Windows
Analysis Report
sample.exe
Overview
General Information
Detection
Score: | 92 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- sample.exe (PID: 6504 cmdline:
C:\Users\u ser\Deskto p\sample.e xe MD5: A3FD043C364D24FCE08095727AE115D0) - msiexec.exe (PID: 6672 cmdline:
"C:\Progra m Files (x 86)\msiexe c.exe" -Pu ppet MD5: 9D09DC1EDA745A5F87553048E57620CF) - WerFault.exe (PID: 4284 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 672 -s 159 2 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- explorer.exe (PID: 7008 cmdline:
C:\Windows \explorer. exe" "C:\U sers\user\ Documents\ msedge.exe MD5: 662F4F92FDE3557E86D110526BB578D5)
- explorer.exe (PID: 3192 cmdline:
C:\Windows \explorer. exe /facto ry,{75dff2 b7-6936-4c 06-a8bb-67 6a7b00b24b } -Embeddi ng MD5: 662F4F92FDE3557E86D110526BB578D5) - msedge.exe (PID: 6020 cmdline:
"C:\Users\ user\Docum ents\msedg e.exe" MD5: A3FD043C364D24FCE08095727AE115D0) - msedge.exe (PID: 2128 cmdline:
"C:\Users\ user\Docum ents\msedg e.exe" MD5: A3FD043C364D24FCE08095727AE115D0) - msiexec.exe (PID: 2836 cmdline:
"C:\Progra m Files (x 86)\msiexe c.exe" -Pu ppet MD5: 9D09DC1EDA745A5F87553048E57620CF)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_004012D0 |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 1_2_006C63E3 |
Source: | Code function: | 0_2_100057B0 | |
Source: | Code function: | 0_2_02657634 | |
Source: | Code function: | 1_2_100057B0 | |
Source: | Code function: | 1_2_030075EC | |
Source: | Code function: | 7_2_100057B0 | |
Source: | Code function: | 7_2_02477634 | |
Source: | Code function: | 9_2_100057B0 | |
Source: | Code function: | 9_2_004775EC |
Source: | Code function: | 0_2_100024D0 | |
Source: | Code function: | 0_2_0265411C | |
Source: | Code function: | 1_2_006C63E3 | |
Source: | Code function: | 1_2_100024D0 | |
Source: | Code function: | 1_2_030040D4 | |
Source: | Code function: | 7_2_100024D0 | |
Source: | Code function: | 7_2_0247411C | |
Source: | Code function: | 9_2_100024D0 | |
Source: | Code function: | 9_2_004740D4 |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_1000DE90 | |
Source: | Code function: | 0_2_1000DD00 | |
Source: | Code function: | 1_2_006C2F93 | |
Source: | Code function: | 1_2_1000DE90 | |
Source: | Code function: | 1_2_1000DD00 | |
Source: | Code function: | 7_2_1000DE90 | |
Source: | Code function: | 7_2_1000DD00 | |
Source: | Code function: | 9_2_1000DE90 | |
Source: | Code function: | 9_2_1000DD00 |
Source: | Code function: | 0_2_10005720 |
Source: | Code function: | 1_2_006C7DD0 |
Source: | Code function: | 1_2_006C7DD0 |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_10005610 |
Source: | Static PE information: |
Source: | Code function: | 0_2_0040248E | |
Source: | Code function: | 0_2_1001004C | |
Source: | Code function: | 0_2_10010288 | |
Source: | Code function: | 0_2_1000EBE5 | |
Source: | Code function: | 0_2_02661ED4 | |
Source: | Code function: | 0_2_02660831 | |
Source: | Code function: | 0_2_02661C98 | |
Source: | Code function: | 1_2_006C9F40 | |
Source: | Code function: | 1_2_1001004C | |
Source: | Code function: | 1_2_10010288 | |
Source: | Code function: | 1_2_1000EBE5 | |
Source: | Code function: | 1_2_030107E9 | |
Source: | Code function: | 1_2_03011E8C | |
Source: | Code function: | 1_2_03011C50 | |
Source: | Code function: | 4_2_0040248E | |
Source: | Code function: | 7_2_0040248E | |
Source: | Code function: | 7_2_1001004C | |
Source: | Code function: | 7_2_10010288 | |
Source: | Code function: | 7_2_1000EBE5 | |
Source: | Code function: | 7_2_02481ED4 | |
Source: | Code function: | 7_2_02480831 | |
Source: | Code function: | 7_2_02481C98 | |
Source: | Code function: | 9_2_1001004C | |
Source: | Code function: | 9_2_10010288 | |
Source: | Code function: | 9_2_1000EBE5 | |
Source: | Code function: | 9_2_00481C50 | |
Source: | Code function: | 9_2_00481E8C | |
Source: | Code function: | 9_2_004807E9 |
Persistence and Installation Behavior |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | Code function: | 1_2_006C7DD0 |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Code function: | 0_2_00401A60 | |
Source: | Code function: | 4_2_00401A60 | |
Source: | Code function: | 7_2_00401A60 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread sleep count: | Jump to behavior |
Source: | Code function: | 0_2_10006970 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_1-14521 | ||
Source: | API call chain: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | Debugger detection routine: | graph_1-14562 |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 1_2_10006970 |
Source: | Code function: | 0_2_1000FB3C |
Source: | Code function: | 1_2_006C59F2 |
Source: | Code function: | 0_2_10005610 |
Source: | Code function: | 1_2_006C63E3 |
Source: | Code function: | 0_2_10006010 |
Source: | Code function: | 0_2_1000FB3C | |
Source: | Code function: | 0_2_02661788 | |
Source: | Code function: | 1_2_006C9C10 | |
Source: | Code function: | 1_2_006C95F0 | |
Source: | Code function: | 1_2_1000FB3C | |
Source: | Code function: | 1_2_03011740 | |
Source: | Code function: | 7_2_1000FB3C | |
Source: | Code function: | 7_2_02481788 | |
Source: | Code function: | 9_2_1000FB3C | |
Source: | Code function: | 9_2_00481740 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Process created / APC Queued / Resumed: | Jump to behavior | ||
Source: | Process created / APC Queued / Resumed: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_100052B0 |
Source: | Thread APC queued: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 1_2_006C31A9 |
Source: | Code function: | 1_2_006C30F2 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_006C5C84 |
Source: | Code function: | 0_2_10010474 |
Source: | Code function: | 1_2_006C5C84 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact | Resource Development | Reconnaissance |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 2 Service Execution | 3 Windows Service | 1 Access Token Manipulation | 12 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | 1 System Shutdown/Reboot | Acquire Infrastructure | Gather Victim Identity Information |
Default Accounts | 1 Native API | 1 Registry Run Keys / Startup Folder | 3 Windows Service | 141 Virtualization/Sandbox Evasion | LSASS Memory | 151 Security Software Discovery | Remote Desktop Protocol | 1 Data from Local System | Exfiltration Over Bluetooth | 1 Non-Standard Port | SIM Card Swap | Obtain Device Cloud Backups | Network Denial of Service | Domains | Credentials |
Domain Accounts | At | 1 DLL Side-Loading | 512 Process Injection | 1 Access Token Manipulation | Security Account Manager | 141 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Ingress Tool Transfer | Data Encrypted for Impact | DNS Server | Email Addresses | ||
Local Accounts | Cron | Login Hook | 1 Registry Run Keys / Startup Folder | 512 Process Injection | NTDS | 3 Process Discovery | Distributed Component Object Model | Input Capture | Traffic Duplication | 1 Non-Application Layer Protocol | Data Destruction | Virtual Private Server | Employee Names | ||
Cloud Accounts | Launchd | Network Logon Script | 1 DLL Side-Loading | 1 Obfuscated Files or Information | LSA Secrets | 11 Application Window Discovery | SSH | Keylogging | Scheduled Transfer | 1 Application Layer Protocol | Data Encrypted for Impact | Server | Gather Victim Network Information | ||
Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 11 File and Directory Discovery | VNC | GUI Input Capture | Data Transfer Size Limits | Multiband Communication | Service Stop | Botnet | Domain Properties | ||
External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 14 System Information Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over C2 Channel | Commonly Used Port | Inhibit System Recovery | Web Services | DNS |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
whois.pconline.com.cn.ctadns.cn | 14.29.101.169 | true | false |
| unknown |
whois.pconline.com.cn | unknown | unknown | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
14.29.101.169 | whois.pconline.com.cn.ctadns.cn | China | 58466 | CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN | false | |
206.238.220.90 | unknown | United States | 174 | COGENT-174US | true | |
14.29.101.168 | unknown | China | 58466 | CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN | false | |
14.29.101.160 | unknown | China | 58466 | CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN | false |
Joe Sandbox version: | 38.0.0 Ammolite |
Analysis ID: | 1375833 |
Start date and time: | 2024-01-17 04:01:21 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | sample.exe |
Detection: | MAL |
Classification: | mal92.troj.evad.winEXE@11/8@1/4 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, consent.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.182.143.212
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target msedge.exe, PID 6020 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
03:02:20 | Autostart | |
04:02:56 | API Interceptor | |
04:03:30 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
14.29.101.169 | Get hash | malicious | Unknown | Browse |
| |
14.29.101.168 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
14.29.101.160 | Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
whois.pconline.com.cn.ctadns.cn | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
COGENT-174US | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher, Fabookie, Glupteba, GuLoader, Stealc | Browse |
| ||
Get hash | malicious | HTMLPhisher, Fabookie, GuLoader, Stealc, Vidar | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | BazaLoader | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Users\user\Desktop\sample.exe |
File Type: | |
Category: | modified |
Size (bytes): | 59904 |
Entropy (8bit): | 5.770776695007155 |
Encrypted: | false |
SSDEEP: | 768:uo8HL2TB4LHLbo77Q2d9xSDvYD07BOUp8VKfTKznHVXq6ayYf3:vTB4LG7B8jY4XprIHw62 |
MD5: | 9D09DC1EDA745A5F87553048E57620CF |
SHA1: | 1D0C7CFCA8104D06DE1F08B97F28B3520C246CD7 |
SHA-256: | 3A90EDE157D40A4DB7859158C826F7B4D0F19A5768F6483C9BE6EE481C6E1AF7 |
SHA-512: | 2BE940F0468F77792C6E1B593376900C24FF0B0FAE8DC2E57B05596506789AA76119F8BE780C57252F74CD1F0C2FA7223FE44AE4FA3643C26DF00DD42BD4C016 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_msiexec.exe_c33026bb92c1c5e48857ebf08fb1c87029135dbe_94f980b3_cabbd458-a580-4ab6-a0bd-2a030cdc269e\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0620407663582367 |
Encrypted: | false |
SSDEEP: | 192:I+GDW8NT0BU/gjeT6HEcpZZzuiFSZ24IO8R:g68NABU/gje2ZzuiFSY4IO8R |
MD5: | 96A23DBBED8BC363B3D594D7E5006B35 |
SHA1: | EDC41DB4D73364E4CE1D5A19B4A19AE032C3A009 |
SHA-256: | A1DDD613E552EF156CCE2B443E0D3DF89C905AEA0BE387F61FABF40E3A11C926 |
SHA-512: | 2C21BCB880EEFE4B151216DE19C453680610AE0DCC2FC5E4FA5CD7DB5FF0F3AE7B1D10DC320AFFFF1E69BD3650207D1C847291D4C3734A0A757B2BE3AB142E68 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 123486 |
Entropy (8bit): | 1.8864609190718404 |
Encrypted: | false |
SSDEEP: | 384:Kyiah8/kQY5Ho1wgLBRIPfRuk2Gy4g/r1Eh66pY4ONhRxqDjXX1dEkvdw:Fh8/C5o1waI2GyR/xEh66pY4OZxudn |
MD5: | 7E8708989C95D35217D89D5F9174FF59 |
SHA1: | E04D3174E6D16D068971F91D39AE1890619FC23B |
SHA-256: | 0BB44B0390819002E5FFAE67C7D5D4AE62B366A98C7A1C10278CAE26D5307EAC |
SHA-512: | 64D423980161FE778AA0CAA191FCCD580B5B1064AE7184075E33AEF926015D7E81E511CB62B98E54F35B99051D793A156D661B05EDE5537F5E05FB615C97C4FC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6350 |
Entropy (8bit): | 3.724172440078415 |
Encrypted: | false |
SSDEEP: | 96:RSIU6o7wVetbQnb63RYb1QE/zD3gaM4Ucf89b55sfAzm:R6l7wVeJQb63RYp8prk89b55sfAzm |
MD5: | 52961B7C4A9AB393E7A25844FF7579B2 |
SHA1: | DA096B8A3FFD7A12E6F9B65C1AB68B8843C9B629 |
SHA-256: | 03BC75C3AAC3C37F1A4529C157A5814342D2A54C7EEB967634C67CAB2083BD15 |
SHA-512: | 3C9E04E4F4A12B2C23F489173F1F6C9C69A7AFC8C752FCCEF0034EA4058B942C8B94E01081EECE6878DF3CB8EF5CE3D3E9A4BB2C082C30E8F28D465128E31601 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4678 |
Entropy (8bit): | 4.482951903187678 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsStJg77aI9t6rWpW8VYgYm8M4J2qF60x+q8hyt2KKGFdd:uIjfSHI7D6a7VgJLxFt2KKGFdd |
MD5: | 5C762E114D7660C4B3E410B0FBA40761 |
SHA1: | B7A56AEFFCD16D779E744E53E8ABB1A1EE3E69F4 |
SHA-256: | 2438ABF5E52607081FDFECC87CDBB9F0A72FF970A5722FA43DCD7A33933AD633 |
SHA-512: | F079A7B6826A954F8BFF7283533D22FF6EAE649B903D6A176FEF3A367E985EEC174B2F12902EE2F9E67EEA308CB74E69E90747A20AD2920D9BA5E04E1830C816 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\sample.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 102400 |
Entropy (8bit): | 4.877017203647963 |
Encrypted: | false |
SSDEEP: | 768:/fQgxkwhxeY0M0NY+ZXCR60YZZWjti4Pz7JSZP7KL6yoVkzQol0AYzzaXs+pl:/fy7Y0M776JD6jhyOLnoVkztFYac+ |
MD5: | A3FD043C364D24FCE08095727AE115D0 |
SHA1: | 3EBE5124D8ECE2611428289C86545D33A4D72179 |
SHA-256: | 72EC81E0BB6F6800FCD48AFFCEDD6B377B1E1AC4E78F06B0B35A494EC43529E7 |
SHA-512: | 02A3DAC3457BFCBAF27F5F01EE66FED576D4B922DB050F6EF28C1F5D4321C1468BBD28A1BA63F3706D2FD863BFBAE7D6847B68F012C89777A44C3DDD1A754A7C |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\sample.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.465999369258548 |
Encrypted: | false |
SSDEEP: | 6144:xIXfpi67eLPU9skLmb0b4UWSPKaJG8nAgejZMMhA2gX4WABl0uNndwBCswSbHE:SXD94UWlLZMM6YFH5+H |
MD5: | 274461F9E11DEB4E6F53650FB40BCB63 |
SHA1: | 773959B85549B102726047D24FA508BCDA1F8B18 |
SHA-256: | F1B55D6608F60609C630560A3154509D5C03D7F8E75BB939A3CD393B2EDA8CE4 |
SHA-512: | 1FF51DB7EF4471A3CAD3C5A54D43F8F8EB5B87A985E5962755C8478A18F8891F59481C1C5C79A4C17039492F22212400529E6EBB5BFEE53FD8A485086DA71117 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 4.877017203647963 |
TrID: |
|
File name: | sample.exe |
File size: | 102'400 bytes |
MD5: | a3fd043c364d24fce08095727ae115d0 |
SHA1: | 3ebe5124d8ece2611428289c86545d33a4d72179 |
SHA256: | 72ec81e0bb6f6800fcd48affcedd6b377b1e1ac4e78f06b0b35a494ec43529e7 |
SHA512: | 02a3dac3457bfcbaf27f5f01ee66fed576d4b922db050f6ef28c1f5d4321c1468bbd28a1ba63f3706d2fd863bfbae7d6847b68f012c89777a44c3ddd1a754a7c |
SSDEEP: | 768:/fQgxkwhxeY0M0NY+ZXCR60YZZWjti4Pz7JSZP7KL6yoVkzQol0AYzzaXs+pl:/fy7Y0M776JD6jhyOLnoVkztFYac+ |
TLSH: | 2DA3E623EB910675C067433335576BF0C79DE3960261229F425BEB887D222BB9F6E349 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R...<_..<_..<_O.a_..<_..2_..<_..6_..<_..8_..<_..7_..<_..8_..<_..=_ .<_d.7_..<_K.:_..<_Rich..<_........................PE..L.. |
Icon Hash: | 35759e67af6f9f4b |
Entrypoint: | 0x4024a0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | |
Time Stamp: | 0x65936253 [Tue Jan 2 01:09:39 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 54d37aa6b27d39c04d9febe664e3ca52 |
Instruction |
---|
push ebp |
mov ebp, esp |
push FFFFFFFFh |
push 00403688h |
push 00402626h |
mov eax, dword ptr fs:[00000000h] |
push eax |
mov dword ptr fs:[00000000h], esp |
sub esp, 68h |
push ebx |
push esi |
push edi |
mov dword ptr [ebp-18h], esp |
xor ebx, ebx |
mov dword ptr [ebp-04h], ebx |
push 00000002h |
call dword ptr [00403238h] |
pop ecx |
or dword ptr [00405508h], FFFFFFFFh |
or dword ptr [0040550Ch], FFFFFFFFh |
call dword ptr [00403234h] |
mov ecx, dword ptr [004054FCh] |
mov dword ptr [eax], ecx |
call dword ptr [00403230h] |
mov ecx, dword ptr [004054F8h] |
mov dword ptr [eax], ecx |
mov eax, dword ptr [0040322Ch] |
mov eax, dword ptr [eax] |
mov dword ptr [00405504h], eax |
call 00007F1D8CBA82BBh |
cmp dword ptr [004053F0h], ebx |
jne 00007F1D8CBA81AEh |
push 00402622h |
call dword ptr [00403228h] |
pop ecx |
call 00007F1D8CBA828Dh |
push 00405038h |
push 00405034h |
call 00007F1D8CBA8278h |
mov eax, dword ptr [004054F4h] |
mov dword ptr [ebp-6Ch], eax |
lea eax, dword ptr [ebp-6Ch] |
push eax |
push dword ptr [004054F0h] |
lea eax, dword ptr [ebp-64h] |
push eax |
lea eax, dword ptr [ebp-70h] |
push eax |
lea eax, dword ptr [ebp-60h] |
push eax |
call dword ptr [0040325Ch] |
push 00405030h |
push 00405000h |
call 00007F1D8CBA8245h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x37d8 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6000 | 0x12e48 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x3000 | 0x2d0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1782 | 0x2000 | False | 0.3843994140625 | data | 4.712059039744991 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x3000 | 0x1074 | 0x2000 | False | 0.214599609375 | data | 3.1402339478066277 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x5000 | 0x510 | 0x1000 | False | 0.096923828125 | data | 0.9047321894272715 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x6000 | 0x12e48 | 0x13000 | False | 0.47773180509868424 | data | 5.192773923057832 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
ASDFE | 0x6ab0 | 0x212 | data | Chinese | China | 0.5792452830188679 |
RT_BITMAP | 0x6cc8 | 0x10c20 | Device independent bitmap graphic, 196 x 175 x 16, image size 0 | English | Great Britain | 0.48787878787878786 |
RT_BITMAP | 0x189e0 | 0x428 | Device independent bitmap graphic, 128 x 15 x 4, image size 960 | French | Switzerland | 0.3618421052631579 |
RT_ICON | 0x178e8 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Italian | Switzerland | 0.33198924731182794 |
RT_ICON | 0x17bd0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | Italian | Switzerland | 0.4391891891891892 |
RT_ICON | 0x17d20 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3200 | English | Australia | 0.3135802469135803 |
RT_DIALOG | 0x64d8 | 0xd0 | data | Chinese | China | 0.7259615384615384 |
RT_DIALOG | 0x65a8 | 0x1da | data | Chinese | China | 0.5084388185654009 |
RT_STRING | 0x18e08 | 0x3c | data | Chinese | China | 0.65 |
RT_GROUP_ICON | 0x189c8 | 0x14 | data | English | Australia | 1.25 |
RT_GROUP_ICON | 0x17cf8 | 0x22 | data | Italian | Switzerland | 1.0 |
RT_VERSION | 0x6788 | 0x324 | data | Chinese | China | 0.5087064676616916 |
RT_MANIFEST | 0x6350 | 0x188 | XML 1.0 document, ASCII text, with CRLF line terminators | Japanese | Japan | 0.5892857142857143 |
DLL | Import |
---|---|
MFC42.DLL | |
MSVCRT.dll | _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _setmbcp, malloc, __CxxFrameHandler, _mbscmp, __dllonexit, _onexit, _exit, __getmainargs, _acmdln, exit, _XcptFilter, _controlfp |
KERNEL32.dll | GetModuleFileNameA, FreeLibrary, GetStartupInfoA, LocalFree, OutputDebugStringA, Sleep, GetProcAddress, CreateEventA, CloseHandle, LoadLibraryA, CreateThread, VirtualProtect, GetModuleHandleA, ResetEvent, WaitForSingleObject |
USER32.dll | EnableWindow, GetWindowRect, ClipCursor, SystemParametersInfoA, FindWindowA, LoadIconA, SendMessageA, AppendMenuA, GetSystemMenu, DrawIcon, GetClientRect, GetSystemMetrics, ShowWindow, IsIconic |
GDI32.dll | CreateSolidBrush |
ADVAPI32.dll | RegSetValueExA, RegCloseKey, GetNamedSecurityInfoA, BuildExplicitAccessWithNameA, SetEntriesInAclA, SetNamedSecurityInfoA, RegOpenKeyExA |
WS2_32.dll | gethostbyname, htons, send, closesocket, WSACleanup, WSAStartup, socket |
MSVCP60.dll | ??1Init@ios_base@std@@QAE@XZ, ??0_Winit@std@@QAE@XZ, ??1_Winit@std@@QAE@XZ, ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z, ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z, ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ??0Init@ios_base@std@@QAE@XZ |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | China | |
English | Great Britain | |
French | Switzerland | |
English | Australia | |
Japanese | Japan |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 17, 2024 04:02:14.438278913 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:14.756162882 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:14.756232977 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:14.757076025 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:15.074877977 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.074901104 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.074955940 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:15.074970007 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.075018883 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.075067997 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:15.392576933 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.392628908 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.392729044 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.392740965 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:15.392771006 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.392817020 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:15.392841101 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.392882109 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.392923117 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:15.392939091 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.441612959 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:15.710436106 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.710500002 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.710537910 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.710556984 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:15.710577965 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.710617065 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.710642099 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:15.710659027 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.710695982 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.710711956 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:15.710731983 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.710768938 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.710786104 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:15.710804939 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.710841894 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.710858107 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:15.710880041 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.710927010 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:15.759076118 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.759118080 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:15.759218931 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.028702021 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.028734922 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.028753042 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.028770924 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.028865099 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.028920889 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.028954983 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.028954983 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.028990030 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.029021025 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029093981 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029153109 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.029186964 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029241085 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029292107 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.029314041 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029423952 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029472113 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.029525042 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029591084 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029639959 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.029656887 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029738903 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029787064 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.029803991 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029817104 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029870033 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.029872894 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029894114 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029908895 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.029957056 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.029968977 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.030019045 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.030179024 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.030356884 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.030407906 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.076575994 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.076615095 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.076653957 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.076695919 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.076733112 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.076752901 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.346368074 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346383095 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346398115 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346412897 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346424103 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346445084 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346457958 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.346473932 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346515894 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.346518993 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346532106 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346544981 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346576929 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.346587896 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346599102 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346606016 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.346641064 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.346676111 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346713066 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346749067 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346771002 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.346817970 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346888065 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346919060 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.346925974 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346961975 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.346973896 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.346998930 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347034931 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347063065 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.347070932 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347106934 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347124100 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.347145081 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347182989 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347209930 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.347250938 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347285986 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347302914 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.347321987 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347358942 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347373962 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.347394943 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347430944 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347446918 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.347465992 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347518921 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347520113 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.347563028 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347599983 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347615957 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.347635031 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347671032 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347691059 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.347706079 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347742081 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347759962 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.347778082 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347812891 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347840071 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.347848892 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347884893 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347909927 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.347919941 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347954988 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.347970009 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.347990990 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.348026991 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.348037004 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.348064899 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.348117113 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.394728899 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.394773006 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.394809961 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.394834995 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.394845963 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.394881964 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.394893885 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.394917965 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.394953012 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.394975901 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.394989967 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.395036936 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.665683985 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.665744066 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.665782928 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.665812969 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.665819883 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.665857077 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.665894985 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.665921926 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.665957928 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.665982008 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.665997028 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666034937 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666055918 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.666070938 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666110039 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666130066 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.666146994 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666186094 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666201115 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.666224957 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666263103 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666280985 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.666301012 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666338921 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666356087 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.666373968 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666412115 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666429043 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.666446924 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666482925 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666501045 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.666517973 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666558027 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666574955 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.666594028 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666630030 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666649103 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.666667938 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666707039 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666723967 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.666742086 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666779995 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666798115 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.666815996 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666851044 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666872978 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.666887045 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666922092 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666939974 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.666959047 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.666995049 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667016983 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667031050 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667067051 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667087078 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667093039 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667109013 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667124987 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667140007 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667148113 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667156935 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667171955 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667172909 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667186975 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667201996 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667211056 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667216063 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667232990 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667249918 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667253971 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667265892 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667269945 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667284966 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667301893 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667303085 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667315960 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667327881 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667337894 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667340994 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667350054 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667361975 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667370081 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667372942 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667383909 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667395115 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667395115 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667407036 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667418003 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667428017 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667449951 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667453051 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667486906 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667503119 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667531013 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667583942 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667601109 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667651892 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667701960 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667723894 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667792082 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667835951 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667839050 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667870998 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667921066 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.667948961 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.667974949 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.668021917 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.668041945 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.668097019 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.668132067 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.668143988 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.668204069 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.668226004 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.668268919 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.668306112 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.668355942 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.668421030 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.668466091 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.668525934 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.668617964 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.668735981 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.668786049 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.668808937 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.668886900 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.668935061 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.668993950 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.669065952 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.669115067 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.669147015 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.669229031 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.669275045 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.669297934 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.669343948 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.669404030 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.669404984 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.669459105 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.669506073 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.669539928 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.669626951 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.669682980 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.669717073 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.669820070 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.669868946 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.676023960 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.712496996 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.712548971 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.712608099 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.712618113 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.712690115 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.712745905 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.712757111 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.712826014 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.712883949 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.712912083 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.712984085 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.713021040 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.713032961 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.713089943 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.713125944 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.713143110 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.713212967 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.713265896 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.713339090 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.713377953 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.713427067 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.713438034 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.713464975 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.713515043 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.910543919 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.957385063 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.984837055 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.984854937 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.984930992 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.984946966 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.984952927 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.984999895 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.985021114 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.985081911 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.985138893 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.985140085 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.985305071 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.985356092 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.985425949 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.985498905 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.985549927 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.985579967 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.985677958 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.985724926 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.985743999 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.985816002 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.985860109 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.985896111 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.985997915 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.986048937 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.986110926 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.986166954 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.986213923 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.986243010 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.986339092 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.986385107 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.986438990 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.986449957 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.986490011 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.986509085 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.986594915 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.986635923 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.986644030 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.986716986 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.986766100 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:16.986767054 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.986778021 CET | 16037 | 49729 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:16.986818075 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:17.004148960 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:17.051057100 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:17.938982010 CET | 49729 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:18.041709900 CET | 49730 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:18.348474026 CET | 16037 | 49730 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:18.348771095 CET | 49730 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:18.980796099 CET | 49731 | 80 | 192.168.2.4 | 14.29.101.169 |
Jan 17, 2024 04:02:19.988559008 CET | 49731 | 80 | 192.168.2.4 | 14.29.101.169 |
Jan 17, 2024 04:02:21.988492012 CET | 49731 | 80 | 192.168.2.4 | 14.29.101.169 |
Jan 17, 2024 04:02:25.988464117 CET | 49731 | 80 | 192.168.2.4 | 14.29.101.169 |
Jan 17, 2024 04:02:31.071890116 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:31.379111052 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:31.379195929 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:31.379883051 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:31.687814951 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:31.687911034 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:31.688019991 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:31.688040018 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:31.688080072 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:31.688132048 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:31.994975090 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:31.995017052 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:31.995070934 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:31.995091915 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:31.995167017 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:31.995219946 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:31.995270014 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:31.995383024 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:31.995431900 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:31.995471001 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.035356045 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.302033901 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.302268028 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.302330017 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.302395105 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.302536011 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.302576065 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.302587032 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.302645922 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.302683115 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.302736044 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.302753925 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.302791119 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.302818060 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.302828074 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.302881956 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.302917957 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.302925110 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.303005934 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.342243910 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.342338085 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.342384100 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.609514952 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.609580994 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.609622955 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.609637976 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.609661102 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.609699965 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.609714985 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.609738111 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.609775066 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.609786034 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.609813929 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.609859943 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.609954119 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.609993935 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610042095 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.610084057 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610122919 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610250950 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610302925 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.610321999 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610359907 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610368013 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.610435009 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610522032 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610574961 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.610594034 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610666990 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610702991 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.610754967 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610804081 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.610827923 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610898018 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610934019 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.610950947 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.611028910 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.611103058 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.649338007 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.649378061 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.649416924 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.649456024 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.649456024 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.649564028 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.916886091 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.916960955 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917002916 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917030096 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.917041063 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917107105 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917107105 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.917190075 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917231083 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.917236090 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917270899 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917339087 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.917355061 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917433023 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917490005 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917494059 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.917521954 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917556047 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917572975 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.917642117 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917706966 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917771101 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.917809010 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917855978 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.917911053 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.917990923 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.918057919 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.918102980 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.918139935 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.918231010 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.918267965 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.918304920 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.918355942 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.918407917 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.918493032 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.918576002 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.918605089 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.918685913 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.918801069 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.918824911 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.918858051 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.918939114 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.918950081 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.919023991 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.919091940 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.919114113 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.919194937 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.919265032 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.919270992 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.919393063 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.919457912 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.919461966 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.919547081 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.919624090 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.919639111 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.919702053 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.919744015 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.919787884 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.919883013 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.919934034 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.919962883 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.920089960 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.920133114 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.920156002 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.920222998 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.920270920 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.920298100 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.920386076 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.920427084 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.920469999 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.920578957 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.920635939 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.957514048 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.957603931 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.957642078 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.957675934 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.957678080 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.957715988 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.957753897 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.957766056 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.957789898 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.957820892 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:32.957828045 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:32.957904100 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.224127054 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.224186897 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.224224091 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.224236012 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.224265099 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.224307060 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.224405050 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.224520922 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.224559069 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.224587917 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.224601030 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.224639893 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.224677086 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.224713087 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.224785089 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.224837065 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.224874973 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.224914074 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.224966049 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.224983931 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.225055933 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.225075960 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.225155115 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.225191116 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.225209951 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.225342035 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.225469112 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.225486040 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.225594997 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.225636959 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.225677013 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.225717068 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.225754023 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.225795031 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.225856066 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.225912094 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.225999117 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226038933 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226075888 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226085901 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.226114988 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226178885 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.226212025 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226283073 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226352930 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.226385117 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226458073 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226502895 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.226552010 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226593971 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226630926 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226666927 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226679087 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.226756096 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226794004 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.226843119 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.226928949 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.226974010 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227015018 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227051020 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227087975 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227098942 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.227134943 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.227157116 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227230072 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227289915 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.227303028 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227404118 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227441072 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227463007 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.227540970 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227586985 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.227674961 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227713108 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227756023 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.227807045 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227844000 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227880001 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.227900982 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.227952957 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.228009939 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.228045940 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.228302956 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.228341103 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.228358030 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.228378057 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.228414059 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.228418112 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.228452921 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.228491068 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.228507996 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.228529930 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.228568077 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.228570938 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.228688002 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.228748083 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.228924036 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.228997946 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.229037046 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.229080915 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.229125023 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.229176998 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.229197025 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.229233980 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.229269028 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.229310036 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.229368925 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.229429007 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.229512930 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.229551077 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.229588985 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.229636908 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.229753971 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.229792118 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.229809999 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.229854107 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.229902029 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.229970932 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.230007887 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.230159044 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.230211973 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.230431080 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.230484009 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.230532885 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.230604887 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.230681896 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.230689049 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.230804920 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.230856895 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.230865002 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.230937004 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.230994940 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.231045008 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.231230021 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.231285095 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.231323004 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.231393099 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.231445074 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.231527090 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.231626987 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.231703997 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.231755018 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.231787920 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.231889009 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.254223108 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.264934063 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.264954090 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.264971018 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265008926 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.265094995 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265113115 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265129089 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265145063 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265161991 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265166044 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.265166044 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.265182018 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265197992 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265213013 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265223026 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.265232086 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265249014 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265260935 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.265265942 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265285015 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265286922 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.265300989 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.265301943 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.265341997 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.488708019 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.531204939 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.531232119 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.531286955 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.531296968 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.531337023 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.531358957 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.531398058 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.531443119 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.531492949 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.531538963 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.531584978 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.531630039 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.531632900 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.531687975 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.531734943 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.531744003 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.531804085 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.531847954 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.531850100 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.531955957 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532042980 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532089949 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.532094002 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532159090 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532185078 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532203913 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.532224894 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.532263994 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532282114 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532321930 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.532351017 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532423973 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532469034 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.532491922 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532596111 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532644987 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.532674074 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532757044 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532810926 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.532907009 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532936096 CET | 16037 | 49732 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:33.532991886 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.535474062 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.582541943 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:33.988481045 CET | 49731 | 80 | 192.168.2.4 | 14.29.101.169 |
Jan 17, 2024 04:02:35.536201954 CET | 49730 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:35.840744019 CET | 16037 | 49730 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:35.894762039 CET | 49730 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:37.530158043 CET | 49732 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:39.990767956 CET | 49738 | 80 | 192.168.2.4 | 14.29.101.160 |
Jan 17, 2024 04:02:41.004141092 CET | 49738 | 80 | 192.168.2.4 | 14.29.101.160 |
Jan 17, 2024 04:02:43.019751072 CET | 49738 | 80 | 192.168.2.4 | 14.29.101.160 |
Jan 17, 2024 04:02:47.019732952 CET | 49738 | 80 | 192.168.2.4 | 14.29.101.160 |
Jan 17, 2024 04:02:52.238662004 CET | 49730 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:52.542541981 CET | 16037 | 49730 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:02:52.582256079 CET | 49730 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:02:55.021083117 CET | 49738 | 80 | 192.168.2.4 | 14.29.101.160 |
Jan 17, 2024 04:03:01.036051989 CET | 49739 | 80 | 192.168.2.4 | 14.29.101.168 |
Jan 17, 2024 04:03:02.035371065 CET | 49739 | 80 | 192.168.2.4 | 14.29.101.168 |
Jan 17, 2024 04:03:04.035449982 CET | 49739 | 80 | 192.168.2.4 | 14.29.101.168 |
Jan 17, 2024 04:03:08.035409927 CET | 49739 | 80 | 192.168.2.4 | 14.29.101.168 |
Jan 17, 2024 04:03:09.160615921 CET | 49730 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:03:09.464848042 CET | 16037 | 49730 | 206.238.220.90 | 192.168.2.4 |
Jan 17, 2024 04:03:09.519776106 CET | 49730 | 16037 | 192.168.2.4 | 206.238.220.90 |
Jan 17, 2024 04:03:16.035408020 CET | 49739 | 80 | 192.168.2.4 | 14.29.101.168 |
Jan 17, 2024 04:03:31.522371054 CET | 49730 | 16037 | 192.168.2.4 | 206.238.220.90 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 17, 2024 04:02:18.438715935 CET | 56592 | 53 | 192.168.2.4 | 1.1.1.1 |
Jan 17, 2024 04:02:18.971795082 CET | 53 | 56592 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jan 17, 2024 04:02:18.438715935 CET | 192.168.2.4 | 1.1.1.1 | 0xe987 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jan 17, 2024 04:02:18.971795082 CET | 1.1.1.1 | 192.168.2.4 | 0xe987 | No error (0) | whois.pconline.com.cn.ctadns.cn | CNAME (Canonical name) | IN (0x0001) | false | ||
Jan 17, 2024 04:02:18.971795082 CET | 1.1.1.1 | 192.168.2.4 | 0xe987 | No error (0) | 14.29.101.169 | A (IP address) | IN (0x0001) | false | ||
Jan 17, 2024 04:02:18.971795082 CET | 1.1.1.1 | 192.168.2.4 | 0xe987 | No error (0) | 14.29.101.160 | A (IP address) | IN (0x0001) | false | ||
Jan 17, 2024 04:02:18.971795082 CET | 1.1.1.1 | 192.168.2.4 | 0xe987 | No error (0) | 14.29.101.168 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 04:02:13 |
Start date: | 17/01/2024 |
Path: | C:\Users\user\Desktop\sample.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 102'400 bytes |
MD5 hash: | A3FD043C364D24FCE08095727AE115D0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 04:02:17 |
Start date: | 17/01/2024 |
Path: | C:\Program Files (x86)\msiexec.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6c0000 |
File size: | 59'904 bytes |
MD5 hash: | 9D09DC1EDA745A5F87553048E57620CF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 04:02:28 |
Start date: | 17/01/2024 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b770000 |
File size: | 5'141'208 bytes |
MD5 hash: | 662F4F92FDE3557E86D110526BB578D5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 04:02:29 |
Start date: | 17/01/2024 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b770000 |
File size: | 5'141'208 bytes |
MD5 hash: | 662F4F92FDE3557E86D110526BB578D5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 04:02:30 |
Start date: | 17/01/2024 |
Path: | C:\Users\user\Documents\msedge.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 102'400 bytes |
MD5 hash: | A3FD043C364D24FCE08095727AE115D0 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 04:02:30 |
Start date: | 17/01/2024 |
Path: | C:\Users\user\Documents\msedge.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 102'400 bytes |
MD5 hash: | A3FD043C364D24FCE08095727AE115D0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 9 |
Start time: | 04:02:33 |
Start date: | 17/01/2024 |
Path: | C:\Program Files (x86)\msiexec.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6c0000 |
File size: | 59'904 bytes |
MD5 hash: | 9D09DC1EDA745A5F87553048E57620CF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 14 |
Start time: | 04:03:21 |
Start date: | 17/01/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x600000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 4.4% |
Dynamic/Decrypted Code Coverage: | 83.6% |
Signature Coverage: | 27.6% |
Total number of Nodes: | 275 |
Total number of Limit Nodes: | 5 |
Graph
Function 1000DD00 Relevance: 109.1, APIs: 46, Strings: 16, Instructions: 638threadprocesswindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000DE90 Relevance: 98.5, APIs: 41, Strings: 15, Instructions: 479threadwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100052B0 Relevance: 61.5, APIs: 25, Strings: 10, Instructions: 206processthreadinjectionCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004012D0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 112sleepnetworklibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47processCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E5C0 Relevance: 105.4, APIs: 43, Strings: 17, Instructions: 369filethreadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E390 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 121registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018C0 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 91windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005180 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 89registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401210 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 64networklibraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E530 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 43registrysleepCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026507E8 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 28libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E549 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 28registrysleepCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401770 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54sleepCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026501A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004014A0 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401830 Relevance: 6.0, APIs: 4, Instructions: 29windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02650478 Relevance: 3.9, APIs: 3, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401080 Relevance: 3.0, APIs: 2, Instructions: 28networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401130 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402632 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026500F8 Relevance: 1.3, APIs: 1, Instructions: 72memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006970 Relevance: 105.7, APIs: 50, Strings: 10, Instructions: 715stringregistrynetworkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005610 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 97libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02656EFC Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 206injectionthreadfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A60 Relevance: 13.6, APIs: 9, Instructions: 71windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006010 Relevance: 8.9, APIs: 7, Instructions: 127COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02661788 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0265411C Relevance: .5, Instructions: 479COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0265FADC Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 479threadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002E60 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 158networktimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000F5F0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 166registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000D9B0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 155synchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004AB0 Relevance: 24.2, APIs: 16, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100067D0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 133networkfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02654AAC Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 158networktimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005BB0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 95stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026566FC Relevance: 16.7, APIs: 11, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0265F5FC Relevance: 16.7, APIs: 11, Instructions: 155synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000BF40 Relevance: 15.2, APIs: 10, Instructions: 224COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003540 Relevance: 15.1, APIs: 10, Instructions: 115COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004430 Relevance: 15.1, APIs: 10, Instructions: 93synchronizationtimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0265725C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 97libraryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006480 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 59stringnetworkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000F0B0 Relevance: 13.7, APIs: 9, Instructions: 195timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100088F0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004C80 Relevance: 13.6, APIs: 9, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026600C7 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 51registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100092B0 Relevance: 12.2, APIs: 8, Instructions: 240COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005ED0 Relevance: 12.1, APIs: 8, Instructions: 115memorylibraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004060 Relevance: 12.1, APIs: 8, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10009610 Relevance: 10.9, APIs: 7, Instructions: 368COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10007900 Relevance: 10.7, APIs: 7, Instructions: 180COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02656EEB Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 163injectionthreadfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401FD0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10009C80 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003030 Relevance: 9.1, APIs: 6, Instructions: 82networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006250 Relevance: 9.1, APIs: 6, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004750 Relevance: 9.0, APIs: 6, Instructions: 36sleepsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003330 Relevance: 9.0, APIs: 6, Instructions: 32synchronizationsleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001830 Relevance: 8.9, APIs: 7, Instructions: 145COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C4A0 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A670 Relevance: 7.6, APIs: 5, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000CB90 Relevance: 7.6, APIs: 5, Instructions: 130COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000D650 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C3A0 Relevance: 7.6, APIs: 5, Instructions: 90COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02655CAC Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006550 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 54stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002BF0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100050D0 Relevance: 7.5, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002DF0 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02654A3C Relevance: 7.5, APIs: 5, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001BA0 Relevance: 6.4, APIs: 5, Instructions: 177COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02657E9C Relevance: 6.3, APIs: 5, Instructions: 53memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02660CFC Relevance: 6.2, APIs: 4, Instructions: 195timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000AE40 Relevance: 6.2, APIs: 4, Instructions: 169COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A380 Relevance: 6.2, APIs: 4, Instructions: 167COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02657C5C Relevance: 6.1, APIs: 4, Instructions: 127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0265F941 Relevance: 6.1, APIs: 4, Instructions: 118threadprocesswindowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0265607C Relevance: 6.1, APIs: 4, Instructions: 93synchronizationtimeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000ACE0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C760 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100011B0 Relevance: 6.1, APIs: 4, Instructions: 76memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004380 Relevance: 6.1, APIs: 4, Instructions: 70networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02655FCC Relevance: 6.1, APIs: 4, Instructions: 70networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001100 Relevance: 6.1, APIs: 4, Instructions: 66memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003BF0 Relevance: 6.1, APIs: 4, Instructions: 58networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0265583C Relevance: 6.1, APIs: 4, Instructions: 58networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10007ADC Relevance: 6.1, APIs: 4, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100041E0 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02655E2C Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004980 Relevance: 6.0, APIs: 4, Instructions: 45timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100036A0 Relevance: 6.0, APIs: 4, Instructions: 42timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000EE80 Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026580CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59networkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005B2C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005B7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02657778 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026577C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005CC0 Relevance: 5.1, APIs: 4, Instructions: 67memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 5.5% |
Dynamic/Decrypted Code Coverage: | 94.1% |
Signature Coverage: | 4.8% |
Total number of Nodes: | 1367 |
Total number of Limit Nodes: | 16 |
Graph
Function 1000DD00 Relevance: 109.1, APIs: 46, Strings: 16, Instructions: 638threadprocesswindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006970 Relevance: 105.7, APIs: 50, Strings: 10, Instructions: 715stringregistrynetworkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000DE90 Relevance: 98.5, APIs: 41, Strings: 15, Instructions: 479threadwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E5C0 Relevance: 105.4, APIs: 43, Strings: 17, Instructions: 369filethreadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E390 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 121registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002E60 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 158networktimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000F5F0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 166registryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000D9B0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 155synchronizationthreadCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100067D0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 133networkfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005180 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 89registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006480 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 59stringnetworkCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E530 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 43registrysleepCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000F0B0 Relevance: 13.7, APIs: 9, Instructions: 195timeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030007A0 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 28libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E549 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 28registrysleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003030 Relevance: 9.1, APIs: 6, Instructions: 82networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03000160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100011B0 Relevance: 6.1, APIs: 4, Instructions: 76memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001100 Relevance: 6.1, APIs: 4, Instructions: 66memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003390 Relevance: 4.7, APIs: 3, Instructions: 151timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003190 Relevance: 4.6, APIs: 3, Instructions: 88threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03000430 Relevance: 3.9, APIs: 3, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003290 Relevance: 3.1, APIs: 2, Instructions: 60networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000EE00 Relevance: 3.0, APIs: 2, Instructions: 38memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003130 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 36sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000F85A Relevance: 3.0, APIs: 2, Instructions: 8registryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000F3B0 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011150 Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030000B0 Relevance: 1.3, APIs: 1, Instructions: 72memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C63E3 Relevance: 217.0, APIs: 82, Strings: 41, Instructions: 1785registrywindowthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100052B0 Relevance: 61.5, APIs: 25, Strings: 10, Instructions: 206injectionprocessthreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C59F2 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 136registrystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C5C84 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 189libraryfilestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03006EB4 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 206injectionthreadfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C30F2 Relevance: 10.6, APIs: 7, Instructions: 65memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03011740 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C95F0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C7EB0 Relevance: 88.0, APIs: 40, Strings: 10, Instructions: 481windowregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0300FA94 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 479threadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005610 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 97libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004AB0 Relevance: 24.2, APIs: 16, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0300F5B4 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 155synchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03004A64 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 158networktimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C57C0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 131libraryloaderwindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005BB0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 95stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C8F66 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 55libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030066B4 Relevance: 16.7, APIs: 11, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C5441 Relevance: 16.6, APIs: 11, Instructions: 127librarystringloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000BF40 Relevance: 15.2, APIs: 10, Instructions: 224COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003540 Relevance: 15.1, APIs: 10, Instructions: 115COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004430 Relevance: 15.1, APIs: 10, Instructions: 93synchronizationtimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03007214 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 97libraryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C9330 Relevance: 13.6, APIs: 9, Instructions: 144sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100088F0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004C80 Relevance: 13.6, APIs: 9, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0301007F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 51registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C7E20 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registrythreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100092B0 Relevance: 12.2, APIs: 8, Instructions: 240COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005ED0 Relevance: 12.1, APIs: 8, Instructions: 115memorylibraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004060 Relevance: 12.1, APIs: 8, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10009610 Relevance: 10.9, APIs: 7, Instructions: 368COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10007900 Relevance: 10.7, APIs: 7, Instructions: 180COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03006EA3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 163injectionthreadfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C4CEC Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 131stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C5BF0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10009C80 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006250 Relevance: 9.1, APIs: 6, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004750 Relevance: 9.0, APIs: 6, Instructions: 36sleepsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003330 Relevance: 9.0, APIs: 6, Instructions: 32synchronizationsleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C43A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 187memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001830 Relevance: 8.9, APIs: 7, Instructions: 145COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006010 Relevance: 8.9, APIs: 7, Instructions: 127COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C915B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C8ADC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35librarysleeploaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C63A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C4A0 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A670 Relevance: 7.6, APIs: 5, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000CB90 Relevance: 7.6, APIs: 5, Instructions: 130COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000D650 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C3A0 Relevance: 7.6, APIs: 5, Instructions: 90COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03005C64 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000F4A0 Relevance: 7.6, APIs: 5, Instructions: 59threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006550 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 54stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002BF0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100050D0 Relevance: 7.5, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002DF0 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030049F4 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C9A60 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C3CF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C3DFA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C8A55 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52librarysleeploaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001BA0 Relevance: 6.4, APIs: 5, Instructions: 177COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03007E54 Relevance: 6.3, APIs: 5, Instructions: 53memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03010CB4 Relevance: 6.2, APIs: 4, Instructions: 195timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000AE40 Relevance: 6.2, APIs: 4, Instructions: 169COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A380 Relevance: 6.2, APIs: 4, Instructions: 167COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C4970 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 130stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03007C14 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C44A9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 124memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0300F8F9 Relevance: 6.1, APIs: 4, Instructions: 118threadprocesswindowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03006034 Relevance: 6.1, APIs: 4, Instructions: 93synchronizationtimeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000ACE0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C760 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004380 Relevance: 6.1, APIs: 4, Instructions: 70networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03005F84 Relevance: 6.1, APIs: 4, Instructions: 70networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003BF0 Relevance: 6.1, APIs: 4, Instructions: 58networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030057F4 Relevance: 6.1, APIs: 4, Instructions: 58networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10007ADC Relevance: 6.1, APIs: 4, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100041E0 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03005DE4 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004980 Relevance: 6.0, APIs: 4, Instructions: 45timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100036A0 Relevance: 6.0, APIs: 4, Instructions: 42timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000EE80 Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C9280 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03008084 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59networkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C8D4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52sleeplibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C8BFD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52sleeplibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C88B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52sleeplibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005B2C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005B7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03007730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03007780 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006C2F5E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005CC0 Relevance: 5.1, APIs: 4, Instructions: 67memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A60 Relevance: 13.6, APIs: 9, Instructions: 71windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004012D0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 112sleeplibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401210 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64libraryloadersynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401FD0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401770 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004014A0 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401830 Relevance: 6.0, APIs: 4, Instructions: 29windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 4.1% |
Dynamic/Decrypted Code Coverage: | 84.7% |
Signature Coverage: | 0% |
Total number of Nodes: | 295 |
Total number of Limit Nodes: | 8 |
Graph
Function 1000DD00 Relevance: 109.1, APIs: 46, Strings: 16, Instructions: 638threadprocesswindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000DE90 Relevance: 98.5, APIs: 41, Strings: 15, Instructions: 479threadwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100052B0 Relevance: 61.5, APIs: 25, Strings: 10, Instructions: 206processthreadinjectionCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E5C0 Relevance: 105.4, APIs: 43, Strings: 17, Instructions: 369filethreadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004012D0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 112sleepnetworklibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018C0 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 91windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005180 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 89registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401210 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 64networklibraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E530 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 43registrysleepCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024707E8 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 28libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47processCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E549 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 28registrysleepCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401770 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54sleepCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024701A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004014A0 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401830 Relevance: 6.0, APIs: 4, Instructions: 29windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02470478 Relevance: 3.9, APIs: 3, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401080 Relevance: 3.0, APIs: 2, Instructions: 28networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401130 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402632 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024700F8 Relevance: 1.3, APIs: 1, Instructions: 72memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02476EFC Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 206injectionthreadfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A60 Relevance: 13.6, APIs: 9, Instructions: 71windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02481788 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0247FADC Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 479threadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005610 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 97libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002E60 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 158networktimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000F5F0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 166registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000D9B0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 155synchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004AB0 Relevance: 24.2, APIs: 16, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02474AAC Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 158networktimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024766FC Relevance: 16.7, APIs: 11, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0247F5FC Relevance: 16.7, APIs: 11, Instructions: 155synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000BF40 Relevance: 15.2, APIs: 10, Instructions: 224COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003540 Relevance: 15.1, APIs: 10, Instructions: 115COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004430 Relevance: 15.1, APIs: 10, Instructions: 93synchronizationtimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0247725C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 97libraryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006480 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 59stringnetworkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000F0B0 Relevance: 13.7, APIs: 9, Instructions: 195timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100088F0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004C80 Relevance: 13.6, APIs: 9, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024800C7 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 51registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100092B0 Relevance: 12.2, APIs: 8, Instructions: 240COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005ED0 Relevance: 12.1, APIs: 8, Instructions: 115memorylibraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004060 Relevance: 12.1, APIs: 8, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10009610 Relevance: 10.9, APIs: 7, Instructions: 368COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10007900 Relevance: 10.7, APIs: 7, Instructions: 180COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02476EEB Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 163injectionthreadfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401FD0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10009C80 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003030 Relevance: 9.1, APIs: 6, Instructions: 82networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006250 Relevance: 9.1, APIs: 6, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003330 Relevance: 9.0, APIs: 6, Instructions: 32synchronizationsleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001830 Relevance: 8.9, APIs: 7, Instructions: 145COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006010 Relevance: 8.9, APIs: 7, Instructions: 127COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C4A0 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A670 Relevance: 7.6, APIs: 5, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000D650 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02475CAC Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006550 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 54stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100050D0 Relevance: 7.5, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02474A3C Relevance: 7.5, APIs: 5, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002DF0 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02477E9C Relevance: 6.3, APIs: 5, Instructions: 53memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02480CFC Relevance: 6.2, APIs: 4, Instructions: 195timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000AE40 Relevance: 6.2, APIs: 4, Instructions: 169COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02477C5C Relevance: 6.1, APIs: 4, Instructions: 127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0247F941 Relevance: 6.1, APIs: 4, Instructions: 118threadprocesswindowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0247607C Relevance: 6.1, APIs: 4, Instructions: 93synchronizationtimeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000ACE0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100011B0 Relevance: 6.1, APIs: 4, Instructions: 76memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02475FCC Relevance: 6.1, APIs: 4, Instructions: 70networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001100 Relevance: 6.1, APIs: 4, Instructions: 66memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0247583C Relevance: 6.1, APIs: 4, Instructions: 58networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10007ADC Relevance: 6.1, APIs: 4, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02475E2C Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100041E0 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004980 Relevance: 6.0, APIs: 4, Instructions: 45timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100036A0 Relevance: 6.0, APIs: 4, Instructions: 42timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000EE80 Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024780CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59networkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02477778 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024777C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005B2C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005CC0 Relevance: 5.1, APIs: 4, Instructions: 67memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |