Analysis Report b2NaDSFu9T.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: NanoCore |
---|
{"Version": ".0.0.0,", "Mutex": "21f4355e-8257-4e77-8f1b-c822c6ea", "Group": "BUILD", "Domain1": "79.134.225.26", "Domain2": "nassiru1166main.ddns.net", "Port": 1133, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | ||
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
Click to see the 2 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_04F50460 | |
Source: | Code function: | 0_2_04F50451 | |
Source: | Code function: | 0_2_04F505A8 | |
Source: | Code function: | 0_2_04F50598 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_04F60032 | |
Source: | Code function: | 0_2_04F60007 |
Source: | Code function: | 0_2_02B94290 | |
Source: | Code function: | 0_2_02B92620 | |
Source: | Code function: | 0_2_02B97468 | |
Source: | Code function: | 0_2_02B93988 | |
Source: | Code function: | 0_2_02B93180 | |
Source: | Code function: | 0_2_02B95130 | |
Source: | Code function: | 0_2_02B94282 | |
Source: | Code function: | 0_2_02B96AF8 | |
Source: | Code function: | 0_2_02B96AE8 | |
Source: | Code function: | 0_2_02B97ED0 | |
Source: | Code function: | 0_2_02B95E28 | |
Source: | Code function: | 0_2_02B96E20 | |
Source: | Code function: | 0_2_02B9BA20 | |
Source: | Code function: | 0_2_02B95E19 | |
Source: | Code function: | 0_2_02B92610 | |
Source: | Code function: | 0_2_02B96E10 | |
Source: | Code function: | 0_2_02B97268 | |
Source: | Code function: | 0_2_02B97258 | |
Source: | Code function: | 0_2_02B97E54 | |
Source: | Code function: | 0_2_02B94FFF | |
Source: | Code function: | 0_2_02B930D0 | |
Source: | Code function: | 0_2_02B9BC38 | |
Source: | Code function: | 0_2_02B95038 | |
Source: | Code function: | 0_2_02B97018 | |
Source: | Code function: | 0_2_02B97008 | |
Source: | Code function: | 0_2_02B97459 | |
Source: | Code function: | 0_2_02B9B598 | |
Source: | Code function: | 0_2_02B93DE8 | |
Source: | Code function: | 0_2_02B93938 | |
Source: | Code function: | 0_2_02B93978 | |
Source: | Code function: | 0_2_04F50133 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_007C8BA4 | |
Source: | Code function: | 0_2_007C9E84 | |
Source: | Code function: | 0_2_007C9484 | |
Source: | Code function: | 0_2_007C9EA0 | |
Source: | Code function: | 0_2_02B99073 |
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM3 | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior |
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection312 | Masquerading1 | Input Capture1 | Security Software Discovery11 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion21 | Security Account Manager | Virtualization/Sandbox Evasion21 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection312 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Hidden Files and Directories1 | LSA Secrets | System Information Discovery2 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information3 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Software Packing2 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | Virustotal | Browse | ||
17% | ReversingLabs | ByteCode-MSIL.Backdoor.NanoBot |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
79.134.225.26 | unknown | Switzerland | 6775 | FINK-TELECOM-SERVICESCH | true |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 402647 |
Start date: | 03.05.2021 |
Start time: | 11:34:42 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 44s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | b2NaDSFu9T.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@3/3@0/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
11:35:53 | API Interceptor | |
11:35:55 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
79.134.225.26 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
FINK-TELECOM-SERVICESCH | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\b2NaDSFu9T.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 664 |
Entropy (8bit): | 5.288448637977022 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9 |
MD5: | B1DB55991C3DA14E35249AEA1BC357CA |
SHA1: | 0DD2D91198FDEF296441B12F1A906669B279700C |
SHA-256: | 34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC |
SHA-512: | BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 432 |
Entropy (8bit): | 7.012278113302776 |
Encrypted: | false |
SSDEEP: | 12:X4LEnybgCF7wHJyCe8O6LEnybgCF7wHJyCe8Oh:IQnybgCyHJ5lQnybgCyHJ5i |
MD5: | 9D28662484E30E8B7C123705C7B0C8E6 |
SHA1: | BFB9A9E2BDC178B5E8FE1CDFB68D65D8D7F4840A |
SHA-256: | F699DB97FD0C37997AA67809552C1B2C6500E07660D0540055896615F12A90D7 |
SHA-512: | 58303088530E6548BBFB1800A52221CE5A29E33A48442DD16524EB1021850E902C0E01FE9035CC8C794E966AFD6A7FA950974E3F1B320A8F37F6090C6D7D3820 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:cmr8tn:cNtn |
MD5: | 0DC2073C953398D28C9D8E44EEA5ADA1 |
SHA1: | FA0FA923069FACF1AF850D9672C0FC451328C71E |
SHA-256: | 7376B029584CD7CC2E8EB49E35D9243124AFA2AC557B6141C94788BADD19002A |
SHA-512: | 83053423035A70D10B0FD614E2267EBE4E6995920E0CF5439CF42E4CFFFB201E3C89E2BFCB9608B0BB9D12B813B0BB0ADC2EBB6A989E2394C7AE162044D84951 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.956232639570589 |
TrID: |
|
File name: | b2NaDSFu9T.exe |
File size: | 1141760 |
MD5: | 042aa11c6d49e1cca5923f02d1b0a5ae |
SHA1: | 5a89ff2f9702a53fb638b8c7229ba868aaa58ae9 |
SHA256: | 3383218b916baf1a46989c4f253b29eb81e97ac763ab71615c81d85a18495f34 |
SHA512: | 6d0551584f1f4c5391012111be3bc251026d3db6a531ab7a8ce0d41cf278a254bc8a0bc66690a1a93c3bf52c2c1c70e7fcd94e4b8812bcea95efa8bda86d7184 |
SSDEEP: | 24576:jVdIEYuS48YvtC/X4kRxlhtJftkKrEMAtugu+/a:jEjX48uAzJEMZry |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............P..X...........w... ........@.. ....................................@................................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x517792 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x608FA4A3 [Mon May 3 07:22:11 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v2.0.50727 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x117740 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x118000 | 0xed0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x11a000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x115798 | 0x115800 | False | 0.960257425394 | data | 7.96059480846 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x118000 | 0xed0 | 0x1000 | False | 0.3740234375 | data | 4.74787952307 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x11a000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x118090 | 0x3a4 | data | ||
RT_MANIFEST | 0x118444 | 0xa85 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2018 |
Assembly Version | 1.0.0.0 |
InternalName | InterfaceTypeAttribute.exe |
FileVersion | 1.0.1.35 |
CompanyName | Unguest |
LegalTrademarks | Unguest |
Comments | A light media player |
ProductName | LightWatch |
ProductVersion | 1.0.1.35 |
FileDescription | LightWatch |
OriginalFilename | InterfaceTypeAttribute.exe |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/03/21-11:35:57.731947 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49707 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:36:04.057658 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49716 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:36:10.300646 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49721 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:36:16.535954 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49724 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:36:32.356162 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49728 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:36:38.604791 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49729 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:36:44.807678 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49730 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:36:51.125432 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49731 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:36:57.381214 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49738 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:37:03.896572 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49744 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:37:13.224491 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49745 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:37:19.689841 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49746 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:37:29.259378 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:37:35.503934 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49759 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:37:41.765593 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:37:48.076433 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49761 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:37:54.385213 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49762 | 1133 | 192.168.2.7 | 79.134.225.26 |
05/03/21-11:38:00.574763 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49763 | 1133 | 192.168.2.7 | 79.134.225.26 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 3, 2021 11:35:57.175148964 CEST | 49707 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:35:57.595338106 CEST | 1133 | 49707 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:35:57.595468044 CEST | 49707 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:35:57.731946945 CEST | 49707 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:35:58.683852911 CEST | 49707 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:35:59.095221043 CEST | 1133 | 49707 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:35:59.095515966 CEST | 49707 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:35:59.475019932 CEST | 1133 | 49707 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:35:59.625859976 CEST | 49707 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:35:59.975164890 CEST | 1133 | 49707 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:35:59.975369930 CEST | 49707 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:03.701108932 CEST | 49716 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:04.056865931 CEST | 1133 | 49716 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:04.056981087 CEST | 49716 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:04.057657957 CEST | 49716 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:04.483517885 CEST | 1133 | 49716 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:04.483618975 CEST | 49716 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:04.535276890 CEST | 1133 | 49716 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:04.535418987 CEST | 49716 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:04.915105104 CEST | 1133 | 49716 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:04.915201902 CEST | 49716 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:05.275497913 CEST | 1133 | 49716 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:05.277007103 CEST | 49716 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:05.735222101 CEST | 1133 | 49716 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:05.735450983 CEST | 49716 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:05.873095989 CEST | 49716 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:06.155128956 CEST | 1133 | 49716 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:06.155272961 CEST | 49716 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:09.895852089 CEST | 49721 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:10.295373917 CEST | 1133 | 49721 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:10.295598984 CEST | 49721 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:10.300646067 CEST | 49721 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:11.184920073 CEST | 49721 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:12.092092037 CEST | 49721 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:12.483063936 CEST | 1133 | 49721 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:12.483128071 CEST | 49721 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:16.109191895 CEST | 49724 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:16.535310984 CEST | 1133 | 49724 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:16.535440922 CEST | 49724 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:16.535953999 CEST | 49724 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:16.975370884 CEST | 1133 | 49724 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:16.975955009 CEST | 49724 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:17.075939894 CEST | 1133 | 49724 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:17.076164007 CEST | 49724 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:17.455312014 CEST | 1133 | 49724 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:17.458092928 CEST | 49724 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:17.564977884 CEST | 1133 | 49724 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:17.565160036 CEST | 49724 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:17.863342047 CEST | 1133 | 49724 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:17.864617109 CEST | 49724 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:18.236253977 CEST | 1133 | 49724 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:18.483088017 CEST | 49724 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:18.835776091 CEST | 1133 | 49724 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:18.835900068 CEST | 49724 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:22.543319941 CEST | 49725 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:22.895484924 CEST | 1133 | 49725 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:22.895659924 CEST | 49725 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:23.134715080 CEST | 49725 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:23.857887030 CEST | 49725 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:24.216471910 CEST | 1133 | 49725 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:24.216588974 CEST | 49725 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:24.623435974 CEST | 1133 | 49725 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:24.936151028 CEST | 49725 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:24.936708927 CEST | 49725 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:25.323057890 CEST | 1133 | 49725 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:25.324203014 CEST | 49725 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:28.954962015 CEST | 49728 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:31.967937946 CEST | 49728 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:32.355309963 CEST | 1133 | 49728 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:32.355513096 CEST | 49728 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:32.356162071 CEST | 49728 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:32.755695105 CEST | 1133 | 49728 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:32.755803108 CEST | 49728 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:32.935302019 CEST | 1133 | 49728 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:32.936120033 CEST | 49728 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:33.225116968 CEST | 1133 | 49728 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:33.227468014 CEST | 49728 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:33.355937958 CEST | 1133 | 49728 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:33.358747959 CEST | 49728 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:33.776004076 CEST | 1133 | 49728 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:34.218465090 CEST | 49728 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:34.623622894 CEST | 1133 | 49728 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:34.623821020 CEST | 49728 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:37.735433102 CEST | 1133 | 49728 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:37.735807896 CEST | 49728 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:38.235639095 CEST | 49729 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:38.603579044 CEST | 1133 | 49729 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:38.603712082 CEST | 49729 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:38.604790926 CEST | 49729 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:39.037123919 CEST | 1133 | 49729 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:39.037262917 CEST | 49729 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:39.178581953 CEST | 1133 | 49729 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:39.178910017 CEST | 49729 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:39.562207937 CEST | 1133 | 49729 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:39.796814919 CEST | 49729 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:40.223459959 CEST | 1133 | 49729 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:40.422703028 CEST | 49729 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:40.819509983 CEST | 1133 | 49729 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:40.819602966 CEST | 49729 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:44.439085960 CEST | 49730 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:44.806266069 CEST | 1133 | 49730 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:44.806550026 CEST | 49730 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:44.807677984 CEST | 49730 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:45.243351936 CEST | 1133 | 49730 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:45.243669033 CEST | 49730 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:45.315788984 CEST | 1133 | 49730 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:45.316051960 CEST | 49730 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:45.675178051 CEST | 1133 | 49730 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:45.675410986 CEST | 49730 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:46.054255962 CEST | 1133 | 49730 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:46.054393053 CEST | 49730 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:46.524089098 CEST | 1133 | 49730 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:46.524578094 CEST | 49730 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:46.704169035 CEST | 49730 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:46.971729040 CEST | 1133 | 49730 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:46.972565889 CEST | 49730 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:50.720520020 CEST | 49731 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:51.121427059 CEST | 1133 | 49731 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:51.124901056 CEST | 49731 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:51.125432014 CEST | 49731 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:51.575300932 CEST | 1133 | 49731 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:51.575481892 CEST | 49731 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:51.663295984 CEST | 1133 | 49731 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:51.663439035 CEST | 49731 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:51.995423079 CEST | 1133 | 49731 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:51.995719910 CEST | 49731 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:52.055345058 CEST | 1133 | 49731 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:52.404304981 CEST | 1133 | 49731 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:52.404422045 CEST | 49731 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:52.855268002 CEST | 1133 | 49731 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:52.855398893 CEST | 49731 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:52.939629078 CEST | 49731 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:53.335131884 CEST | 1133 | 49731 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:53.335197926 CEST | 49731 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:56.955949068 CEST | 49738 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:57.376564026 CEST | 1133 | 49738 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:57.380486965 CEST | 49738 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:57.381213903 CEST | 49738 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:58.204518080 CEST | 49738 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:58.575469017 CEST | 1133 | 49738 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:58.575623035 CEST | 49738 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:58.972543955 CEST | 1133 | 49738 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:59.330426931 CEST | 49738 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:36:59.735358953 CEST | 1133 | 49738 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:36:59.735481977 CEST | 49738 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:03.431855917 CEST | 49744 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:03.895447969 CEST | 1133 | 49744 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:03.895607948 CEST | 49744 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:03.896572113 CEST | 49744 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:04.362009048 CEST | 1133 | 49744 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:04.362688065 CEST | 49744 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:04.404028893 CEST | 1133 | 49744 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:04.404421091 CEST | 49744 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:04.755207062 CEST | 1133 | 49744 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:04.761480093 CEST | 49744 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:05.642630100 CEST | 49744 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:05.799334049 CEST | 49744 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:06.024451017 CEST | 1133 | 49744 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:06.024600029 CEST | 49744 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:06.155391932 CEST | 1133 | 49744 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:06.155472994 CEST | 49744 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:09.816222906 CEST | 49745 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:12.815054893 CEST | 49745 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:13.223360062 CEST | 1133 | 49745 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:13.223948956 CEST | 49745 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:13.224490881 CEST | 49745 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:13.663769960 CEST | 1133 | 49745 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:13.663918972 CEST | 49745 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:13.735486031 CEST | 1133 | 49745 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:13.736114025 CEST | 49745 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:14.075105906 CEST | 1133 | 49745 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:14.075207949 CEST | 49745 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:14.472498894 CEST | 1133 | 49745 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:14.472604036 CEST | 49745 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:14.995152950 CEST | 1133 | 49745 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:14.995335102 CEST | 49745 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:15.221925974 CEST | 49745 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:15.395771980 CEST | 1133 | 49745 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:15.395848036 CEST | 49745 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:15.575145960 CEST | 1133 | 49745 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:15.575259924 CEST | 49745 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:19.251374960 CEST | 49746 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:19.685560942 CEST | 1133 | 49746 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:19.689208984 CEST | 49746 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:19.689841032 CEST | 49746 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:20.550096989 CEST | 49746 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:20.896074057 CEST | 1133 | 49746 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:20.896208048 CEST | 49746 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:21.315521002 CEST | 1133 | 49746 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:21.727108955 CEST | 49746 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:22.095381021 CEST | 1133 | 49746 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:22.095489025 CEST | 49746 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:25.739156008 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:28.893728018 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:29.255350113 CEST | 1133 | 49750 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:29.255439997 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:29.259377956 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:29.675230026 CEST | 1133 | 49750 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:29.675394058 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:29.835203886 CEST | 1133 | 49750 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:29.836247921 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:30.095314026 CEST | 1133 | 49750 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:30.095423937 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:30.283109903 CEST | 1133 | 49750 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:30.283220053 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:30.551378012 CEST | 1133 | 49750 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:30.553307056 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:30.743343115 CEST | 1133 | 49750 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:30.743438959 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:30.975174904 CEST | 1133 | 49750 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:30.975298882 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:31.113794088 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:31.135611057 CEST | 1133 | 49750 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:31.135684013 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:31.303210974 CEST | 1133 | 49750 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:31.303330898 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:31.344166994 CEST | 1133 | 49750 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:31.344243050 CEST | 49750 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:35.130980015 CEST | 49759 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:35.503276110 CEST | 1133 | 49759 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:35.503386021 CEST | 49759 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:35.503933907 CEST | 49759 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:35.959127903 CEST | 1133 | 49759 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:35.959300995 CEST | 49759 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:36.038273096 CEST | 1133 | 49759 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:36.038470984 CEST | 49759 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:36.435445070 CEST | 1133 | 49759 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:36.435661077 CEST | 49759 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:36.777559996 CEST | 1133 | 49759 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:36.777698040 CEST | 49759 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:37.255541086 CEST | 1133 | 49759 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:37.255662918 CEST | 49759 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:37.349136114 CEST | 49759 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:37.635200024 CEST | 1133 | 49759 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:37.635289907 CEST | 49759 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:41.366235971 CEST | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:41.764653921 CEST | 1133 | 49760 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:41.764853001 CEST | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:41.765593052 CEST | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:42.295483112 CEST | 1133 | 49760 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:42.295746088 CEST | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:42.415210962 CEST | 1133 | 49760 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:42.415417910 CEST | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:42.695240974 CEST | 1133 | 49760 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:42.695467949 CEST | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:42.855477095 CEST | 1133 | 49760 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:42.855736017 CEST | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:43.063380957 CEST | 1133 | 49760 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:43.063657999 CEST | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:43.275245905 CEST | 1133 | 49760 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:43.275389910 CEST | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:43.495148897 CEST | 1133 | 49760 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:43.495332956 CEST | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:43.615475893 CEST | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:43.911772013 CEST | 1133 | 49760 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:43.912015915 CEST | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:44.015336037 CEST | 1133 | 49760 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:44.015667915 CEST | 49760 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:47.635305882 CEST | 49761 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:48.075356007 CEST | 1133 | 49761 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:48.075469971 CEST | 49761 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:48.076432943 CEST | 49761 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:48.503351927 CEST | 1133 | 49761 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:48.503626108 CEST | 49761 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:48.617268085 CEST | 1133 | 49761 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:48.617419958 CEST | 49761 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:48.955564022 CEST | 1133 | 49761 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:48.955677986 CEST | 49761 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:49.375871897 CEST | 1133 | 49761 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:49.376141071 CEST | 49761 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:49.943365097 CEST | 49761 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:49.975102901 CEST | 49761 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:50.369410038 CEST | 1133 | 49761 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:50.369503021 CEST | 49761 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:53.993360996 CEST | 49762 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:54.384253025 CEST | 1133 | 49762 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:37:54.384483099 CEST | 49762 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:54.385212898 CEST | 49762 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:55.162393093 CEST | 49762 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:37:56.194441080 CEST | 49762 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:38:00.211968899 CEST | 49763 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:38:00.573558092 CEST | 1133 | 49763 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:38:00.573913097 CEST | 49763 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:38:00.574763060 CEST | 49763 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:38:01.012358904 CEST | 1133 | 49763 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:38:01.075212955 CEST | 1133 | 49763 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:38:01.075807095 CEST | 49763 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:38:01.447921991 CEST | 1133 | 49763 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:38:01.449681997 CEST | 49763 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:38:01.895262957 CEST | 1133 | 49763 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:38:02.023863077 CEST | 1133 | 49763 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:38:02.049216986 CEST | 49763 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:38:02.394028902 CEST | 1133 | 49763 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:38:02.409523010 CEST | 49763 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:38:02.823709965 CEST | 1133 | 49763 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:38:02.824639082 CEST | 49763 | 1133 | 192.168.2.7 | 79.134.225.26 |
May 3, 2021 11:38:03.223331928 CEST | 1133 | 49763 | 79.134.225.26 | 192.168.2.7 |
May 3, 2021 11:38:03.223412991 CEST | 49763 | 1133 | 192.168.2.7 | 79.134.225.26 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 11:35:52 |
Start date: | 03/05/2021 |
Path: | C:\Users\user\Desktop\b2NaDSFu9T.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7c0000 |
File size: | 1141760 bytes |
MD5 hash: | 042AA11C6D49E1CCA5923F02D1B0A5AE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 11:35:54 |
Start date: | 03/05/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x750000 |
File size: | 32768 bytes |
MD5 hash: | 71369277D09DA0830C8C59F9E22BB23A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | moderate |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 02B95038, Relevance: 1.6, Strings: 1, Instructions: 346COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B94FFF, Relevance: 1.6, Strings: 1, Instructions: 345COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04F60007, Relevance: 1.6, APIs: 1, Instructions: 55nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04F60032, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B95130, Relevance: 1.5, Strings: 1, Instructions: 274COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B930D0, Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B93180, Relevance: 1.4, Strings: 1, Instructions: 170COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B97E54, Relevance: .2, Instructions: 195COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04F50133, Relevance: .2, Instructions: 172COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B93938, Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B93978, Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B93DE8, Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B93988, Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B97468, Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B92620, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B94290, Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B92610, Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B94282, Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04F60145, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04F6017E, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B91E08, Relevance: 1.3, Strings: 1, Instructions: 74COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B992CE, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B98541, Relevance: 1.3, Strings: 1, Instructions: 10COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B905A8, Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90598, Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B91EEB, Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B922C2, Relevance: .2, Instructions: 154COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B93DF8, Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9A488, Relevance: .1, Instructions: 122COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90270, Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90280, Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90A48, Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90A58, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9E120, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90CE8, Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90CF8, Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B93B62, Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B93C80, Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B93B70, Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B93C90, Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90006, Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B917C7, Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9B308, Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B92566, Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B900F8, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BC075C, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BC0724, Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90F19, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B956D8, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9FDB0, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B956E8, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90108, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90F28, Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BC05CF, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B91690, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9E2F8, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B957A0, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B903E8, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90070, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B957B0, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B92590, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B909D9, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90532, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B903F8, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BC0818, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90220, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90452, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B909E8, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B93D99, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90540, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BC05F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90460, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9E6B0, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B93DA8, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B916B8, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B90230, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B917A1, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9292F, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B94F53, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B900ED, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9A3B0, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B94375, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9949D, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B900CD, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B92B67, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B98C93, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B98695, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B98586, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B98AC5, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B991F6, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B94F03, Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 02B96AE8, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B96AF8, Relevance: 1.4, Strings: 1, Instructions: 131COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B96E10, Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B96E20, Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9B598, Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9BC38, Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B95E28, Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B95E19, Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B97008, Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B97018, Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9BA20, Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B97ED0, Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B97258, Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04F50460, Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B97268, Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04F50451, Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B97459, Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04F50598, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04F505A8, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |