808378935 CEST | 22455 | 49980 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:39.308710098 CEST | 22455 | 49980 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:39.308911085 CEST | 49980 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:41.598979950 CEST | 49981 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:41.605317116 CEST | 22455 | 49981 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:41.605483055 CEST | 49981 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:41.606259108 CEST | 49981 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:41.606846094 CEST | 49980 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:41.612468958 CEST | 22455 | 49981 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:41.612778902 CEST | 49981 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:41.612937927 CEST | 22455 | 49980 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:41.619155884 CEST | 22455 | 49981 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:43.355313063 CEST | 22455 | 49981 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:43.355611086 CEST | 49981 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:45.629246950 CEST | 49984 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:45.637959957 CEST | 22455 | 49984 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:45.638109922 CEST | 49984 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:45.639017105 CEST | 49984 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:45.639579058 CEST | 49981 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:45.647325039 CEST | 22455 | 49984 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:45.647470951 CEST | 49984 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:45.647828102 CEST | 22455 | 49981 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:45.656260014 CEST | 22455 | 49984 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:48.223752975 CEST | 22455 | 49984 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:48.223844051 CEST | 49984 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:48.224308014 CEST | 22455 | 49984 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:48.224347115 CEST | 49984 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:48.224541903 CEST | 22455 | 49984 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:48.224601030 CEST | 49984 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:48.227360010 CEST | 22455 | 49984 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:48.227402925 CEST | 49984 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:49.672207117 CEST | 49985 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:49.677728891 CEST | 22455 | 49985 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:49.677815914 CEST | 49985 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:49.752782106 CEST | 49985 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:49.756031990 CEST | 49984 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:49.757745981 CEST | 22455 | 49985 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:49.757826090 CEST | 49985 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:49.760951996 CEST | 22455 | 49984 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:49.764046907 CEST | 22455 | 49985 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:50.378582954 CEST | 49985 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:50.383476973 CEST | 22455 | 49985 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:50.383542061 CEST | 49985 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:50.388381004 CEST | 22455 | 49985 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:51.398080111 CEST | 22455 | 49985 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:51.398359060 CEST | 49985 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:53.785193920 CEST | 49986 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:53.792102098 CEST | 22455 | 49986 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:53.792232037 CEST | 49986 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:53.792937994 CEST | 49986 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:53.793051004 CEST | 49985 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:53.800158978 CEST | 22455 | 49986 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:53.800174952 CEST | 22455 | 49985 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:53.800240040 CEST | 49986 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:53.807341099 CEST | 22455 | 49986 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:55.543483019 CEST | 22455 | 49986 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:55.543622971 CEST | 49986 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:57.843652964 CEST | 49987 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:57.848555088 CEST | 22455 | 49987 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:57.848637104 CEST | 49987 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:57.852905035 CEST | 49987 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:57.853241920 CEST | 49986 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:57.858088970 CEST | 22455 | 49987 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:57.858160973 CEST | 22455 | 49986 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:57.858169079 CEST | 49987 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:41:57.863063097 CEST | 22455 | 49987 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:59.575078011 CEST | 22455 | 49987 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:41:59.575149059 CEST | 49987 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:01.879553080 CEST | 49988 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:01.884701014 CEST | 22455 | 49988 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:01.884933949 CEST | 49988 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:01.885490894 CEST | 49988 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:01.885610104 CEST | 49987 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:01.891782999 CEST | 22455 | 49988 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:01.891869068 CEST | 49988 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:01.892281055 CEST | 22455 | 49987 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:01.896779060 CEST | 22455 | 49988 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:03.621555090 CEST | 22455 | 49988 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:03.621653080 CEST | 49988 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:05.910460949 CEST | 49989 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:05.917121887 CEST | 22455 | 49989 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:05.917299032 CEST | 49989 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:05.918497086 CEST | 49989 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:05.918731928 CEST | 49988 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:05.924613953 CEST | 22455 | 49989 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:05.924710035 CEST | 49989 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:05.925141096 CEST | 22455 | 49988 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:05.931308985 CEST | 22455 | 49989 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:06.143975973 CEST | 49989 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:06.150660992 CEST | 22455 | 49989 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:06.150801897 CEST | 49989 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:06.157355070 CEST | 22455 | 49989 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:07.534625053 CEST | 49989 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:07.541205883 CEST | 22455 | 49989 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:07.541318893 CEST | 49989 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:07.548794031 CEST | 22455 | 49989 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:07.669919968 CEST | 22455 | 49989 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:07.670188904 CEST | 49989 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:09.942598104 CEST | 49990 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:09.950530052 CEST | 22455 | 49990 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:09.950702906 CEST | 49990 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:09.952562094 CEST | 49990 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:09.953114033 CEST | 49989 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:09.959599018 CEST | 22455 | 49990 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:09.959728003 CEST | 49990 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:09.959898949 CEST | 22455 | 49989 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:09.964598894 CEST | 22455 | 49990 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:11.315911055 CEST | 49990 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:11.320867062 CEST | 22455 | 49990 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:11.321105957 CEST | 49990 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:11.325953960 CEST | 22455 | 49990 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:11.836005926 CEST | 22455 | 49990 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:11.836206913 CEST | 49990 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:13.973659992 CEST | 49991 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:13.980859041 CEST | 22455 | 49991 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:13.981014013 CEST | 49991 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:13.983064890 CEST | 49991 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:13.983423948 CEST | 49990 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:13.990247011 CEST | 22455 | 49991 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:13.990291119 CEST | 22455 | 49990 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:13.990361929 CEST | 49991 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:13.997875929 CEST | 22455 | 49991 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:15.362864017 CEST | 49991 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:15.370196104 CEST | 22455 | 49991 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:15.370343924 CEST | 49991 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:15.378212929 CEST | 22455 | 49991 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:15.744293928 CEST | 22455 | 49991 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:15.744462967 CEST | 49991 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:18.004868984 CEST | 49992 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:18.009989977 CEST | 22455 | 49992 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:18.010183096 CEST | 49992 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:18.011961937 CEST | 49992 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:18.012315989 CEST | 49991 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:18.016762018 CEST | 22455 | 49992 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:18.016936064 CEST | 49992 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:18.017086029 CEST | 22455 | 49991 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:18.021823883 CEST | 22455 | 49992 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:19.748555899 CEST | 22455 | 49992 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:19.748893976 CEST | 49992 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:22.035476923 CEST | 49993 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:22.043226957 CEST | 22455 | 49993 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:22.043364048 CEST | 49993 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:22.046264887 CEST | 49993 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:22.046420097 CEST | 49992 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:22.052468061 CEST | 22455 | 49993 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:22.052551031 CEST | 49993 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:22.052952051 CEST | 22455 | 49992 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:22.060986042 CEST | 22455 | 49993 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:23.757072926 CEST | 22455 | 49993 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:23.757205963 CEST | 49993 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:26.083635092 CEST | 49994 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:26.090312958 CEST | 22455 | 49994 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:26.090512037 CEST | 49994 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:26.092386961 CEST | 49994 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:26.092802048 CEST | 49993 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:26.099163055 CEST | 22455 | 49994 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:26.099282026 CEST | 49994 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:26.099728107 CEST | 22455 | 49993 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:26.105859995 CEST | 22455 | 49994 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:27.954169035 CEST | 22455 | 49994 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:27.954289913 CEST | 49994 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:30.145150900 CEST | 49995 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:30.152242899 CEST | 22455 | 49995 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:30.152319908 CEST | 49995 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:30.153291941 CEST | 49995 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:30.153400898 CEST | 49994 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:30.159634113 CEST | 22455 | 49995 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:30.159646034 CEST | 22455 | 49994 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:30.159697056 CEST | 49995 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:30.166832924 CEST | 22455 | 49995 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:31.887953997 CEST | 22455 | 49995 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:31.888075113 CEST | 49995 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:34.177548885 CEST | 49996 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:34.182620049 CEST | 22455 | 49996 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:34.182796001 CEST | 49996 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:34.184586048 CEST | 49996 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:34.184951067 CEST | 49995 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:34.189817905 CEST | 22455 | 49996 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:34.189920902 CEST | 49996 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:34.190114021 CEST | 22455 | 49995 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:34.195200920 CEST | 22455 | 49996 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:35.915709972 CEST | 22455 | 49996 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:35.915851116 CEST | 49996 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:38.207089901 CEST | 49997 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:38.430330992 CEST | 22455 | 49997 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:38.430506945 CEST | 49997 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:38.464771986 CEST | 49997 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:38.464898109 CEST | 49996 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:38.471230984 CEST | 22455 | 49997 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:38.471266031 CEST | 22455 | 49996 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:38.471344948 CEST | 49997 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:38.478051901 CEST | 22455 | 49997 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:40.180012941 CEST | 22455 | 49997 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:40.180236101 CEST | 49997 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:42.488516092 CEST | 49998 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:42.493479013 CEST | 22455 | 49998 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:42.493582010 CEST | 49998 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:42.494256973 CEST | 49998 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:42.494376898 CEST | 49997 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:42.499263048 CEST | 22455 | 49998 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:42.499317884 CEST | 22455 | 49997 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:42.499363899 CEST | 49998 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:42.504385948 CEST | 22455 | 49998 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:43.019047022 CEST | 49998 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:43.024228096 CEST | 22455 | 49998 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:43.026163101 CEST | 49998 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:43.030977964 CEST | 22455 | 49998 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:44.228851080 CEST | 22455 | 49998 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:44.228916883 CEST | 49998 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:46.520327091 CEST | 49999 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:46.525150061 CEST | 22455 | 49999 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:46.525306940 CEST | 49999 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:46.526149035 CEST | 49999 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:46.526292086 CEST | 49998 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:46.530934095 CEST | 22455 | 49999 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:46.531006098 CEST | 49999 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:46.531121016 CEST | 22455 | 49998 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:46.535872936 CEST | 22455 | 49999 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:47.644309998 CEST | 49999 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:47.649276018 CEST | 22455 | 49999 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:47.649365902 CEST | 49999 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:47.654370070 CEST | 22455 | 49999 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:48.277458906 CEST | 22455 | 49999 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:48.277522087 CEST | 49999 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:50.551039934 CEST | 50000 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:50.578007936 CEST | 22455 | 50000 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:50.578114986 CEST | 50000 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:50.579092979 CEST | 50000 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:50.579221964 CEST | 49999 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:50.586771011 CEST | 22455 | 50000 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:50.586801052 CEST | 22455 | 49999 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:50.586853027 CEST | 50000 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:50.593369961 CEST | 22455 | 50000 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:52.304307938 CEST | 22455 | 50000 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:52.304426908 CEST | 50000 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:54.598572016 CEST | 50001 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:54.605148077 CEST | 22455 | 50001 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:54.605340958 CEST | 50001 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:54.607132912 CEST | 50000 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:54.607156992 CEST | 50001 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:54.613756895 CEST | 22455 | 50000 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:54.615416050 CEST | 22455 | 50001 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:54.615541935 CEST | 50001 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:54.622865915 CEST | 22455 | 50001 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:54.675787926 CEST | 50001 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:54.682909966 CEST | 22455 | 50001 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:54.683238983 CEST | 50001 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:54.689757109 CEST | 22455 | 50001 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:56.323116064 CEST | 22455 | 50001 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:56.323251009 CEST | 50001 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:58.652652025 CEST | 50002 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:58.831301928 CEST | 22455 | 50002 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:58.831520081 CEST | 50002 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:58.910175085 CEST | 50002 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:58.910309076 CEST | 50001 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:58.917818069 CEST | 22455 | 50002 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:58.917836905 CEST | 22455 | 50001 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:58.917880058 CEST | 50002 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:58.924997091 CEST | 22455 | 50002 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:59.722186089 CEST | 50002 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:59.728924990 CEST | 22455 | 50002 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:42:59.729038000 CEST | 50002 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:42:59.735636950 CEST | 22455 | 50002 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:00.556129932 CEST | 22455 | 50002 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:00.556272030 CEST | 50002 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:02.943176031 CEST | 50003 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:02.950645924 CEST | 22455 | 50003 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:02.950803041 CEST | 50003 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:02.952452898 CEST | 50003 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:02.952773094 CEST | 50002 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:02.959459066 CEST | 22455 | 50003 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:02.959621906 CEST | 50003 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:02.959980011 CEST | 22455 | 50002 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:02.967128992 CEST | 22455 | 50003 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:04.081720114 CEST | 50003 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:04.393876076 CEST | 50003 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:04.779478073 CEST | 22455 | 50003 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:04.779494047 CEST | 22455 | 50003 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:04.780194044 CEST | 22455 | 50003 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:04.780428886 CEST | 50003 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:06.972920895 CEST | 50004 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:06.980966091 CEST | 22455 | 50004 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:06.981089115 CEST | 50004 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:06.981836081 CEST | 50004 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:06.982000113 CEST | 50003 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:06.989895105 CEST | 22455 | 50004 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:06.989972115 CEST | 50004 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:06.991456032 CEST | 22455 | 50003 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:06.998342037 CEST | 22455 | 50004 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:08.718144894 CEST | 22455 | 50004 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:08.718399048 CEST | 50004 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:11.004057884 CEST | 50005 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:11.012013912 CEST | 22455 | 50005 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:11.012176037 CEST | 50005 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:11.013087034 CEST | 50005 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:11.013257027 CEST | 50004 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:11.021222115 CEST | 22455 | 50005 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:11.021234989 CEST | 22455 | 50004 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:11.021312952 CEST | 50005 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:11.029788971 CEST | 22455 | 50005 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:11.910665035 CEST | 50005 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:11.918864965 CEST | 22455 | 50005 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:11.918967009 CEST | 50005 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:11.927807093 CEST | 22455 | 50005 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:12.727941036 CEST | 22455 | 50005 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:12.728055000 CEST | 50005 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:15.036494970 CEST | 50006 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:15.044564009 CEST | 22455 | 50006 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:15.044763088 CEST | 50006 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:15.046660900 CEST | 50006 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:15.047072887 CEST | 50005 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:15.054522038 CEST | 22455 | 50006 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:15.054620028 CEST | 50006 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:15.055116892 CEST | 22455 | 50005 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:15.062197924 CEST | 22455 | 50006 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:16.790770054 CEST | 22455 | 50006 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:16.790884018 CEST | 50006 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:19.066585064 CEST | 50007 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:19.074429989 CEST | 22455 | 50007 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:19.074529886 CEST | 50007 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:19.075370073 CEST | 50007 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:19.075679064 CEST | 50006 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:19.083633900 CEST | 22455 | 50007 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:19.083697081 CEST | 50007 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:19.083991051 CEST | 22455 | 50006 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:19.091959953 CEST | 22455 | 50007 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:20.940979958 CEST | 22455 | 50007 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:20.941042900 CEST | 50007 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:23.099164009 CEST | 50008 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:23.107760906 CEST | 22455 | 50008 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:23.107888937 CEST | 50008 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:23.108536959 CEST | 50008 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:23.108661890 CEST | 50007 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:23.116492033 CEST | 22455 | 50008 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:23.116525888 CEST | 22455 | 50007 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:23.116585970 CEST | 50008 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:23.124288082 CEST | 22455 | 50008 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:24.895241022 CEST | 22455 | 50008 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:24.895344019 CEST | 50008 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:25.241080999 CEST | 22455 | 50008 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:25.241221905 CEST | 50008 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:27.129286051 CEST | 50009 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:27.137408018 CEST | 22455 | 50009 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:27.137510061 CEST | 50009 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:27.138207912 CEST | 50009 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:27.138365984 CEST | 50008 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:27.146596909 CEST | 22455 | 50009 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:27.146610022 CEST | 22455 | 50008 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:27.146694899 CEST | 50009 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:27.154405117 CEST | 22455 | 50009 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:28.347848892 CEST | 50009 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:28.523505926 CEST | 22455 | 50009 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:28.523622036 CEST | 50009 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:28.532996893 CEST | 22455 | 50009 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:28.872560978 CEST | 22455 | 50009 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:28.872720957 CEST | 50009 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:31.160636902 CEST | 50010 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:31.168732882 CEST | 22455 | 50010 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:31.168919086 CEST | 50010 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:31.170840025 CEST | 50010 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:31.171171904 CEST | 50009 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:31.179192066 CEST | 22455 | 50010 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:31.179208040 CEST | 22455 | 50009 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:31.179322958 CEST | 50010 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:31.187788963 CEST | 22455 | 50010 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:32.753741026 CEST | 50010 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:32.763503075 CEST | 22455 | 50010 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:32.763627052 CEST | 50010 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:32.771168947 CEST | 22455 | 50010 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:32.902139902 CEST | 22455 | 50010 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:32.902367115 CEST | 50010 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:35.192303896 CEST | 50011 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:35.200843096 CEST | 22455 | 50011 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:35.201359987 CEST | 50011 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:35.201893091 CEST | 50010 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:35.202002048 CEST | 50011 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:35.208586931 CEST | 22455 | 50010 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:35.208695889 CEST | 22455 | 50011 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:35.208789110 CEST | 50011 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:35.215137959 CEST | 22455 | 50011 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:36.947031975 CEST | 22455 | 50011 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:36.947165012 CEST | 50011 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:39.222986937 CEST | 50012 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:39.227946043 CEST | 22455 | 50012 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:39.228044987 CEST | 50012 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:39.228677034 CEST | 50012 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:39.228810072 CEST | 50011 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:39.233426094 CEST | 22455 | 50012 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:39.233498096 CEST | 50012 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:39.233614922 CEST | 22455 | 50011 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:39.238435984 CEST | 22455 | 50012 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:40.948730946 CEST | 22455 | 50012 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:40.948852062 CEST | 50012 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:43.281338930 CEST | 50013 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:43.286221981 CEST | 22455 | 50013 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:43.290170908 CEST | 50013 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:43.298983097 CEST | 50013 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:43.302591085 CEST | 50012 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:43.303805113 CEST | 22455 | 50013 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:43.303881884 CEST | 50013 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:43.307581902 CEST | 22455 | 50012 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:43.308830976 CEST | 22455 | 50013 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:45.031501055 CEST | 22455 | 50013 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:45.032573938 CEST | 50013 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:47.363521099 CEST | 50014 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:47.368451118 CEST | 22455 | 50014 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:47.368596077 CEST | 50014 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:47.373270988 CEST | 50014 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:47.373400927 CEST | 50013 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:47.378011942 CEST | 22455 | 50014 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:47.378182888 CEST | 22455 | 50013 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:47.378221989 CEST | 50014 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:47.383017063 CEST | 22455 | 50014 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:48.331779957 CEST | 50014 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:48.340662003 CEST | 22455 | 50014 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:48.340718031 CEST | 50014 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:48.348340988 CEST | 22455 | 50014 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:49.255762100 CEST | 22455 | 50014 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:49.255846977 CEST | 50014 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:51.395212889 CEST | 50015 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:51.401185989 CEST | 22455 | 50015 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:51.401305914 CEST | 50015 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:51.402077913 CEST | 50015 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:51.402225018 CEST | 50014 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:51.408272028 CEST | 22455 | 50015 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:51.408289909 CEST | 22455 | 50014 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:51.408390045 CEST | 50015 | 22455 | 192.168.2.7 | 154.21.14.89 |
Oct 8, 2024 00:43:51.413885117 CEST | 22455 | 50015 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:53.196394920 CEST | 22455 | 50015 | 154.21.14.89 | 192.168.2.7 |
Oct 8, 2024 00:43:53.196504116 CEST | 50015 | 22455 | 192.168.2.7 | 154.21.14.89 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 00:41:00.191730976 CEST | 50982 | 53 | 192.168.2.7 | 1.1.1.1 |
Oct 8, 2024 00:41:00.204094887 CEST | 53 | 50982 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 8, 2024 00:41:00.191730976 CEST | 192.168.2.7 | 1.1.1.1 | 0x24aa | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 8, 2024 00:41:00.204094887 CEST | 1.1.1.1 | 192.168.2.7 | 0x24aa | No error (0) | 154.21.14.89 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Analysis Process: Player reports algnet 07-10-2024 .pdf www.skype.com.exePID: 6444, Parent PID: 4056
Target ID: | 5 |
Start time: | 18:40:46 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x330000 |
File size: | 4'284'934 bytes |
MD5 hash: | 005245FCBCA50A836235392C802198A8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 18:40:47 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7973f0000 |
File size: | 500'488 bytes |
MD5 hash: | 00CED89A573AD1E1F96C94C763222E1E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 8 |
Start time: | 18:40:54 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62cef0000 |
File size: | 25'088 bytes |
MD5 hash: | B0C2FA35D14A9FAD919E99D9D75E1B9E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 11 |
Start time: | 18:40:54 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66b850000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 18:40:55 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62cef0000 |
File size: | 25'088 bytes |
MD5 hash: | B0C2FA35D14A9FAD919E99D9D75E1B9E |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 18:40:55 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\reg.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff776990000 |
File size: | 77'312 bytes |
MD5 hash: | 227F63E1D9008B36BDBCC4B397780BE4 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 14 |
Start time: | 18:40:55 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75da10000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 20 |
Start time: | 20:10:00 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62cef0000 |
File size: | 25'088 bytes |
MD5 hash: | B0C2FA35D14A9FAD919E99D9D75E1B9E |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 8.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 1.3% |
Total number of Nodes: | 1407 |
Total number of Limit Nodes: | 11 |
Graph
Function 00007FFB0C498340 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B9030 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C0370 Relevance: 214.4, APIs: 24, Strings: 98, Instructions: 878COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C9EF0 Relevance: 189.3, APIs: 3, Strings: 105, Instructions: 349COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B97B0 Relevance: 98.2, APIs: 9, Strings: 47, Instructions: 229registryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B91E0 Relevance: 94.7, APIs: 8, Strings: 46, Instructions: 217registryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C495C20 Relevance: 75.5, APIs: 5, Strings: 38, Instructions: 235synchronizationCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B9D10 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 119timefileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4A2230 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 51COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D2F00 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 32libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E4154 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498620 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 31libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4983E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498480 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C497FB0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 29libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498040 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B9650 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4CB1B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4A0220 Relevance: 4.6, APIs: 3, Instructions: 89COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4DF1B0 Relevance: 4.5, APIs: 3, Instructions: 27threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C9D40 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4DF114 Relevance: 3.0, APIs: 2, Instructions: 43threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D3314 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E32C0 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4A18A0 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4AE510 Relevance: 1.5, APIs: 1, Instructions: 19COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4939E0 Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E3FEC Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E4EAC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C16D0 Relevance: 230.0, APIs: 20, Strings: 111, Instructions: 759COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B3830 Relevance: 37.0, APIs: 5, Strings: 16, Instructions: 257COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4F03E8 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4EEE88 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4EF8D0 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B3530 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B3250 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 136fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D9238 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E0310 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E44C4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E9B1C Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E5478 Relevance: 2.6, Strings: 2, Instructions: 144COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4EF1E4 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4EF2B4 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E40D8 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E4FE4 Relevance: 1.5, Strings: 1, Instructions: 254COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4DA840 Relevance: 1.5, Strings: 1, Instructions: 250COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4DABD8 Relevance: 1.5, Strings: 1, Instructions: 247COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4EE8F8 Relevance: .3, Instructions: 271COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4F1E64 Relevance: .2, Instructions: 183COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E1958 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4F4F90 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C5B00 Relevance: 86.2, APIs: 11, Strings: 38, Instructions: 410COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C49D550 Relevance: 49.3, APIs: 5, Strings: 23, Instructions: 293COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B2CD0 Relevance: 49.2, APIs: 9, Strings: 19, Instructions: 233processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C6A50 Relevance: 42.2, APIs: 3, Strings: 21, Instructions: 228COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C6420 Relevance: 42.2, APIs: 4, Strings: 20, Instructions: 226COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C49F460 Relevance: 42.2, APIs: 4, Strings: 20, Instructions: 206COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C49EF30 Relevance: 38.7, APIs: 3, Strings: 19, Instructions: 247COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C49E7E0 Relevance: 35.4, APIs: 4, Strings: 16, Instructions: 356COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C72B0 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 190COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C7670 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 361COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C8380 Relevance: 26.3, APIs: 5, Strings: 10, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C88C0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 262windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C7EC0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 115COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4DC7B8 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4BAB70 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 375COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D6458 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 310COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E8EF8 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D8D0C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E2408 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4F44E4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4980D0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4982C0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498240 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 25libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498160 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 23libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4981D0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 23libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D3018 Relevance: 9.2, APIs: 6, Instructions: 206COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D246C Relevance: 9.1, APIs: 6, Instructions: 94threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4BC850 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 324COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E2580 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C84A0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 216COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4A1240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C7190 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4A5840 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498590 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E1248 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4986C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E9800 Relevance: 7.7, APIs: 5, Instructions: 196COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4F4D88 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E2648 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D6928 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 320COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E82D4 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E8010 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 214COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E8B10 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 204fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D709C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D56B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D6E2C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D761C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B7CB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C8110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C497DA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D1174 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E6C48 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E7608 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D41E8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D7854 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D7E90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E72E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4A8640 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D4720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B12B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 0.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 63 |
Total number of Limit Nodes: | 1 |
Graph
Function 00007FFB0C495C20 Relevance: 75.5, APIs: 5, Strings: 38, Instructions: 235synchronizationCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E3FEC Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4EEE88 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4EF8D0 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B3530 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B3250 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 136fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D9238 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C9EF0 Relevance: 189.3, APIs: 3, Strings: 105, Instructions: 349COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B97B0 Relevance: 98.2, APIs: 9, Strings: 47, Instructions: 229registryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B91E0 Relevance: 94.7, APIs: 8, Strings: 46, Instructions: 217registryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C5B00 Relevance: 86.2, APIs: 11, Strings: 38, Instructions: 410COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C49D550 Relevance: 49.3, APIs: 5, Strings: 23, Instructions: 293COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B2CD0 Relevance: 49.2, APIs: 9, Strings: 19, Instructions: 233processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C6A50 Relevance: 42.2, APIs: 3, Strings: 21, Instructions: 228COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C6420 Relevance: 42.2, APIs: 4, Strings: 20, Instructions: 226COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C49F460 Relevance: 42.2, APIs: 4, Strings: 20, Instructions: 206COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C49EF30 Relevance: 38.7, APIs: 3, Strings: 19, Instructions: 247COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B3830 Relevance: 37.0, APIs: 5, Strings: 16, Instructions: 257COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C49E7E0 Relevance: 35.4, APIs: 4, Strings: 16, Instructions: 356COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C72B0 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 190COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C7670 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 361COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C8380 Relevance: 26.3, APIs: 5, Strings: 10, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C88C0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 262windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C7EC0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 115COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B9D10 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 119timefileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4A2230 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 51COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D2F00 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 32libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E4154 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4DC7B8 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4BAB70 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 375COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D6458 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 310COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E8EF8 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D8D0C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E2408 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4F44E4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498620 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4980D0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4982C0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498040 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498240 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 25libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498160 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 23libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4981D0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 23libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D3018 Relevance: 9.2, APIs: 6, Instructions: 206COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D246C Relevance: 9.1, APIs: 6, Instructions: 94threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4BC850 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 324COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E2580 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C84A0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 216COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B9650 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C7190 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4A5840 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498590 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498340 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4983E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498480 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C497FB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E1248 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C498510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4986C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E9800 Relevance: 7.7, APIs: 5, Instructions: 196COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4F4D88 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E2648 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D6928 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 320COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E82D4 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E8010 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E8B10 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 204fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D709C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D56B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D6E2C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D761C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B7CB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C8110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C497DA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B9030 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E6C48 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E7608 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D41E8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D7854 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D7E90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E72E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D4720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B12B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 0.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 63 |
Total number of Limit Nodes: | 1 |
Graph
Function 00007FFB0C495C20 Relevance: 75.5, APIs: 5, Strings: 38, Instructions: 235synchronizationCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E3FEC Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4EEE88 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B2CD0 Relevance: 49.2, APIs: 9, Strings: 19, Instructions: 233processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C6A50 Relevance: 42.2, APIs: 3, Strings: 21, Instructions: 228COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C49EF30 Relevance: 38.7, APIs: 3, Strings: 19, Instructions: 247COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4C88C0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 262windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D2F00 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 32libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4BAB70 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 375COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E8EF8 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D8D0C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4F44E4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D3018 Relevance: 9.2, APIs: 6, Instructions: 206COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4F4D88 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D6928 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 320COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E8B10 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 204fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4D6E2C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4B9030 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFB0C4E6C48 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|