Analysis Report Shipping Documents Original BL, Invoice & Pa.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: NanoCore |
---|
{"Version": "1.2.2.0", "Mutex": "692d457c-2b26-4af6-a5f8-088a1838", "Group": "Default", "Domain1": "", "Domain2": "172.93.166.26", "Port": 4090, "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | ||
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Click to see the 3 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Click to see the 2 entries |
Sigma Overview |
---|
AV Detection: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
E-Banking Fraud: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
System Summary: |
---|
Sigma detected: System File Execution Location Anomaly | Show sources |
Source: | Author: Florian Roth, Patrick Bareiss, Anton Kutepov, oscd.community: |
Sigma detected: Possible Applocker Bypass | Show sources |
Source: | Author: juju4: |
Persistence and Installation Behavior: |
---|
Sigma detected: Scheduled temp file as task from temp location | Show sources |
Source: | Author: Joe Security: |
Stealing of Sensitive Information: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Remote Access Functionality: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_07A4B700 | |
Source: | Code function: | 0_2_07A4CFA0 | |
Source: | Code function: | 0_2_07A4DCA0 | |
Source: | Code function: | 0_2_07A4DB60 | |
Source: | Code function: | 0_2_07A4DAA0 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
E-Banking Fraud: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_014FC2B0 | |
Source: | Code function: | 0_2_014F9990 | |
Source: | Code function: | 0_2_07A4ACE8 | |
Source: | Code function: | 0_2_07A4C138 | |
Source: | Code function: | 0_2_07A457C8 | |
Source: | Code function: | 0_2_07A457D8 | |
Source: | Code function: | 0_2_07A45520 | |
Source: | Code function: | 0_2_07A45510 | |
Source: | Code function: | 0_2_07A40BD8 | |
Source: | Code function: | 0_2_07A40B2B | |
Source: | Code function: | 0_2_07A440F8 | |
Source: | Code function: | 0_2_07A40007 | |
Source: | Code function: | 0_2_07A45068 | |
Source: | Code function: | 0_2_07A47068 | |
Source: | Code function: | 0_2_07A45078 | |
Source: | Code function: | 0_2_07A40040 | |
Source: | Code function: | 0_2_0952BBB0 | |
Source: | Code function: | 0_2_09528BAA | |
Source: | Code function: | 0_2_09520040 | |
Source: | Code function: | 0_2_0952B3F8 | |
Source: | Code function: | 0_2_0952D590 | |
Source: | Code function: | 0_2_0952C620 | |
Source: | Code function: | 0_2_0952F858 | |
Source: | Code function: | 0_2_0952F868 | |
Source: | Code function: | 0_2_0952A800 | |
Source: | Code function: | 0_2_0952FAC0 | |
Source: | Code function: | 0_2_0952FAB1 | |
Source: | Code function: | 0_2_095291A0 | |
Source: | Code function: | 0_2_0952C098 | |
Source: | Code function: | 0_2_0952C0A0 | |
Source: | Code function: | 0_2_09523250 | |
Source: | Code function: | 0_2_0952E240 | |
Source: | Code function: | 0_2_0952E231 | |
Source: | Code function: | 0_2_0952D55E | |
Source: | Code function: | 0_2_0952F630 | |
Source: | Code function: | 0_2_0952F621 | |
Source: | Code function: | 6_2_00BE5CF9 | |
Source: | Code function: | 6_2_00BE2148 | |
Source: | Code function: | 6_2_00BE4A20 | |
Source: | Code function: | 6_2_00BE2133 | |
Source: | Code function: | 6_2_00BE1A40 | |
Source: | Code function: | 8_2_00EC5868 | |
Source: | Code function: | 8_2_00EC4580 | |
Source: | Code function: | 8_2_00EC2148 | |
Source: | Code function: | 8_2_00EC1A40 | |
Source: | Code function: | 8_2_00EC2133 | |
Source: | Code function: | 10_2_01732370 | |
Source: | Code function: | 10_2_01735208 | |
Source: | Code function: | 10_2_01731A40 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Task registration methods: | ||
Source: | Task registration methods: | ||
Source: | Task registration methods: | ||
Source: | Task registration methods: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0952E4F7 |
Source: | Static PE information: |
Persistence and Installation Behavior: |
---|
Source: | File created: | |||
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules | Show sources |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection: |
---|
DLL reload attack detected | Show sources |
Source: | Module Loaded: |
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM3 | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
.NET source code references suspicious native API functions | Show sources |
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Detected Nanocore Rat | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation1 | Scheduled Task/Job11 | Process Injection211 | Masquerading2 | OS Credential Dumping | Security Software Discovery111 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job11 | DLL Side-Loading1 | Scheduled Task/Job11 | Disable or Modify Tools1 | LSASS Memory | Process Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Remote Access Software1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Native API1 | Logon Script (Windows) | DLL Side-Loading1 | Virtualization/Sandbox Evasion21 | Security Account Manager | Virtualization/Sandbox Evasion21 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol11 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection211 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Hidden Files and Directories1 | LSA Secrets | System Information Discovery12 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information3 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Software Packing2 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | DLL Side-Loading1 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
6% | ReversingLabs | |||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| low | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.93.166.26 | unknown | United States | 22653 | GLOBALCOMPASSUS | true |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 403691 |
Start date: | 04.05.2021 |
Start time: | 10:29:25 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 31s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Shipping Documents Original BL, Invoice & Pa.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@15/14@0/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
10:30:22 | API Interceptor | |
10:30:28 | Task Scheduler | |
10:30:28 | API Interceptor | |
10:30:30 | Autostart | |
10:30:31 | Task Scheduler |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
GLOBALCOMPASSUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 261728 |
Entropy (8bit): | 6.1750840449797675 |
Encrypted: | false |
SSDEEP: | 3072:Mao0QHGUQWWimj9q/NLpj/WWqvAw2XpFU4rwOe4ubZSif02RFi/x2uv9FeP:boZTTWxxqVpqWVRXfr802biprVu |
MD5: | D621FD77BD585874F9686D3A76462EF1 |
SHA1: | ABCAE05EE61EE6292003AABD8C80583FA49EDDA2 |
SHA-256: | 2CA7CF7146FB8209CF3C6CECB1C5AA154C61E046DC07AFA05E8158F2C0DDE2F6 |
SHA-512: | 2D85A81D708ECC8AF9A1273143C94DA84E632F1E595E22F54B867225105A1D0A44F918F0FAE6F1EB15ECF69D75B6F4616699776A16A2AA8B5282100FD15CA74C |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | modified |
Size (bytes): | 841 |
Entropy (8bit): | 5.356220854328477 |
Encrypted: | false |
SSDEEP: | 24:ML9E4Ks2wKDE4KhK3VZ9pKhPKIE4oKFKHKoIvEE4xDqE4j:MxHKXwYHKhQnoPtHoxHwvEHxDqHj |
MD5: | 486580834B084C92AE1F3866166C9C34 |
SHA1: | C8EB7E1CEF55A6C9EB931487E9AA4A2098AACEDF |
SHA-256: | 65C5B1213E371D449E2A239557A5F250FEA1D3473A1B5C4C5FF7492085F663FB |
SHA-512: | 2C54B638A52AA87F47CAB50859EFF98F07DA02993A596686B5617BA99E73ABFCD104F0F33209E24AFB32E66B4B8A225D4DB2CC79631540C21E7E8C4573DFD457 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping Documents Original BL, Invoice & Pa.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1314 |
Entropy (8bit): | 5.350128552078965 |
Encrypted: | false |
SSDEEP: | 24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR |
MD5: | 1DC1A2DCC9EFAA84EABF4F6D6066565B |
SHA1: | B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9 |
SHA-256: | 28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF |
SHA-512: | 95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7 |
Malicious: | true |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1037 |
Entropy (8bit): | 5.371216502395632 |
Encrypted: | false |
SSDEEP: | 24:ML9E4Ks2wKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7KvEE4xDqE4j:MxHKXwYHKhQnoPtHoxHhAHKzvKvEHxD0 |
MD5: | C7F28B87C2CAD111D929CB9A0FF822F8 |
SHA1: | C2CF9E7A3F6EFD9000FE76EBE54E4E9AE5754267 |
SHA-256: | D1B02C20EACF464229AB063FA947A525E2ED7772259A8F70C7205DC13599EAE6 |
SHA-512: | E0F35874E02AB672CFF0553A0DA0864DAB14C05733D06395E4D0C9CDFC6F445E940310F8D01E3E1B28895F636DFBC1F510E103D1C46818400BA4E7371D8F254D |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1320 |
Entropy (8bit): | 5.137611098420233 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0moxtn:cbk4oL600QydbQxIYODOLedq3Zoj |
MD5: | 3E2B26ED8B75AE83A269595180E84EF6 |
SHA1: | D30A0335FCCE406BCA8BA5764288235E6192F608 |
SHA-256: | 108BE30AEB8EB31C185A39A6726F26DACBC4E4124951C61A29ADE4B7038C71EA |
SHA-512: | B6981C68FCB886CC8379A068B96931B9D4F5CC5AA9BDC467E36C4168FE6C5273A2A84D8850B12C11703EC03AC6B1F1950D1E669EFCB59FC2402CE4BBA9DC03D3 |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310 |
Entropy (8bit): | 5.109425792877704 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j |
MD5: | 5C2F41CFC6F988C859DA7D727AC2B62A |
SHA1: | 68999C85FC7E37BAB9216E0099836D40D4545C1C |
SHA-256: | 98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B |
SHA-512: | B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1856 |
Entropy (8bit): | 7.109925499344649 |
Encrypted: | false |
SSDEEP: | 48:IkXEUg6ikXEUg6ikXEUg6ikXEUg6ikXEUg6ikXEUg6ikXEUg6ikXEUg6Z:06y6y6y6y6y6y6y6Z |
MD5: | B75C7318FEA570C38EC018F2E906702F |
SHA1: | 05B91D7DFF32A62966BA7C58BD42C60E70C8C54B |
SHA-256: | 828C3ECDFC1F82F6D579A4FA1D140D1AFF98A986D5B10A5B94BD0EC19C8D3BB6 |
SHA-512: | 75FF9ACA7EF41FE7ED8D9FAD0CB11A68F002AF79A3D7AB79314D473D6F5A30B557A7D9FD470B6F3FF75F690D70446FC5286CC5015DBF8AFCF73FBE725EEECB0C |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:Pcn:0n |
MD5: | DE7A67A3040AC701DA32B2080CBB7529 |
SHA1: | 8F9F4EC574D3C30BBD666DF38D513CA1E9B234FC |
SHA-256: | 0B977E561E1A854A31E242E5E68D143D677A9EB875A5D5FB49C30C547DF2D6FD |
SHA-512: | B4ACF0DBD66C30C84B85C656B6A83AF8A088A74679CE26196698BF38271AF78F2BC9F002647171B1C298B12230EF69BA6199BD2C33256C44E67E121A5E4013EA |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40 |
Entropy (8bit): | 5.221928094887364 |
Encrypted: | false |
SSDEEP: | 3:9bzY6oRDMjmPl:RzWDMCd |
MD5: | AE0F5E6CE7122AF264EC533C6B15A27B |
SHA1: | 1265A495C42EED76CC043D50C60C23297E76CCE1 |
SHA-256: | 73B0B92179C61C26589B47E9732CE418B07EDEE3860EE5A2A5FB06F3B8AA9B26 |
SHA-512: | DD44C2D24D4E3A0F0B988AD3D04683B5CB128298043134649BBE33B2512CE0C9B1A8E7D893B9F66FBBCDD901E2B0646C4533FB6C0C8C4AFCB95A0EFB95D446F8 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 315512 |
Entropy (8bit): | 7.999402922203056 |
Encrypted: | true |
SSDEEP: | 6144:m8aeVE5MlgWfxwY/8uvJYRDMVpXUhXShjVd/WNXlMjwmZ/zVR5X7HZEKiMIqrjG:mfwiMdxwYEYyWVjVpW7mZBDCgrjG |
MD5: | 787AEB1604A638B138739ED060141E9D |
SHA1: | A2D0680883E8C6FF3DDE0A177263B03E7644D4AA |
SHA-256: | DCCB67209560E2E27A4F284CD7E412926303ABD4E77927F9A1BAF8B0B8994B45 |
SHA-512: | 9E49E851465F07ABA6AB44AD6B7561004AD61C4794FE167C6C724994159714AF8D2AC8ECCCE128F84BC6A7607BA05CD891CFD2C9EDE9D9EFA860346F6004360E |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57 |
Entropy (8bit): | 4.887726803973036 |
Encrypted: | false |
SSDEEP: | 3:oMty8WddSJ8:oMLW6C |
MD5: | 6ECAFC0490DAB08E4A288E0042B6B613 |
SHA1: | 4A4529907588505FC65CC9933980CFE6E576B3D6 |
SHA-256: | DC5F76FBF44B3E6CDDC14EA9E5BB9B6BD3A955197FE13F33F7DDA7ECC08E79E0 |
SHA-512: | 7DA2B02627A36C8199814C250A1FBD61A9C18E098F8D691C11D75044E7F51DBD52C31EC2E1EA8CDEE5077ADCCB8CD247266F191292DB661FE7EA1B613FC646F8 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 298 |
Entropy (8bit): | 4.943030742860529 |
Encrypted: | false |
SSDEEP: | 6:zx3M1tFAbQtU1R30qyMstwYVoRRZBXVN+J0fFdCsq2UTiMdH8stCal+n:zK13I30ZMt9BFN+QdCT2UftCM+ |
MD5: | 6A9888952541A41F033EB114C24DC902 |
SHA1: | 41903D7C8F31013C44572E09D97B9AAFBBCE77E6 |
SHA-256: | 41A61D0084CD7884BEA1DF02ED9213CB8C83F4034F5C8156FC5B06D6A3E133CE |
SHA-512: | E6AC898E67B4052375FDDFE9894B26D504A7827917BF3E02772CFF45C3FA7CC5E0EFFDC701D208E0DB89F05E42F195B1EC890F316BEE5CB8239AB45444DAA65E |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.673145545979894 |
TrID: |
|
File name: | Shipping Documents Original BL, Invoice & Pa.exe |
File size: | 734208 |
MD5: | b89d3e7dd6ee20a09506365497f6cc3a |
SHA1: | d5a40ae65560da802d5c5135d024d5fa8e840ff4 |
SHA256: | c2af0dcf4558a32fde15405648d8dd6410c51d319812755fcb8e4f742723bad7 |
SHA512: | 9ffdf6633cc35a4cf2817ab9033d30d9377c83944e6b013aea5697a53c8d0772bf992305fcbbe18810bd4fa41aafcf7e31f517323f78eb0b637254a740281e09 |
SSDEEP: | 12288:O2g1o0ezIROKMTSXHlIp8maopsxu05K6zAyLe6NPBmFBdWM/QXPZ:bg1o9mOKSA9bzhLnNgXv/QB |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............P..*...........I... ...`....@.. ....................................@................................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4b49a6 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x6090F8E4 [Tue May 4 07:33:56 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xb4954 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xb6000 | 0x404 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xb8000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xb29ac | 0xb2a00 | False | 0.817510606193 | data | 7.68387820085 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xb6000 | 0x404 | 0x600 | False | 0.285807291667 | data | 2.3669114928 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xb8000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0xb6058 | 0x3a8 | data |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright Felix Jeyareuben 2012 |
Assembly Version | 2.0.0.0 |
InternalName | ManifestEnvelope.exe |
FileVersion | 2.0 |
CompanyName | www.churchsw.org |
LegalTrademarks | Church Software |
Comments | |
ProductName | Church Projector |
ProductVersion | 2.0 |
FileDescription | Church Projector |
OriginalFilename | ManifestEnvelope.exe |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/04/21-10:30:30.516363 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:30:38.726516 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:30:45.525830 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49724 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:30:51.542446 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49725 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:30:57.537521 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49726 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:31:02.522919 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49727 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:31:08.571572 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49728 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:31:15.430293 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49729 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:31:20.466887 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49730 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:31:26.477561 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49731 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:31:32.571814 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49732 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:31:37.631265 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49733 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:31:43.636714 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49734 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:31:49.661091 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49735 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:31:56.624315 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49736 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:32:03.661380 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49737 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:32:09.718870 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49738 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:32:15.719024 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49739 | 4090 | 192.168.2.4 | 172.93.166.26 |
05/04/21-10:32:20.736724 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49740 | 4090 | 192.168.2.4 | 172.93.166.26 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2021 10:30:25.946350098 CEST | 49685 | 80 | 192.168.2.4 | 2.20.142.209 |
May 4, 2021 10:30:30.304523945 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:30.452847958 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:30.452972889 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:30.516362906 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:30.676390886 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:30.684725046 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:30.833106995 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:30.887154102 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:30.900424957 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.093060017 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.104357958 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.104378939 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.104394913 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.104412079 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.104429007 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.104444981 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.104463100 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.104480028 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.104491949 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.104513884 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.104531050 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.104576111 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.104603052 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.254400015 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254445076 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254487038 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254544020 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254587889 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254587889 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.254622936 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.254627943 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254667044 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254688025 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.254705906 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254744053 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254762888 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.254791021 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254837036 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.254838943 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254889965 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254931927 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254967928 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.254968882 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.255007982 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.255016088 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.255089998 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.255127907 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.255141020 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.255175114 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.255217075 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.255227089 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.255265951 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.255323887 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.405056000 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405106068 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405147076 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405184031 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405209064 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.405220985 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405252934 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.405260086 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405308008 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405308008 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.405350924 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405400991 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.405420065 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405457973 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405495882 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405509949 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.405534029 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405570984 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405585051 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.405610085 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405648947 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405662060 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.405695915 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405739069 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405744076 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.405777931 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405816078 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405827045 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.405854940 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405891895 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405911922 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.405930996 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405977964 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.405983925 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.406014919 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406070948 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406109095 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406120062 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.406153917 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.406166077 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406210899 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406249046 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406286955 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406296015 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.406323910 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406342030 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.406361103 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406399012 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406414032 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.406435966 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406483889 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406486034 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.406527042 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406563044 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406579971 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.406600952 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406637907 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406675100 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.406676054 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.406873941 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.555000067 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555062056 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555119038 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555149078 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.555161953 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555190086 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555217028 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.555217981 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555246115 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555272102 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555274010 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.555311918 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.555718899 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555788040 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555819988 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555839062 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.555847883 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555876970 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555896044 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.555917978 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555952072 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.555963039 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.555995941 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556026936 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556041956 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556056023 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556101084 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556118011 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556133986 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556170940 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556190968 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556199074 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556226015 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556252003 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556252956 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556286097 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556303024 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556317091 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556345940 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556368113 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556372881 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556401014 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556411982 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556437016 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556463957 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556476116 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556493044 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556521893 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556531906 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556550026 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556576967 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556591034 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556611061 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556642056 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556652069 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556669950 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556698084 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556714058 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556725025 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556752920 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556766033 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556781054 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556807995 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556819916 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556842089 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556873083 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556885958 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556901932 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556930065 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556941032 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.556958914 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.556998968 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.599118948 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.631361008 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.702924967 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.702943087 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.702980042 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.702996969 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.703016043 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.703031063 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.703052044 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.703063965 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.703082085 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.703095913 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.703109980 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.703123093 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.703135967 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.703161955 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706096888 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706115961 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706131935 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706150055 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706151009 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706167936 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706177950 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706183910 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706193924 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706199884 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706212044 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706216097 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706232071 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706240892 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706252098 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706264019 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706269979 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706285954 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706288099 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706302881 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706304073 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706319094 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706330061 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706334114 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706351995 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706353903 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706371069 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706376076 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706386089 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706398010 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706402063 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706417084 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.706434011 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.706465006 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.747549057 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747567892 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747584105 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747600079 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747607946 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.747618914 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747637987 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747637987 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.747653008 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747665882 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747682095 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747700930 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747701883 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.747718096 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747733116 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747735023 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.747747898 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747764111 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747766972 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.747778893 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747795105 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747801065 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.747809887 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747828960 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747829914 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.747845888 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747860909 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.747874022 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.747919083 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.827652931 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.851454973 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.851500034 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.851547003 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.851574898 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.851589918 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.851628065 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.851643085 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.851666927 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.851705074 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.851722956 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.851742983 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.851790905 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.854207039 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854249954 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854286909 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854317904 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.854335070 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854377985 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854387045 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.854417086 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854454994 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854490042 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.854494095 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854531050 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854545116 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.854569912 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854608059 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854619026 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.854660034 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854702950 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854715109 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.854739904 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854777098 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854792118 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.854815960 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854854107 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854866028 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.854892015 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854931116 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.854945898 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.854991913 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.855051994 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.895935059 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.895968914 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.895991087 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896023989 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896064043 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896085024 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896106958 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896136045 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896162033 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896183968 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.896192074 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896200895 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.896214008 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.896222115 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896250010 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896255970 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.896280050 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896307945 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896325111 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.896337986 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896367073 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896369934 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.896398067 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896419048 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.896426916 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896452904 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896475077 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.896480083 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.896528959 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.999552011 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.999574900 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.999598026 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.999614954 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.999634027 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.999639034 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.999651909 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.999664068 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.999669075 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.999686956 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:31.999697924 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:31.999725103 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.003206015 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003232956 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003254890 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003277063 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003284931 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.003298044 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003315926 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.003319979 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003343105 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003361940 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003365993 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.003391027 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003400087 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.003412962 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003432989 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003448963 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.003460884 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003488064 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003500938 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.003510952 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003530979 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003549099 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.003550053 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003570080 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003585100 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003587961 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.003607035 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003626108 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.003626108 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.003722906 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.044336081 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044367075 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044387102 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044404984 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044423103 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044447899 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044475079 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044476986 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.044501066 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044504881 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.044527054 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044553995 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044554949 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.044574976 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044593096 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044595957 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.044611931 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044636011 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.044636965 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044656992 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044680119 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.044734001 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044754028 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044770956 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:32.044778109 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:32.044811964 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:33.376013994 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:33.576353073 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:33.968341112 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:34.163238049 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:34.248421907 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:34.324992895 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:34.442943096 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:34.473598957 CEST | 4090 | 49722 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:34.473743916 CEST | 49722 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:38.577336073 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:38.724638939 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:38.724922895 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:38.726516008 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:38.886789083 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:38.887197018 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:39.035007000 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:39.036472082 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:39.233889103 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:39.316463947 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:39.317768097 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:39.464983940 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:39.465079069 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:39.658615112 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:39.658730984 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:39.806049109 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:39.856702089 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:39.863756895 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:40.003369093 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:40.044173002 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:40.052006960 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:40.052084923 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:40.239783049 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:40.421859980 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:40.466047049 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:40.637718916 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:40.839270115 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:40.878513098 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:41.079965115 CEST | 4090 | 49723 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:41.357626915 CEST | 49723 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:45.374497890 CEST | 49724 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:45.524478912 CEST | 4090 | 49724 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:45.524600983 CEST | 49724 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:45.525830030 CEST | 49724 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:45.691822052 CEST | 4090 | 49724 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:45.692152977 CEST | 49724 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:45.841711044 CEST | 4090 | 49724 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:45.842899084 CEST | 49724 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:46.042056084 CEST | 4090 | 49724 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:46.124382019 CEST | 4090 | 49724 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:46.143079996 CEST | 49724 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:46.292232990 CEST | 4090 | 49724 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:46.293519974 CEST | 49724 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:46.442735910 CEST | 4090 | 49724 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:46.443008900 CEST | 49724 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:46.592803955 CEST | 4090 | 49724 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:46.638731003 CEST | 49724 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:47.359127998 CEST | 49724 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:51.389565945 CEST | 49725 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:51.541017056 CEST | 4090 | 49725 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:51.541184902 CEST | 49725 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:51.542445898 CEST | 49725 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:51.701612949 CEST | 4090 | 49725 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:51.702147007 CEST | 49725 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:51.849906921 CEST | 4090 | 49725 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:51.852691889 CEST | 49725 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:52.042478085 CEST | 4090 | 49725 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:52.141556978 CEST | 4090 | 49725 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:52.157203913 CEST | 49725 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:52.303715944 CEST | 4090 | 49725 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:52.352377892 CEST | 49725 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:52.501571894 CEST | 4090 | 49725 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:52.501673937 CEST | 49725 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:52.648128033 CEST | 4090 | 49725 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:52.701462030 CEST | 49725 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:53.358604908 CEST | 49725 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:57.382998943 CEST | 49726 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:57.536439896 CEST | 4090 | 49726 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:57.536570072 CEST | 49726 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:57.537520885 CEST | 49726 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:57.692429066 CEST | 4090 | 49726 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:57.733243942 CEST | 49726 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:57.886379957 CEST | 4090 | 49726 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:57.886920929 CEST | 49726 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:58.041739941 CEST | 4090 | 49726 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:58.043205023 CEST | 49726 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:58.241977930 CEST | 4090 | 49726 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:58.323748112 CEST | 4090 | 49726 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:58.326818943 CEST | 49726 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:58.359172106 CEST | 49726 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:30:58.478341103 CEST | 4090 | 49726 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:30:58.480035067 CEST | 49726 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:02.375967026 CEST | 49727 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:02.521645069 CEST | 4090 | 49727 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:02.521859884 CEST | 49727 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:02.522918940 CEST | 49727 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:02.679518938 CEST | 4090 | 49727 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:02.680061102 CEST | 49727 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:02.825643063 CEST | 4090 | 49727 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:02.827369928 CEST | 49727 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:03.013988972 CEST | 4090 | 49727 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:03.114691019 CEST | 4090 | 49727 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:03.123881102 CEST | 49727 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:03.268881083 CEST | 4090 | 49727 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:03.270265102 CEST | 49727 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:03.415539026 CEST | 4090 | 49727 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:03.415625095 CEST | 49727 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:03.560834885 CEST | 4090 | 49727 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:03.561127901 CEST | 49727 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:03.687283039 CEST | 49697 | 80 | 192.168.2.4 | 8.248.149.254 |
May 4, 2021 10:31:03.731149912 CEST | 80 | 49697 | 8.248.149.254 | 192.168.2.4 |
May 4, 2021 10:31:03.731225967 CEST | 49697 | 80 | 192.168.2.4 | 8.248.149.254 |
May 4, 2021 10:31:03.747843027 CEST | 4090 | 49727 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:04.406333923 CEST | 49727 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:05.297071934 CEST | 80 | 49700 | 93.184.220.29 | 192.168.2.4 |
May 4, 2021 10:31:05.297198057 CEST | 49700 | 80 | 192.168.2.4 | 93.184.220.29 |
May 4, 2021 10:31:08.424514055 CEST | 49728 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:08.570945978 CEST | 4090 | 49728 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:08.571027994 CEST | 49728 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:08.571572065 CEST | 49728 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:08.728746891 CEST | 4090 | 49728 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:08.729051113 CEST | 49728 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:08.875494003 CEST | 4090 | 49728 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:08.877145052 CEST | 49728 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:09.075829983 CEST | 4090 | 49728 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:09.158078909 CEST | 4090 | 49728 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:09.159385920 CEST | 49728 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:09.306797028 CEST | 4090 | 49728 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:09.306952000 CEST | 49728 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:09.507217884 CEST | 4090 | 49728 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:09.507373095 CEST | 49728 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:09.656421900 CEST | 4090 | 49728 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:09.703041077 CEST | 49728 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:09.853499889 CEST | 4090 | 49728 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:09.906156063 CEST | 49728 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:10.268439054 CEST | 49728 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:10.465473890 CEST | 4090 | 49728 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:11.266613960 CEST | 49728 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:15.282874107 CEST | 49729 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:15.429320097 CEST | 4090 | 49729 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:15.429579973 CEST | 49729 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:15.430293083 CEST | 49729 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:15.580141068 CEST | 4090 | 49729 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:15.625474930 CEST | 49729 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:15.771696091 CEST | 4090 | 49729 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:15.775015116 CEST | 49729 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:15.922396898 CEST | 4090 | 49729 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:15.924020052 CEST | 49729 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:16.111323118 CEST | 4090 | 49729 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:16.209935904 CEST | 4090 | 49729 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:16.211642027 CEST | 49729 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:16.298254967 CEST | 49729 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:16.360383987 CEST | 4090 | 49729 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:16.360474110 CEST | 49729 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:20.318392992 CEST | 49730 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:20.465991974 CEST | 4090 | 49730 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:20.466167927 CEST | 49730 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:20.466886997 CEST | 49730 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:20.626770973 CEST | 4090 | 49730 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:20.627787113 CEST | 49730 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:20.774744987 CEST | 4090 | 49730 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:20.777182102 CEST | 49730 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:20.967406034 CEST | 4090 | 49730 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:21.081954002 CEST | 4090 | 49730 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:21.083997965 CEST | 49730 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:21.230871916 CEST | 4090 | 49730 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:21.231936932 CEST | 49730 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:21.378985882 CEST | 4090 | 49730 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:21.379208088 CEST | 49730 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:21.527663946 CEST | 4090 | 49730 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:21.581058025 CEST | 49730 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:22.314608097 CEST | 49730 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:26.330758095 CEST | 49731 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:26.476629019 CEST | 4090 | 49731 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:26.476819038 CEST | 49731 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:26.477560997 CEST | 49731 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:26.666013956 CEST | 4090 | 49731 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:26.666332960 CEST | 49731 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:26.813456059 CEST | 4090 | 49731 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:26.815262079 CEST | 49731 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:27.003890038 CEST | 4090 | 49731 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:27.102068901 CEST | 4090 | 49731 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:27.103403091 CEST | 49731 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:27.248760939 CEST | 4090 | 49731 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:27.250261068 CEST | 49731 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:27.396991014 CEST | 4090 | 49731 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:27.397186041 CEST | 49731 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:27.543698072 CEST | 4090 | 49731 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:27.595166922 CEST | 49731 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:28.330421925 CEST | 49731 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:30.580351114 CEST | 443 | 49709 | 184.30.25.218 | 192.168.2.4 |
May 4, 2021 10:31:30.580394030 CEST | 443 | 49709 | 184.30.25.218 | 192.168.2.4 |
May 4, 2021 10:31:30.580535889 CEST | 49709 | 443 | 192.168.2.4 | 184.30.25.218 |
May 4, 2021 10:31:30.580583096 CEST | 49709 | 443 | 192.168.2.4 | 184.30.25.218 |
May 4, 2021 10:31:32.424896002 CEST | 49732 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:32.570939064 CEST | 4090 | 49732 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:32.571075916 CEST | 49732 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:32.571814060 CEST | 49732 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:32.719899893 CEST | 4090 | 49732 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:32.767324924 CEST | 49732 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:32.913734913 CEST | 4090 | 49732 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:32.914024115 CEST | 49732 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:33.062191010 CEST | 4090 | 49732 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:33.064532042 CEST | 49732 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:33.259711027 CEST | 4090 | 49732 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:33.342276096 CEST | 4090 | 49732 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:33.343563080 CEST | 49732 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:33.424598932 CEST | 49732 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:33.489495993 CEST | 4090 | 49732 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:33.489702940 CEST | 49732 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:37.440989017 CEST | 49733 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:37.587558985 CEST | 4090 | 49733 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:37.587740898 CEST | 49733 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:37.631264925 CEST | 49733 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:37.794121981 CEST | 4090 | 49733 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:37.794784069 CEST | 49733 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:37.941131115 CEST | 4090 | 49733 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:37.943909883 CEST | 49733 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:38.136151075 CEST | 4090 | 49733 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:38.237102032 CEST | 4090 | 49733 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:38.248321056 CEST | 49733 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:38.394504070 CEST | 4090 | 49733 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:38.396787882 CEST | 49733 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:38.543276072 CEST | 4090 | 49733 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:38.543359995 CEST | 49733 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:38.689363956 CEST | 4090 | 49733 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:38.736634970 CEST | 49733 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:39.476342916 CEST | 49733 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:43.488668919 CEST | 49734 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:43.635685921 CEST | 4090 | 49734 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:43.635838985 CEST | 49734 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:43.636713982 CEST | 49734 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:43.798434973 CEST | 4090 | 49734 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:43.799437046 CEST | 49734 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:43.945616007 CEST | 4090 | 49734 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:43.960227966 CEST | 49734 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:44.145701885 CEST | 4090 | 49734 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:44.258930922 CEST | 4090 | 49734 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:44.261246920 CEST | 49734 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:44.406738997 CEST | 4090 | 49734 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:44.407723904 CEST | 49734 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:44.553096056 CEST | 4090 | 49734 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:44.553478956 CEST | 49734 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:44.698949099 CEST | 4090 | 49734 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:44.752706051 CEST | 49734 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:45.024703979 CEST | 4090 | 49734 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:45.080879927 CEST | 49734 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:45.457299948 CEST | 49734 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:49.513714075 CEST | 49735 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:49.660393953 CEST | 4090 | 49735 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:49.660501003 CEST | 49735 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:49.661091089 CEST | 49735 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:49.819246054 CEST | 4090 | 49735 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:49.820077896 CEST | 49735 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:49.967642069 CEST | 4090 | 49735 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:49.970613956 CEST | 49735 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:50.159158945 CEST | 4090 | 49735 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:50.243624926 CEST | 4090 | 49735 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:50.254894018 CEST | 49735 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:50.401673079 CEST | 4090 | 49735 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:50.404234886 CEST | 49735 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:50.553037882 CEST | 4090 | 49735 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:50.553304911 CEST | 49735 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:50.700809002 CEST | 4090 | 49735 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:50.753237009 CEST | 49735 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:51.457665920 CEST | 49735 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:51.648694992 CEST | 4090 | 49735 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:52.458748102 CEST | 49735 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:56.474613905 CEST | 49736 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:56.623600006 CEST | 4090 | 49736 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:56.623723030 CEST | 49736 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:56.624315023 CEST | 49736 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:56.789181948 CEST | 4090 | 49736 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:56.797938108 CEST | 49736 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:56.947124958 CEST | 4090 | 49736 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:56.949033976 CEST | 49736 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:57.152452946 CEST | 4090 | 49736 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:57.234920025 CEST | 4090 | 49736 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:57.235982895 CEST | 49736 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:57.386943102 CEST | 4090 | 49736 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:57.388300896 CEST | 49736 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:57.537406921 CEST | 4090 | 49736 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:57.537599087 CEST | 49736 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:57.687767982 CEST | 4090 | 49736 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:57.738226891 CEST | 49736 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:58.458127022 CEST | 49736 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:31:58.652658939 CEST | 4090 | 49736 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:31:59.458302021 CEST | 49736 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:03.513237953 CEST | 49737 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:03.659683943 CEST | 4090 | 49737 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:03.660058022 CEST | 49737 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:03.661380053 CEST | 49737 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:03.820178032 CEST | 4090 | 49737 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:03.821738005 CEST | 49737 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:03.969537020 CEST | 4090 | 49737 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:03.970937014 CEST | 49737 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:04.158521891 CEST | 4090 | 49737 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:04.245661020 CEST | 4090 | 49737 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:04.262826920 CEST | 49737 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:04.416132927 CEST | 4090 | 49737 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:04.417521954 CEST | 49737 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:04.567048073 CEST | 4090 | 49737 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:04.567218065 CEST | 49737 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:04.713618994 CEST | 4090 | 49737 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:04.713856936 CEST | 49737 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:04.901803970 CEST | 4090 | 49737 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:05.118531942 CEST | 443 | 49694 | 204.79.197.200 | 192.168.2.4 |
May 4, 2021 10:32:05.552028894 CEST | 49737 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:06.732991934 CEST | 80 | 49700 | 93.184.220.29 | 192.168.2.4 |
May 4, 2021 10:32:06.733169079 CEST | 49700 | 80 | 192.168.2.4 | 93.184.220.29 |
May 4, 2021 10:32:06.768243074 CEST | 443 | 49690 | 204.79.197.200 | 192.168.2.4 |
May 4, 2021 10:32:07.255409002 CEST | 443 | 49688 | 204.79.197.200 | 192.168.2.4 |
May 4, 2021 10:32:07.698188066 CEST | 443 | 49692 | 204.79.197.200 | 192.168.2.4 |
May 4, 2021 10:32:08.523700953 CEST | 443 | 49693 | 204.79.197.200 | 192.168.2.4 |
May 4, 2021 10:32:09.570668936 CEST | 49738 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:09.717627048 CEST | 4090 | 49738 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:09.717776060 CEST | 49738 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:09.718869925 CEST | 49738 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:09.883462906 CEST | 4090 | 49738 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:09.888633966 CEST | 443 | 49695 | 204.79.197.200 | 192.168.2.4 |
May 4, 2021 10:32:09.893712997 CEST | 49738 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:10.041614056 CEST | 4090 | 49738 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:10.043330908 CEST | 49738 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:10.243288994 CEST | 4090 | 49738 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:10.328805923 CEST | 4090 | 49738 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:10.329907894 CEST | 49738 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:10.475783110 CEST | 4090 | 49738 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:10.506793022 CEST | 49738 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:10.653757095 CEST | 4090 | 49738 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:10.654002905 CEST | 49738 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:10.800779104 CEST | 4090 | 49738 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:10.848666906 CEST | 49738 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:10.899842978 CEST | 443 | 49689 | 204.79.197.200 | 192.168.2.4 |
May 4, 2021 10:32:10.904537916 CEST | 443 | 49686 | 204.79.197.200 | 192.168.2.4 |
May 4, 2021 10:32:10.904567957 CEST | 443 | 49698 | 204.79.197.200 | 192.168.2.4 |
May 4, 2021 10:32:11.553087950 CEST | 49738 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:11.689546108 CEST | 443 | 49691 | 204.79.197.200 | 192.168.2.4 |
May 4, 2021 10:32:13.689754009 CEST | 443 | 49699 | 204.79.197.200 | 192.168.2.4 |
May 4, 2021 10:32:15.570005894 CEST | 49739 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:15.718059063 CEST | 4090 | 49739 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:15.718246937 CEST | 49739 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:15.719023943 CEST | 49739 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:15.869739056 CEST | 4090 | 49739 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:15.911736965 CEST | 49739 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:16.060189962 CEST | 4090 | 49739 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:16.096817017 CEST | 49739 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:16.245620012 CEST | 4090 | 49739 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:16.248133898 CEST | 49739 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:16.447127104 CEST | 4090 | 49739 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:16.537826061 CEST | 4090 | 49739 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:16.538979053 CEST | 49739 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:16.568782091 CEST | 49739 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:16.685839891 CEST | 4090 | 49739 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:16.685909986 CEST | 49739 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:18.876641989 CEST | 80 | 49700 | 93.184.220.29 | 192.168.2.4 |
May 4, 2021 10:32:18.876780987 CEST | 49700 | 80 | 192.168.2.4 | 93.184.220.29 |
May 4, 2021 10:32:20.585411072 CEST | 49740 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:20.734349966 CEST | 4090 | 49740 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:20.736424923 CEST | 49740 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:20.736723900 CEST | 49740 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:20.887481928 CEST | 4090 | 49740 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:20.927654982 CEST | 49740 | 4090 | 192.168.2.4 | 172.93.166.26 |
May 4, 2021 10:32:21.076299906 CEST | 4090 | 49740 | 172.93.166.26 | 192.168.2.4 |
May 4, 2021 10:32:21.079679966 CEST | 49740 | 4090 | 192.168.2.4 | 172.93.166.26 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2021 10:30:08.362804890 CEST | 61516 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:08.414283037 CEST | 53 | 61516 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:09.153835058 CEST | 49182 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:09.203901052 CEST | 53 | 49182 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:09.926547050 CEST | 59920 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:09.975424051 CEST | 53 | 59920 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:10.701407909 CEST | 57458 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:10.751379967 CEST | 53 | 57458 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:11.596306086 CEST | 50579 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:11.649147987 CEST | 53 | 50579 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:12.713280916 CEST | 51703 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:12.764913082 CEST | 53 | 51703 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:13.953927040 CEST | 65248 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:14.002691984 CEST | 53 | 65248 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:14.819376945 CEST | 53723 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:14.868194103 CEST | 53 | 53723 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:15.610141993 CEST | 64646 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:15.658852100 CEST | 53 | 64646 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:16.914283991 CEST | 65298 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:16.963977098 CEST | 53 | 65298 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:17.848736048 CEST | 59123 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:17.900161028 CEST | 53 | 59123 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:18.729810953 CEST | 54531 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:18.779098988 CEST | 53 | 54531 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:19.625092983 CEST | 49714 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:19.674388885 CEST | 53 | 49714 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:22.860003948 CEST | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:22.909003019 CEST | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:23.656889915 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:23.706955910 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
May 4, 2021 10:30:24.475920916 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2021 10:30:24.541471004 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 10:30:14 |
Start date: | 04/05/2021 |
Path: | C:\Users\user\Desktop\Shipping Documents Original BL, Invoice & Pa.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xac0000 |
File size: | 734208 bytes |
MD5 hash: | B89D3E7DD6EE20A09506365497F6CC3A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 10:30:24 |
Start date: | 04/05/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb10000 |
File size: | 261728 bytes |
MD5 hash: | D621FD77BD585874F9686D3A76462EF1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | moderate |
General |
---|
Start time: | 10:30:26 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1310000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:30:27 |
Start date: | 04/05/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:30:27 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1310000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:30:28 |
Start date: | 04/05/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:30:28 |
Start date: | 04/05/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1e0000 |
File size: | 261728 bytes |
MD5 hash: | D621FD77BD585874F9686D3A76462EF1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | moderate |
General |
---|
Start time: | 10:30:28 |
Start date: | 04/05/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:30:31 |
Start date: | 04/05/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x5c0000 |
File size: | 261728 bytes |
MD5 hash: | D621FD77BD585874F9686D3A76462EF1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Antivirus matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 10:30:32 |
Start date: | 04/05/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:30:39 |
Start date: | 04/05/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf80000 |
File size: | 261728 bytes |
MD5 hash: | D621FD77BD585874F9686D3A76462EF1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | moderate |
General |
---|
Start time: | 10:30:39 |
Start date: | 04/05/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 09520040, Relevance: 2.6, Instructions: 2589COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952BBB0, Relevance: 1.4, Strings: 1, Instructions: 155COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A4C138, Relevance: .6, Instructions: 629COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09528BAA, Relevance: .3, Instructions: 333COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952D55E, Relevance: .3, Instructions: 301COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952D590, Relevance: .3, Instructions: 290COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A4ACE8, Relevance: .3, Instructions: 274COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952B3F8, Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A4B700, Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952C620, Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952DBA1, Relevance: 2.6, Strings: 2, Instructions: 70COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952DBB0, Relevance: 2.6, Strings: 2, Instructions: 69COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FBBC8, Relevance: 1.7, APIs: 1, Instructions: 195COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FB214, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FDC6D, Relevance: 1.6, APIs: 1, Instructions: 115COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014F6D49, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FF980, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FF888, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FF890, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014F6DB8, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A47E08, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014F6DC0, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A432E9, Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A432F0, Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A47C58, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A47AD0, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A434E0, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FBDA8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FDEC0, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FDEB9, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 095249C0, Relevance: 1.3, Strings: 1, Instructions: 74COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 095278E8, Relevance: .4, Instructions: 446COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09526F80, Relevance: .2, Instructions: 233COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09527F29, Relevance: .2, Instructions: 227COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09524AA9, Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09524F51, Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09523C28, Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09528A68, Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09529E60, Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09523557, Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09523568, Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09526BA0, Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09526B90, Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 095243AD, Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952F1B2, Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952BF18, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952BF20, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952BE00, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0131D3EC, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0131D4D8, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0132D1D4, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0132D01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952416B, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09523D7F, Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 095278D8, Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0132D006, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09524431, Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0131D3E7, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0131D4D3, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 095238A0, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0132D1CF, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952F238, Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0131D7E9, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952F248, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952DCB8, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952A768, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0131D7E8, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952DCC8, Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952CD60, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952410F, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952AABD, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09524048, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952AA86, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952B29D, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 095281D8, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09529F1D, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09524156, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952A955, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 095281E8, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952C9B3, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952D19C, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 095242D6, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 07A45078, Relevance: 2.7, Strings: 2, Instructions: 246COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A45068, Relevance: 2.7, Strings: 2, Instructions: 245COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A45510, Relevance: 2.7, Strings: 2, Instructions: 168COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A45520, Relevance: 2.7, Strings: 2, Instructions: 166COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952C0A0, Relevance: 1.4, Strings: 1, Instructions: 171COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952C098, Relevance: 1.4, Strings: 1, Instructions: 164COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952F868, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952F858, Relevance: 1.4, Strings: 1, Instructions: 160COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952FAC0, Relevance: 1.3, Strings: 1, Instructions: 96COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952FAB1, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A457D8, Relevance: 1.3, Strings: 1, Instructions: 82COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A457C8, Relevance: 1.3, Strings: 1, Instructions: 79COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 095291A0, Relevance: .9, Instructions: 909COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FC2B0, Relevance: .5, Instructions: 520COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014F9990, Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09523250, Relevance: .2, Instructions: 196COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A40B2B, Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A440F8, Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952E231, Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A40BD8, Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952E240, Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952F630, Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952F621, Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A4DCA0, Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A40007, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A40040, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952A800, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A47068, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A4CFA0, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A4DB60, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07A4DAA0, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0952B6F0, Relevance: 8.9, Strings: 7, Instructions: 196COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00BE2148, Relevance: 1.6, Instructions: 1619COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE2133, Relevance: 1.6, Instructions: 1598COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE4A20, Relevance: .6, Instructions: 605COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE5CF9, Relevance: .4, Instructions: 379COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE532C, Relevance: .4, Instructions: 439COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE0C68, Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE4358, Relevance: .2, Instructions: 203COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE1EB0, Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE13C8, Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE3CF8, Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE1593, Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE18C0, Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE0448, Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE18B0, Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE3E99, Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE45CE, Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE6190, Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE4A10, Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE1768, Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE0439, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE1778, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE6180, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE0699, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE06A8, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE5830, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE59D0, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE0FB0, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE59E0, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE0B70, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE0B38, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 00EC2148, Relevance: 1.6, Instructions: 1621COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC2133, Relevance: 1.6, Instructions: 1597COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC4580, Relevance: .6, Instructions: 608COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC5868, Relevance: .4, Instructions: 371COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC4E8C, Relevance: 1.7, Strings: 1, Instructions: 439COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC5190, Relevance: 1.3, Strings: 1, Instructions: 56COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC0C70, Relevance: .2, Instructions: 214COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC0C62, Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC1EC0, Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC13C8, Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC3CF8, Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC18C0, Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC0448, Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC1768, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC3EA8, Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC18B2, Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC5CF0, Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC4572, Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC1778, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC3E9A, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC5CE0, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC0698, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC0610, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC06A8, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC4D7C, Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC5380, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC0B10, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC0FB0, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC5390, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC0B38, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 01732370, Relevance: 2.0, Instructions: 2018COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01735208, Relevance: .5, Instructions: 503COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01734460, Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730C70, Relevance: .2, Instructions: 214COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730C62, Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017313C8, Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017318C0, Relevance: .1, Instructions: 122COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730448, Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017318B0, Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01731768, Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01735828, Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0173043C, Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01732360, Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01731778, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01735819, Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01734B30, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01734B2A, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730698, Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01735778, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01734D21, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730610, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017306A8, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01734D30, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730FB0, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730B28, Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01730B38, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|