Windows
Analysis Report
Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe (PID: 5044 cmdline:
C:\Users\u ser\Deskto p\Trojan.M SIL.Agent. fpar-249a4 af8064c560 426fc8a.ex e MD5: E587236CB6E5CCF2497AB08B245F724F) - schtasks.exe (PID: 2472 cmdline:
schtasks.e xe" /creat e /f /tn " DHCP Monit or" /xml " C:\Users\u ser\AppDat a\Local\Te mp\tmp2F6A .tmp MD5: 15FF7D8324231381BAD48A052F85DF04) - conhost.exe (PID: 4956 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - schtasks.exe (PID: 4852 cmdline:
schtasks.e xe" /creat e /f /tn " DHCP Monit or Task" / xml "C:\Us ers\user\A ppData\Loc al\Temp\tm p315F.tmp MD5: 15FF7D8324231381BAD48A052F85DF04) - conhost.exe (PID: 4964 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
- Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe (PID: 1244 cmdline:
C:\Users\u ser\Deskto p\Trojan.M SIL.Agent. fpar-249a4 af8064c560 426fc8a.ex e 0 MD5: E587236CB6E5CCF2497AB08B245F724F)
- dhcpmon.exe (PID: 2148 cmdline:
"C:\Progra m Files (x 86)\DHCP M onitor\dhc pmon.exe" 0 MD5: E587236CB6E5CCF2497AB08B245F724F)
- cleanup
{"Version": "1.2.2.0", "Mutex": "6f656d69-7475-8807-1300-000c0a4c", "Group": "KUWAIT", "Domain1": "doc4.ddns.net", "Domain2": "donald30m.gleeze.com", "Port": 9497, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen |
| |
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Click to see the 1 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen |
| |
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Click to see the 1 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) |
| |
Click to see the 28 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth (Nextron Systems) |
| |
MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen |
| |
Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth (Nextron Systems) |
| |
Click to see the 53 entries |
AV Detection |
---|
Source: | Author: Joe Security: |
E-Banking Fraud |
---|
Source: | Author: Joe Security: |
Persistence and Installation Behavior |
---|
Source: | Author: Joe Security: |
Stealing of Sensitive Information |
---|
Source: | Author: Joe Security: |
Remote Access Functionality |
---|
Source: | Author: Joe Security: |
Timestamp: | 192.168.2.5216.218.135.1184970494972025019 02/02/23-13:52:37.416548 |
SID: | 2025019 |
Source Port: | 49704 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184971494972025019 02/02/23-13:53:43.248786 |
SID: | 2025019 |
Source Port: | 49714 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184970494972816718 02/02/23-13:52:37.610379 |
SID: | 2816718 |
Source Port: | 49704 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184971994972816766 02/02/23-13:54:17.287135 |
SID: | 2816766 |
Source Port: | 49719 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184970794972025019 02/02/23-13:53:11.027058 |
SID: | 2025019 |
Source Port: | 49707 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184970694972816766 02/02/23-13:53:06.659044 |
SID: | 2816766 |
Source Port: | 49706 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184971694972816766 02/02/23-13:53:51.482545 |
SID: | 2816766 |
Source Port: | 49716 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184971894972816766 02/02/23-13:54:10.762374 |
SID: | 2816766 |
Source Port: | 49718 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184971394972816718 02/02/23-13:53:38.638029 |
SID: | 2816718 |
Source Port: | 49713 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184970594972816766 02/02/23-13:52:47.006733 |
SID: | 2816766 |
Source Port: | 49705 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184971694972025019 02/02/23-13:53:49.540253 |
SID: | 2025019 |
Source Port: | 49716 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184970694972025019 02/02/23-13:53:04.914468 |
SID: | 2025019 |
Source Port: | 49706 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184970994972816766 02/02/23-13:53:19.141097 |
SID: | 2816766 |
Source Port: | 49709 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184971994972025019 02/02/23-13:54:15.331062 |
SID: | 2025019 |
Source Port: | 49719 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184970494972816766 02/02/23-13:52:39.164512 |
SID: | 2816766 |
Source Port: | 49704 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184970394972025019 02/02/23-13:52:31.077436 |
SID: | 2025019 |
Source Port: | 49703 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184970994972025019 02/02/23-13:53:17.202283 |
SID: | 2025019 |
Source Port: | 49709 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184972094972816766 02/02/23-13:54:23.957947 |
SID: | 2816766 |
Source Port: | 49720 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184970594972025019 02/02/23-13:52:43.940467 |
SID: | 2025019 |
Source Port: | 49705 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184971494972816766 02/02/23-13:53:44.997752 |
SID: | 2816766 |
Source Port: | 49714 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184971394972025019 02/02/23-13:53:36.615923 |
SID: | 2025019 |
Source Port: | 49713 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184970394972816766 02/02/23-13:52:32.924340 |
SID: | 2816766 |
Source Port: | 49703 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184971894972025019 02/02/23-13:54:08.817214 |
SID: | 2025019 |
Source Port: | 49718 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184972094972025019 02/02/23-13:54:21.603489 |
SID: | 2025019 |
Source Port: | 49720 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184970794972816766 02/02/23-13:53:12.773010 |
SID: | 2816766 |
Source Port: | 49707 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.5216.218.135.1184971394972816766 02/02/23-13:53:38.843314 |
SID: | 2816766 |
Source Port: | 49713 |
Destination Port: | 9497 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Avira: |
Source: | ReversingLabs: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: |
Source: | DNS query: |
Source: | ASN Name: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | Code function: | 0_2_02632D56 |
Source: | Binary or memory string: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_025C2FA8 | |
Source: | Code function: | 0_2_025C23A0 | |
Source: | Code function: | 0_2_025CB0E8 | |
Source: | Code function: | 0_2_025C89D8 | |
Source: | Code function: | 0_2_025C969F | |
Source: | Code function: | 0_2_025C306F | |
Source: | Code function: | 0_2_025C95D8 | |
Source: | Code function: | 5_2_04CB2FA8 | |
Source: | Code function: | 5_2_04CB23A0 | |
Source: | Code function: | 5_2_04CB3850 | |
Source: | Code function: | 5_2_04CB306F | |
Source: | Code function: | 6_2_03053850 | |
Source: | Code function: | 6_2_030523A0 | |
Source: | Code function: | 6_2_03052FA8 | |
Source: | Code function: | 6_2_0305306F |
Source: | Code function: | 0_2_026332A2 | |
Source: | Code function: | 0_2_02633267 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_02633062 | |
Source: | Code function: | 0_2_0263302B |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Static file information: | |||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_0263169A |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_0263289A | |
Source: | Code function: | 0_2_02632848 |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 1 Access Token Manipulation | 2 Masquerading | 11 Input Capture | 11 Security Software Discovery | Remote Services | 11 Input Capture | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 12 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 2 Process Discovery | Remote Desktop Protocol | 11 Archive Collected Data | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 Scheduled Task/Job | 21 Virtualization/Sandbox Evasion | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Remote Access Software | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Access Token Manipulation | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 12 Process Injection | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | 1 Non-Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 3 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | 21 Application Layer Protocol | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Hidden Files and Directories | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 12 Software Packing | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Timestomp | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
97% | ReversingLabs | ByteCode-MSIL.Backdoor.NanoCore | ||
77% | Virustotal | Browse | ||
100% | Avira | TR/Dropper.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Dropper.Gen | ||
100% | Joe Sandbox ML | |||
97% | ReversingLabs | ByteCode-MSIL.Backdoor.NanoCore |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1208316 | Download File | ||
100% | Avira | TR/NanoCore.fadte | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
9% | Virustotal | Browse | ||
3% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
9% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
doc4.ddns.net | 216.218.135.118 | true | true |
| unknown |
donald30m.gleeze.com | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
216.218.135.118 | doc4.ddns.net | United States | 6939 | HURRICANEUS | true |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 796996 |
Start date and time: | 2023-02-02 13:51:27 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@9/8@45/1 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ctldl.windowsupdate.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
13:52:29 | API Interceptor | |
13:52:31 | Task Scheduler | |
13:52:31 | Task Scheduler | |
13:52:32 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
216.218.135.118 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HURRICANEUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Users\user\Desktop\Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 208192 |
Entropy (8bit): | 7.452519436311911 |
Encrypted: | false |
SSDEEP: | 6144:nLV6Bta6dtJmakIM57s7UBmOKqVotp/wK328:nLV6BtpmkBQmGuAK328 |
MD5: | E587236CB6E5CCF2497AB08B245F724F |
SHA1: | 8B9F158FD574C4E982EC73E2368EBB4F6E4B566B |
SHA-256: | 249A4AF8064C560426FC8AEA6FC23EE47A24BA800628D805F9EB0653B8E1D4F9 |
SHA-512: | 79BDF02544E533312D2BD9D5D899690A59E2713F6958210E30B8A41699B7752EE8EE939C4FCACFC5E57A1E22BE21F228BFDEC5990D24C1D23D403F65383B0CAD |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe.log
Download File
Process: | C:\Users\user\Desktop\Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 525 |
Entropy (8bit): | 5.2874233355119316 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T |
MD5: | 61CCF53571C9ABA6511D696CB0D32E45 |
SHA1: | A13A42A20EC14942F52DB20FB16A0A520F8183CE |
SHA-256: | 3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B |
SHA-512: | 90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F |
Malicious: | true |
Preview: |
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 525 |
Entropy (8bit): | 5.2874233355119316 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T |
MD5: | 61CCF53571C9ABA6511D696CB0D32E45 |
SHA1: | A13A42A20EC14942F52DB20FB16A0A520F8183CE |
SHA-256: | 3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B |
SHA-512: | 90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1336 |
Entropy (8bit): | 5.155039726320282 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0PuL+mGIaxtn:cbk4oL600QydbQxIYODOLedq3S88j |
MD5: | 48F81422D81C15F6FEB04712FA462929 |
SHA1: | 54B98A94C873D79855E2806FCE3BF7595BDDAB36 |
SHA-256: | 77322090BB966A60FB35A96818844E8EEC195EDE49506403FD30D13315CF384E |
SHA-512: | 28F72799A3867282529E38141BC4FB454C6843D3DC8DED4D9384A7B186A7B9E54F83D28DDF95EF92D92D6E51AB687A928BFD7A3641E0BF353B48BFC4A6D92A5D |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1310 |
Entropy (8bit): | 5.109425792877704 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j |
MD5: | 5C2F41CFC6F988C859DA7D727AC2B62A |
SHA1: | 68999C85FC7E37BAB9216E0099836D40D4545C1C |
SHA-256: | 98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B |
SHA-512: | B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:eQh7t:eQZt |
MD5: | 3CBD21D820A416CE1F45D62B147FA3CD |
SHA1: | 51CDCBD1B4B1483FAD4341D6FA7344F7012A7E5D |
SHA-256: | 1998F131D77CE0373D863042818B8A524A2A8336C8CB089D80287402E7A42B47 |
SHA-512: | FDEF9C4C21C8B53BAC3EA192C0EB48786EC39EABFC3105F87C735B0F07D6124B52EB710652AF5E2A1F8393928D760644018FB4D7E78BA2A3AEAD769FB0823323 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73 |
Entropy (8bit): | 4.84545516864142 |
Encrypted: | false |
SSDEEP: | 3:oNUWJRWxXUELLo22q+qgTRGGfWjC:oNNJAuEgJq+HGGfWjC |
MD5: | 1651BC143CC1BD2E5044B75929ED5180 |
SHA1: | 893475F94E765C92D08821CEBD0F72181884B8C7 |
SHA-256: | 34D493A6599BE5BF5CBFCCEA666D545AD33D9A85556ACA4E1219FEACB38D14A1 |
SHA-512: | 2355872BF1572ABB70FFB53076DC746D86300006832B9B2837420F5A74AC0732CCD10C1F72AC67F3245367FDA49E4C0561DA46F5DC55FCB7D33B8AF1057F19F1 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.452519436311911 |
TrID: |
|
File name: | Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe |
File size: | 208192 |
MD5: | e587236cb6e5ccf2497ab08b245f724f |
SHA1: | 8b9f158fd574c4e982ec73e2368ebb4f6e4b566b |
SHA256: | 249a4af8064c560426fc8aea6fc23ee47a24ba800628d805f9eb0653b8e1d4f9 |
SHA512: | 79bdf02544e533312d2bd9d5d899690a59e2713f6958210e30b8a41699b7752ee8ee939c4fcacfc5e57a1e22be21f228bfdec5990d24c1d23d403f65383b0cad |
SSDEEP: | 6144:nLV6Bta6dtJmakIM57s7UBmOKqVotp/wK328:nLV6BtpmkBQmGuAK328 |
TLSH: | 3014CF2677A84A2FE2DE86BD702251168379C2E398C3F7DE28D451B78F167E10A471D3 |
File Content Preview: | MZ......................@.............................................m..:.^r.V.is program cannot be run in DOS mode....$.......PE..L...u9^..x8..................b........... ........@.. .................................... ................................ |
Icon Hash: | 00828e8e8686b000 |
Entrypoint: | 0x41e792 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | HIGH_ENTROPY_VA |
Time Stamp: | 0x9E5E3975 [Fri Mar 13 00:40:21 2054 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add cl, ah |
xor dword ptr [esi-24h], FFFFFFD7h |
push edx |
sub dword ptr [ecx], ecx |
pop edi |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1e738 | 0x57 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x22000 | 0x15fd8 | .elo |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x20000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x1c800 | 0x1c800 | False | 0.5946494654605263 | data | 6.598686715608938 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.reloc | 0x20000 | 0x200 | 0x200 | False | 0.076171875 | data | 0.32171607431271465 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.elo | 0x22000 | 0x15fd8 | 0x16000 | False | 1.0003107244318181 | data | 7.9978558519507255 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_RCDATA | 0x22058 | 0x15f80 | data |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.5216.218.135.1184970494972025019 02/02/23-13:52:37.416548 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184971494972025019 02/02/23-13:53:43.248786 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184970494972816718 02/02/23-13:52:37.610379 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184971994972816766 02/02/23-13:54:17.287135 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184970794972025019 02/02/23-13:53:11.027058 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184970694972816766 02/02/23-13:53:06.659044 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184971694972816766 02/02/23-13:53:51.482545 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184971894972816766 02/02/23-13:54:10.762374 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184971394972816718 02/02/23-13:53:38.638029 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184970594972816766 02/02/23-13:52:47.006733 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184971694972025019 02/02/23-13:53:49.540253 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184970694972025019 02/02/23-13:53:04.914468 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184970994972816766 02/02/23-13:53:19.141097 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184971994972025019 02/02/23-13:54:15.331062 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184970494972816766 02/02/23-13:52:39.164512 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184970394972025019 02/02/23-13:52:31.077436 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184970994972025019 02/02/23-13:53:17.202283 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184972094972816766 02/02/23-13:54:23.957947 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184970594972025019 02/02/23-13:52:43.940467 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184971494972816766 02/02/23-13:53:44.997752 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184971394972025019 02/02/23-13:53:36.615923 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184970394972816766 02/02/23-13:52:32.924340 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184971894972025019 02/02/23-13:54:08.817214 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184972094972025019 02/02/23-13:54:21.603489 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184970794972816766 02/02/23-13:53:12.773010 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
192.168.2.5216.218.135.1184971394972816766 02/02/23-13:53:38.843314 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 2, 2023 13:52:30.829849005 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:31.024633884 CET | 9497 | 49703 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:31.024909019 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:31.077435970 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:31.271203995 CET | 9497 | 49703 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:31.368933916 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:31.565625906 CET | 9497 | 49703 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:31.565787077 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:31.759715080 CET | 9497 | 49703 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:31.759888887 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:31.953443050 CET | 9497 | 49703 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:31.953566074 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:32.149359941 CET | 9497 | 49703 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:32.149508953 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:32.343123913 CET | 9497 | 49703 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:32.343324900 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:32.536889076 CET | 9497 | 49703 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:32.536986113 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:32.730629921 CET | 9497 | 49703 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:32.730711937 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:32.924274921 CET | 9497 | 49703 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:32.924340010 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:33.032847881 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:33.117907047 CET | 9497 | 49703 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:33.117973089 CET | 49703 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:37.220767975 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:37.415462971 CET | 9497 | 49704 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:37.415747881 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:37.416548014 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:37.610068083 CET | 9497 | 49704 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:37.610378981 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:37.804006100 CET | 9497 | 49704 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:37.804152012 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:37.997829914 CET | 9497 | 49704 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:37.997968912 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:38.191600084 CET | 9497 | 49704 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:38.191828012 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:38.386626959 CET | 9497 | 49704 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:38.386846066 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:38.580442905 CET | 9497 | 49704 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:38.580596924 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:38.776628017 CET | 9497 | 49704 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:38.776709080 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:38.970408916 CET | 9497 | 49704 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:38.970501900 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:39.164345026 CET | 9497 | 49704 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:39.164511919 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:39.269047976 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:39.358289003 CET | 9497 | 49704 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:39.358375072 CET | 49704 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:43.746020079 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:43.939932108 CET | 9497 | 49705 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:43.940032005 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:43.940466881 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:44.134073019 CET | 9497 | 49705 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:44.134223938 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:44.328047037 CET | 9497 | 49705 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:44.918446064 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:45.112292051 CET | 9497 | 49705 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:45.454889059 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:45.648586988 CET | 9497 | 49705 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:45.648741007 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:45.843472958 CET | 9497 | 49705 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:45.843571901 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:46.037422895 CET | 9497 | 49705 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:46.037647009 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:46.231372118 CET | 9497 | 49705 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:46.231483936 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:46.425019979 CET | 9497 | 49705 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:46.425132990 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:46.618844986 CET | 9497 | 49705 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:46.619046926 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:46.812693119 CET | 9497 | 49705 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:46.812881947 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:47.006531954 CET | 9497 | 49705 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:47.006732941 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:47.017621994 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:52:47.200439930 CET | 9497 | 49705 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:52:47.200515985 CET | 49705 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:04.719393969 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:04.913069963 CET | 9497 | 49706 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:04.913290977 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:04.914468050 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:05.108067989 CET | 9497 | 49706 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:05.108247995 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:05.301942110 CET | 9497 | 49706 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:05.302042961 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:05.495675087 CET | 9497 | 49706 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:05.495810986 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:05.689413071 CET | 9497 | 49706 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:05.689577103 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:05.883318901 CET | 9497 | 49706 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:05.883480072 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:06.077214956 CET | 9497 | 49706 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:06.077378035 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:06.271008015 CET | 9497 | 49706 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:06.271168947 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:06.465250015 CET | 9497 | 49706 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:06.465341091 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:06.658847094 CET | 9497 | 49706 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:06.659044027 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:06.710011005 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:06.852667093 CET | 9497 | 49706 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:06.852749109 CET | 49706 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:10.821918964 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:11.017966032 CET | 9497 | 49707 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:11.020050049 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:11.027057886 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:11.220664978 CET | 9497 | 49707 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:11.220921040 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:11.414706945 CET | 9497 | 49707 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:11.414900064 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:11.608634949 CET | 9497 | 49707 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:11.608823061 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:11.802464962 CET | 9497 | 49707 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:11.802664042 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:11.996355057 CET | 9497 | 49707 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:11.996543884 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:12.190224886 CET | 9497 | 49707 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:12.190494061 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:12.384372950 CET | 9497 | 49707 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:12.384509087 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:12.578151941 CET | 9497 | 49707 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:12.578375101 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:12.772917986 CET | 9497 | 49707 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:12.773010015 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:12.941678047 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:12.966659069 CET | 9497 | 49707 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:12.966793060 CET | 49707 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:17.002775908 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:17.196350098 CET | 9497 | 49709 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:17.201674938 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:17.202282906 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:17.395678043 CET | 9497 | 49709 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:17.395814896 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:17.589837074 CET | 9497 | 49709 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:17.591600895 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:17.785065889 CET | 9497 | 49709 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:17.785136938 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:17.978652954 CET | 9497 | 49709 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:17.978806019 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:18.172389984 CET | 9497 | 49709 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:18.172568083 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:18.366384983 CET | 9497 | 49709 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:18.366517067 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:18.560024023 CET | 9497 | 49709 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:18.560106039 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:18.753727913 CET | 9497 | 49709 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:18.753884077 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:18.947449923 CET | 9497 | 49709 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:18.947520018 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:19.141021013 CET | 9497 | 49709 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:19.141097069 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:19.276772976 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:19.334778070 CET | 9497 | 49709 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:19.334903002 CET | 49709 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:36.417644978 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:36.611519098 CET | 9497 | 49713 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:36.615434885 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:36.615922928 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:36.809602976 CET | 9497 | 49713 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:36.809833050 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:37.004549980 CET | 9497 | 49713 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:37.004823923 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:37.198513031 CET | 9497 | 49713 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:37.198765039 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:37.392463923 CET | 9497 | 49713 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:37.392556906 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:37.586257935 CET | 9497 | 49713 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:37.651631117 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:37.845367908 CET | 9497 | 49713 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:37.845593929 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:38.039061069 CET | 9497 | 49713 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:38.039258957 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:38.234164953 CET | 9497 | 49713 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:38.250519037 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:38.444184065 CET | 9497 | 49713 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:38.444255114 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:38.637862921 CET | 9497 | 49713 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:38.638029099 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:38.831722021 CET | 9497 | 49713 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:38.843313932 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:38.900336027 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:39.036957026 CET | 9497 | 49713 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:39.037096024 CET | 49713 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:43.054281950 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:43.248070002 CET | 9497 | 49714 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:43.248208046 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:43.248785973 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:43.442301989 CET | 9497 | 49714 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:43.442395926 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:43.635895014 CET | 9497 | 49714 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:43.636007071 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:43.829680920 CET | 9497 | 49714 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:43.829857111 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:44.023576975 CET | 9497 | 49714 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:44.023708105 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:44.219997883 CET | 9497 | 49714 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:44.220154047 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:44.413901091 CET | 9497 | 49714 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:44.414060116 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:44.607614994 CET | 9497 | 49714 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:44.607796907 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:44.801362038 CET | 9497 | 49714 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:44.802927017 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:44.996808052 CET | 9497 | 49714 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:44.997751951 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:45.144700050 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:45.191940069 CET | 9497 | 49714 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:45.192037106 CET | 49714 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:49.345537901 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:49.539211988 CET | 9497 | 49716 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:49.539432049 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:49.540252924 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:49.733867884 CET | 9497 | 49716 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:49.733930111 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:49.927587032 CET | 9497 | 49716 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:49.927778006 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:50.121510029 CET | 9497 | 49716 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:50.121577978 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:50.315298080 CET | 9497 | 49716 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:50.315361977 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:50.508930922 CET | 9497 | 49716 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:50.509052992 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:50.702768087 CET | 9497 | 49716 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:50.702831984 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:50.896380901 CET | 9497 | 49716 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:50.896498919 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:51.090109110 CET | 9497 | 49716 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:51.092561960 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:51.286247969 CET | 9497 | 49716 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:51.288614988 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:51.482384920 CET | 9497 | 49716 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:51.482544899 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:51.524559021 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:53:51.676199913 CET | 9497 | 49716 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:53:51.676383018 CET | 49716 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:08.621844053 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:08.815406084 CET | 9497 | 49718 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:08.815546036 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:08.817214012 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:09.011240005 CET | 9497 | 49718 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:09.011363983 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:09.205488920 CET | 9497 | 49718 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:09.205636978 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:09.399292946 CET | 9497 | 49718 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:09.399410009 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:09.593106985 CET | 9497 | 49718 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:09.593204021 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:09.786977053 CET | 9497 | 49718 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:09.787226915 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:09.980988979 CET | 9497 | 49718 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:09.981149912 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:10.174822092 CET | 9497 | 49718 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:10.178330898 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:10.371978045 CET | 9497 | 49718 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:10.372076988 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:10.565927982 CET | 9497 | 49718 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:10.566329956 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:10.760448933 CET | 9497 | 49718 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:10.762373924 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:10.853857994 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:10.956805944 CET | 9497 | 49718 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:10.957012892 CET | 49718 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:15.136596918 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:15.330430031 CET | 9497 | 49719 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:15.330593109 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:15.331062078 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:15.524929047 CET | 9497 | 49719 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:15.525039911 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:15.718924999 CET | 9497 | 49719 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:15.719050884 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:15.912854910 CET | 9497 | 49719 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:15.913419008 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:16.107265949 CET | 9497 | 49719 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:16.108809948 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:16.302495956 CET | 9497 | 49719 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:16.303688049 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:16.497535944 CET | 9497 | 49719 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:16.510447025 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:16.704261065 CET | 9497 | 49719 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:16.705559015 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:16.899251938 CET | 9497 | 49719 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:16.899420023 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:17.093195915 CET | 9497 | 49719 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:17.093288898 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:17.286986113 CET | 9497 | 49719 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:17.287134886 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:17.369967937 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:17.480900049 CET | 9497 | 49719 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:17.481010914 CET | 49719 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:21.408477068 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:21.602227926 CET | 9497 | 49720 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:21.602524996 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:21.603488922 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:21.798868895 CET | 9497 | 49720 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:21.799105883 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:21.993617058 CET | 9497 | 49720 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:21.993865013 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:22.188983917 CET | 9497 | 49720 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:22.192886114 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:22.386641979 CET | 9497 | 49720 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:22.386770010 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:22.582377911 CET | 9497 | 49720 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:22.585228920 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:22.779031992 CET | 9497 | 49720 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:22.866168022 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:23.061801910 CET | 9497 | 49720 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:23.131539106 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:23.325159073 CET | 9497 | 49720 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:23.325248003 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:23.521729946 CET | 9497 | 49720 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:23.524662018 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:23.718308926 CET | 9497 | 49720 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:23.748761892 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:23.942408085 CET | 9497 | 49720 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:23.957947016 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Feb 2, 2023 13:54:24.151429892 CET | 9497 | 49720 | 216.218.135.118 | 192.168.2.5 |
Feb 2, 2023 13:54:24.376276016 CET | 49720 | 9497 | 192.168.2.5 | 216.218.135.118 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 2, 2023 13:52:30.785638094 CET | 49177 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:52:30.809514999 CET | 53 | 49177 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:52:37.192082882 CET | 49724 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:52:37.213845968 CET | 53 | 49724 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:52:43.715668917 CET | 61452 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:52:43.735198975 CET | 53 | 61452 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:52:51.099303961 CET | 65323 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:52:51.274023056 CET | 53 | 65323 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:52:51.381551981 CET | 51484 | 53 | 192.168.2.5 | 8.8.4.4 |
Feb 2, 2023 13:52:51.401228905 CET | 53 | 51484 | 8.8.4.4 | 192.168.2.5 |
Feb 2, 2023 13:52:51.439233065 CET | 63446 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:52:51.609329939 CET | 53 | 63446 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:52:55.884648085 CET | 56751 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:52:56.024313927 CET | 53 | 56751 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:52:56.089971066 CET | 55039 | 53 | 192.168.2.5 | 8.8.4.4 |
Feb 2, 2023 13:52:56.109600067 CET | 53 | 55039 | 8.8.4.4 | 192.168.2.5 |
Feb 2, 2023 13:52:56.136313915 CET | 60975 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:52:56.309134007 CET | 53 | 60975 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:00.369370937 CET | 59220 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:00.388981104 CET | 53 | 59220 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:00.394347906 CET | 55068 | 53 | 192.168.2.5 | 8.8.4.4 |
Feb 2, 2023 13:53:00.413863897 CET | 53 | 55068 | 8.8.4.4 | 192.168.2.5 |
Feb 2, 2023 13:53:00.573218107 CET | 56682 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:00.590332985 CET | 53 | 56682 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:04.664993048 CET | 58532 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:04.685724974 CET | 53 | 58532 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:10.799266100 CET | 62659 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:10.820059061 CET | 53 | 62659 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:16.983659983 CET | 56263 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:17.001274109 CET | 53 | 56263 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:23.341100931 CET | 64419 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:23.513459921 CET | 53 | 64419 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:23.532455921 CET | 52688 | 53 | 192.168.2.5 | 8.8.4.4 |
Feb 2, 2023 13:53:23.550225019 CET | 53 | 52688 | 8.8.4.4 | 192.168.2.5 |
Feb 2, 2023 13:53:23.554807901 CET | 61344 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:23.576509953 CET | 53 | 61344 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:27.656083107 CET | 53972 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:27.675067902 CET | 53 | 53972 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:27.676650047 CET | 64932 | 53 | 192.168.2.5 | 8.8.4.4 |
Feb 2, 2023 13:53:27.847728014 CET | 53 | 64932 | 8.8.4.4 | 192.168.2.5 |
Feb 2, 2023 13:53:27.935981035 CET | 58472 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:27.953819990 CET | 53 | 58472 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:31.993725061 CET | 60284 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:32.013403893 CET | 53 | 60284 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:32.015000105 CET | 60019 | 53 | 192.168.2.5 | 8.8.4.4 |
Feb 2, 2023 13:53:32.032545090 CET | 53 | 60019 | 8.8.4.4 | 192.168.2.5 |
Feb 2, 2023 13:53:32.056422949 CET | 50902 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:32.075882912 CET | 53 | 50902 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:36.397737026 CET | 53823 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:36.415522099 CET | 53 | 53823 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:43.025010109 CET | 49769 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:43.046535015 CET | 53 | 49769 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:49.326673031 CET | 53555 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:49.344393969 CET | 53 | 53555 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:55.632159948 CET | 61293 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:55.652245998 CET | 53 | 61293 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:55.654360056 CET | 50086 | 53 | 192.168.2.5 | 8.8.4.4 |
Feb 2, 2023 13:53:55.673933983 CET | 53 | 50086 | 8.8.4.4 | 192.168.2.5 |
Feb 2, 2023 13:53:55.682020903 CET | 52188 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:55.701627016 CET | 53 | 52188 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:53:59.949156046 CET | 54585 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:53:59.966969967 CET | 53 | 54585 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:54:00.025202990 CET | 52100 | 53 | 192.168.2.5 | 8.8.4.4 |
Feb 2, 2023 13:54:00.045074940 CET | 53 | 52100 | 8.8.4.4 | 192.168.2.5 |
Feb 2, 2023 13:54:00.234499931 CET | 60908 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:54:00.253770113 CET | 53 | 60908 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:54:04.278805017 CET | 58623 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:54:04.296454906 CET | 53 | 58623 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:54:04.298249006 CET | 65493 | 53 | 192.168.2.5 | 8.8.4.4 |
Feb 2, 2023 13:54:04.317616940 CET | 53 | 65493 | 8.8.4.4 | 192.168.2.5 |
Feb 2, 2023 13:54:04.329217911 CET | 57482 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:54:04.349050999 CET | 53 | 57482 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:54:08.551012039 CET | 62057 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:54:08.570725918 CET | 53 | 62057 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:54:15.050424099 CET | 60294 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:54:15.067796946 CET | 53 | 60294 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:54:21.385283947 CET | 63728 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:54:21.405025959 CET | 53 | 63728 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:54:29.207783937 CET | 50077 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:54:29.229578018 CET | 53 | 50077 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:54:29.422302008 CET | 49959 | 53 | 192.168.2.5 | 8.8.4.4 |
Feb 2, 2023 13:54:29.441528082 CET | 53 | 49959 | 8.8.4.4 | 192.168.2.5 |
Feb 2, 2023 13:54:29.449975014 CET | 55609 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:54:29.470909119 CET | 53 | 55609 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:54:37.122015953 CET | 52892 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:54:37.139646053 CET | 53 | 52892 | 8.8.8.8 | 192.168.2.5 |
Feb 2, 2023 13:54:37.141393900 CET | 65330 | 53 | 192.168.2.5 | 8.8.4.4 |
Feb 2, 2023 13:54:37.159055948 CET | 53 | 65330 | 8.8.4.4 | 192.168.2.5 |
Feb 2, 2023 13:54:37.165865898 CET | 52973 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 2, 2023 13:54:37.184803963 CET | 53 | 52973 | 8.8.8.8 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Feb 2, 2023 13:52:30.785638094 CET | 192.168.2.5 | 8.8.8.8 | 0x84a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:52:37.192082882 CET | 192.168.2.5 | 8.8.8.8 | 0x1c22 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:52:43.715668917 CET | 192.168.2.5 | 8.8.8.8 | 0x33de | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:52:51.099303961 CET | 192.168.2.5 | 8.8.8.8 | 0xd6f6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:52:51.381551981 CET | 192.168.2.5 | 8.8.4.4 | 0xb8b0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:52:51.439233065 CET | 192.168.2.5 | 8.8.8.8 | 0xe20e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:52:55.884648085 CET | 192.168.2.5 | 8.8.8.8 | 0x81a3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:52:56.089971066 CET | 192.168.2.5 | 8.8.4.4 | 0x4ccf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:52:56.136313915 CET | 192.168.2.5 | 8.8.8.8 | 0xf4e4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:00.369370937 CET | 192.168.2.5 | 8.8.8.8 | 0x44a0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:00.394347906 CET | 192.168.2.5 | 8.8.4.4 | 0x83b4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:00.573218107 CET | 192.168.2.5 | 8.8.8.8 | 0x9279 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:04.664993048 CET | 192.168.2.5 | 8.8.8.8 | 0xd0ac | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:10.799266100 CET | 192.168.2.5 | 8.8.8.8 | 0xf1a6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:16.983659983 CET | 192.168.2.5 | 8.8.8.8 | 0x83b9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:23.341100931 CET | 192.168.2.5 | 8.8.8.8 | 0x9df6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:23.532455921 CET | 192.168.2.5 | 8.8.4.4 | 0x3466 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:23.554807901 CET | 192.168.2.5 | 8.8.8.8 | 0x6152 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:27.656083107 CET | 192.168.2.5 | 8.8.8.8 | 0x626d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:27.676650047 CET | 192.168.2.5 | 8.8.4.4 | 0xbe1b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:27.935981035 CET | 192.168.2.5 | 8.8.8.8 | 0x9dc2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:31.993725061 CET | 192.168.2.5 | 8.8.8.8 | 0x6900 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:32.015000105 CET | 192.168.2.5 | 8.8.4.4 | 0x2c34 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:32.056422949 CET | 192.168.2.5 | 8.8.8.8 | 0x70ec | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:36.397737026 CET | 192.168.2.5 | 8.8.8.8 | 0x7750 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:43.025010109 CET | 192.168.2.5 | 8.8.8.8 | 0x1c56 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:49.326673031 CET | 192.168.2.5 | 8.8.8.8 | 0x139b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:55.632159948 CET | 192.168.2.5 | 8.8.8.8 | 0x77fd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:55.654360056 CET | 192.168.2.5 | 8.8.4.4 | 0x4540 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:55.682020903 CET | 192.168.2.5 | 8.8.8.8 | 0x1461 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:59.949156046 CET | 192.168.2.5 | 8.8.8.8 | 0xe785 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:00.025202990 CET | 192.168.2.5 | 8.8.4.4 | 0x1f2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:00.234499931 CET | 192.168.2.5 | 8.8.8.8 | 0x434d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:04.278805017 CET | 192.168.2.5 | 8.8.8.8 | 0xb31e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:04.298249006 CET | 192.168.2.5 | 8.8.4.4 | 0x7ccc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:04.329217911 CET | 192.168.2.5 | 8.8.8.8 | 0xa5b5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:08.551012039 CET | 192.168.2.5 | 8.8.8.8 | 0x2481 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:15.050424099 CET | 192.168.2.5 | 8.8.8.8 | 0x4a5c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:21.385283947 CET | 192.168.2.5 | 8.8.8.8 | 0x9ec8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:29.207783937 CET | 192.168.2.5 | 8.8.8.8 | 0x40b9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:29.422302008 CET | 192.168.2.5 | 8.8.4.4 | 0xe659 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:29.449975014 CET | 192.168.2.5 | 8.8.8.8 | 0x4fee | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:37.122015953 CET | 192.168.2.5 | 8.8.8.8 | 0xde39 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:37.141393900 CET | 192.168.2.5 | 8.8.4.4 | 0xeb1a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:37.165865898 CET | 192.168.2.5 | 8.8.8.8 | 0x6dc4 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Feb 2, 2023 13:52:30.809514999 CET | 8.8.8.8 | 192.168.2.5 | 0x84a | No error (0) | 216.218.135.118 | A (IP address) | IN (0x0001) | false | ||
Feb 2, 2023 13:52:37.213845968 CET | 8.8.8.8 | 192.168.2.5 | 0x1c22 | No error (0) | 216.218.135.118 | A (IP address) | IN (0x0001) | false | ||
Feb 2, 2023 13:52:43.735198975 CET | 8.8.8.8 | 192.168.2.5 | 0x33de | No error (0) | 216.218.135.118 | A (IP address) | IN (0x0001) | false | ||
Feb 2, 2023 13:52:51.274023056 CET | 8.8.8.8 | 192.168.2.5 | 0xd6f6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:52:51.401228905 CET | 8.8.4.4 | 192.168.2.5 | 0xb8b0 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:52:51.609329939 CET | 8.8.8.8 | 192.168.2.5 | 0xe20e | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:52:56.024313927 CET | 8.8.8.8 | 192.168.2.5 | 0x81a3 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:52:56.109600067 CET | 8.8.4.4 | 192.168.2.5 | 0x4ccf | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:52:56.309134007 CET | 8.8.8.8 | 192.168.2.5 | 0xf4e4 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:00.388981104 CET | 8.8.8.8 | 192.168.2.5 | 0x44a0 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:00.413863897 CET | 8.8.4.4 | 192.168.2.5 | 0x83b4 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:00.590332985 CET | 8.8.8.8 | 192.168.2.5 | 0x9279 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:04.685724974 CET | 8.8.8.8 | 192.168.2.5 | 0xd0ac | No error (0) | 216.218.135.118 | A (IP address) | IN (0x0001) | false | ||
Feb 2, 2023 13:53:10.820059061 CET | 8.8.8.8 | 192.168.2.5 | 0xf1a6 | No error (0) | 216.218.135.118 | A (IP address) | IN (0x0001) | false | ||
Feb 2, 2023 13:53:17.001274109 CET | 8.8.8.8 | 192.168.2.5 | 0x83b9 | No error (0) | 216.218.135.118 | A (IP address) | IN (0x0001) | false | ||
Feb 2, 2023 13:53:23.513459921 CET | 8.8.8.8 | 192.168.2.5 | 0x9df6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:23.550225019 CET | 8.8.4.4 | 192.168.2.5 | 0x3466 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:23.576509953 CET | 8.8.8.8 | 192.168.2.5 | 0x6152 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:27.675067902 CET | 8.8.8.8 | 192.168.2.5 | 0x626d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:27.847728014 CET | 8.8.4.4 | 192.168.2.5 | 0xbe1b | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:27.953819990 CET | 8.8.8.8 | 192.168.2.5 | 0x9dc2 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:32.013403893 CET | 8.8.8.8 | 192.168.2.5 | 0x6900 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:32.032545090 CET | 8.8.4.4 | 192.168.2.5 | 0x2c34 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:32.075882912 CET | 8.8.8.8 | 192.168.2.5 | 0x70ec | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:36.415522099 CET | 8.8.8.8 | 192.168.2.5 | 0x7750 | No error (0) | 216.218.135.118 | A (IP address) | IN (0x0001) | false | ||
Feb 2, 2023 13:53:43.046535015 CET | 8.8.8.8 | 192.168.2.5 | 0x1c56 | No error (0) | 216.218.135.118 | A (IP address) | IN (0x0001) | false | ||
Feb 2, 2023 13:53:49.344393969 CET | 8.8.8.8 | 192.168.2.5 | 0x139b | No error (0) | 216.218.135.118 | A (IP address) | IN (0x0001) | false | ||
Feb 2, 2023 13:53:55.652245998 CET | 8.8.8.8 | 192.168.2.5 | 0x77fd | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:55.673933983 CET | 8.8.4.4 | 192.168.2.5 | 0x4540 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:55.701627016 CET | 8.8.8.8 | 192.168.2.5 | 0x1461 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:53:59.966969967 CET | 8.8.8.8 | 192.168.2.5 | 0xe785 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:00.045074940 CET | 8.8.4.4 | 192.168.2.5 | 0x1f2 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:00.253770113 CET | 8.8.8.8 | 192.168.2.5 | 0x434d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:04.296454906 CET | 8.8.8.8 | 192.168.2.5 | 0xb31e | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:04.317616940 CET | 8.8.4.4 | 192.168.2.5 | 0x7ccc | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:04.349050999 CET | 8.8.8.8 | 192.168.2.5 | 0xa5b5 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:08.570725918 CET | 8.8.8.8 | 192.168.2.5 | 0x2481 | No error (0) | 216.218.135.118 | A (IP address) | IN (0x0001) | false | ||
Feb 2, 2023 13:54:15.067796946 CET | 8.8.8.8 | 192.168.2.5 | 0x4a5c | No error (0) | 216.218.135.118 | A (IP address) | IN (0x0001) | false | ||
Feb 2, 2023 13:54:21.405025959 CET | 8.8.8.8 | 192.168.2.5 | 0x9ec8 | No error (0) | 216.218.135.118 | A (IP address) | IN (0x0001) | false | ||
Feb 2, 2023 13:54:29.229578018 CET | 8.8.8.8 | 192.168.2.5 | 0x40b9 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:29.441528082 CET | 8.8.4.4 | 192.168.2.5 | 0xe659 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:29.470909119 CET | 8.8.8.8 | 192.168.2.5 | 0x4fee | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:37.139646053 CET | 8.8.8.8 | 192.168.2.5 | 0xde39 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:37.159055948 CET | 8.8.4.4 | 192.168.2.5 | 0xeb1a | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 2, 2023 13:54:37.184803963 CET | 8.8.8.8 | 192.168.2.5 | 0x6dc4 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 13:52:27 |
Start date: | 02/02/2023 |
Path: | C:\Users\user\Desktop\Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2f0000 |
File size: | 208192 bytes |
MD5 hash: | E587236CB6E5CCF2497AB08B245F724F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 1 |
Start time: | 13:52:28 |
Start date: | 02/02/2023 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1280000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 13:52:28 |
Start date: | 02/02/2023 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7fcd70000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 3 |
Start time: | 13:52:29 |
Start date: | 02/02/2023 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1280000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 4 |
Start time: | 13:52:29 |
Start date: | 02/02/2023 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7fcd70000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 5 |
Start time: | 13:52:31 |
Start date: | 02/02/2023 |
Path: | C:\Users\user\Desktop\Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x4d0000 |
File size: | 208192 bytes |
MD5 hash: | E587236CB6E5CCF2497AB08B245F724F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 6 |
Start time: | 13:52:31 |
Start date: | 02/02/2023 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcb0000 |
File size: | 208192 bytes |
MD5 hash: | E587236CB6E5CCF2497AB08B245F724F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Analysis Process: Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exePID: 5044, Parent PID: 3324COMMON
Execution Graph
Execution Coverage: | 26.3% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 7.4% |
Total number of Nodes: | 257 |
Total number of Limit Nodes: | 6 |
Graph
Function 025CB0E8 Relevance: 2.2, Strings: 1, Instructions: 912COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02632848 Relevance: 1.6, APIs: 1, Instructions: 94networkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0263302B Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02632D56 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02633267 Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0263289A Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02633062 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0263169A Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026332A2 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C23A0 Relevance: .5, Instructions: 505COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C89D8 Relevance: .5, Instructions: 505COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C2FA8 Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C09A0 Relevance: 5.1, Strings: 4, Instructions: 134COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C43C0 Relevance: 5.1, Strings: 4, Instructions: 125COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C02E8 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05D70070 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C2D58 Relevance: 2.6, Strings: 2, Instructions: 134COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05D701F1 Relevance: 2.6, Strings: 2, Instructions: 86COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05D701E5 Relevance: 2.6, Strings: 2, Instructions: 86COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C12A0 Relevance: 1.7, Strings: 1, Instructions: 460COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C3B6B Relevance: 1.7, Strings: 1, Instructions: 431COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026336C5 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0263331C Relevance: 1.6, APIs: 1, Instructions: 101windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0263180C Relevance: 1.6, APIs: 1, Instructions: 98networkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02630736 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02631394 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026311CC Relevance: 1.6, APIs: 1, Instructions: 93COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02630D68 Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02631491 Relevance: 1.6, APIs: 1, Instructions: 91COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026325D0 Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02632A33 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02631EC6 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02633706 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02630E64 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02632C3D Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026313B6 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02632D36 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026318F6 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02632082 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02631EF2 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02630D8E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02630F34 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0263100F Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02630C97 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02631597 Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02630776 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026330F8 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02632C62 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02631916 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026320A2 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026331AD Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026301F4 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02632A72 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0263260E Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026314DE Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02630F66 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026315BA Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02631667 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0263104A Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02630CCE Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02630EA6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026331DE Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0263123E Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0263339E Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0263187A Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02633132 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02630232 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C1458 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C1292 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C8830 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C21F8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE710 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CDCF8 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C05BA Relevance: 1.3, Strings: 1, Instructions: 50COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CA260 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C75B8 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C05C8 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C4710 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C75C8 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C6100 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C6110 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05D70560 Relevance: .3, Instructions: 308COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C8328 Relevance: .3, Instructions: 253COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C6220 Relevance: .2, Instructions: 241COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CAB3F Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C51F2 Relevance: .2, Instructions: 227COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C4DB8 Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE8D8 Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE170 Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C7730 Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C7380 Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C7C69 Relevance: .1, Instructions: 139COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CCC38 Relevance: .1, Instructions: 135COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C0BC0 Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE8C8 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C0682 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CF8A0 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5920 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C0690 Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C6F02 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C9228 Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C6F10 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CAEE0 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05D70290 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C02DA Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5B51 Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CECA0 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE161 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE048 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CFE38 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C20D0 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CEC90 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C8800 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C45C8 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C7370 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C0006 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C50E0 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE5B9 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C8678 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CDE61 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C43D0 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C54F8 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CEE50 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C55E8 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C2C58 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C6D36 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CFD20 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5B60 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C50D0 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CEB91 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CD1E0 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C21E8 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C8C16 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C25DE Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CAED0 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CFD11 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CBF68 Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C583E Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CFA06 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5840 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CB06A Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE460 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C08B2 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5000 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C48C8 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C48B8 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C6BD8 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE451 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CDB68 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C0B18 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CC718 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5730 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C4520 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CF798 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CC838 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CCA98 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CC848 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266087C Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C2390 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C4FF0 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CC430 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C4510 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C11DF Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C55D9 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C8280 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C4788 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CFB88 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C8290 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5740 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CDB78 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CFB98 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5508 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CC421 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C1209 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CA8F0 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C6BE8 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C4798 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CA8E0 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CAA60 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C1218 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CA1F1 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C6618 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CFDB1 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266082C Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CAA70 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C6211 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C8318 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C6628 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CFCB1 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CDFA8 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE867 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5CD1 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5D5F Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C45B8 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CC70A Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5CE0 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C0918 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C0908 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C4701 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C3BC4 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CA99F Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CCA3E Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE7E9 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CFCC0 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02660938 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CFA19 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C861A Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CA208 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C57A2 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C7557 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C87A0 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CCA89 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CB020 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026605F6 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C46B8 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CDFC8 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE7F8 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C87B0 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CBC88 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C65C8 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C61A0 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CFA28 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CCA50 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE009 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05D70409 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05D70489 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C8628 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CFC77 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE838 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5DE8 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C65D8 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C76F0 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C46A7 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C02A1 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C9350 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C57F6 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE018 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C61B0 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05D70498 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C0650 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C016F Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C2D20 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5DF8 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05D704D0 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CE848 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C71A0 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05D70458 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C7BE6 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5478 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05D70259 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C0180 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C5D70 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C2D30 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C0660 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CC819 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C2EC0 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C71C4 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CD1F0 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05D704E0 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C61F1 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C95D8 Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C969F Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C306F Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025CEF58 Relevance: 10.5, Strings: 8, Instructions: 467COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C0D80 Relevance: 5.3, Strings: 4, Instructions: 253COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025C4369 Relevance: 5.0, Strings: 4, Instructions: 26COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Analysis Process: Trojan.MSIL.Agent.fpar-249a4af8064c560426fc8a.exePID: 1244, Parent PID: 1084COMMON
Execution Graph
Execution Coverage: | 24.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 60 |
Total number of Limit Nodes: | 6 |
Graph
Function 04CB3850 Relevance: 2.0, Strings: 1, Instructions: 749COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB23A0 Relevance: .5, Instructions: 505COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB2FA8 Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB09A0 Relevance: 5.2, Strings: 4, Instructions: 175COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB02E8 Relevance: 4.0, Strings: 3, Instructions: 211COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB2D58 Relevance: 2.6, Strings: 2, Instructions: 134COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB12A0 Relevance: 1.7, Strings: 1, Instructions: 460COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257AF50 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257A51F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257B7CA Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257BB4F Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257BE05 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257B71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257BEB4 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257A75B Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257A8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257BED2 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257B746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257A546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257AF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257BB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257A78A Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257B806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257A8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0257BE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB1458 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB1292 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB21F8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB05BA Relevance: 1.3, Strings: 1, Instructions: 49COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB05C8 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0268009B Relevance: .7, Instructions: 665COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB0BC0 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB2BF8 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB0682 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB02DA Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB20D0 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB21E8 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB25DE Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB003F Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB4190 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB4180 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0268087C Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB08B2 Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0268084C Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026805AF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB11DF Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB2390 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0268082C Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026805BF Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB1209 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02680869 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB1218 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB0918 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB0908 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02680938 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026805F6 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB0650 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB016F Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB02A1 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB2D20 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025723F4 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025723BC Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB0180 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB0660 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04CB2EC0 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 25% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 60 |
Total number of Limit Nodes: | 6 |
Graph
Function 03053850 Relevance: 2.0, Strings: 1, Instructions: 768COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030523A0 Relevance: .5, Instructions: 505COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03052FA8 Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030509A0 Relevance: 5.2, Strings: 4, Instructions: 175COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030502E8 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03052D58 Relevance: 2.6, Strings: 2, Instructions: 134COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030512A0 Relevance: 1.7, Strings: 1, Instructions: 460COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BAF50 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BA51F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BB7CA Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BBB4F Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BBE05 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BB71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BBEB4 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BA75B Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BA8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BBED2 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BB746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BA546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BAF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BBB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BA78A Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BB806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BA8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014BBE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03051458 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03051292 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030521F8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030505BA Relevance: 1.3, Strings: 1, Instructions: 50COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030505C8 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0311009B Relevance: .7, Instructions: 655COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03050BC0 Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03052BF8 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03050682 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030502DA Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030520D0 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03050006 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030521E8 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030525DE Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03054190 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030508B2 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03054180 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0311087C Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03052390 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030511FB Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030511DF Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03051218 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0311082C Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03050908 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03050918 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03110938 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031105F6 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030502A1 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03052D20 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03050650 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0305016F Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014B23F4 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014B23BC Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03050180 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03050660 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03052EC0 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03050D8C Relevance: 5.2, Strings: 4, Instructions: 250COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |