Windows
Analysis Report
lLX6Po7hFJ.exe
Overview
General Information
Sample name: | lLX6Po7hFJ.exerenamed because original name is a hash value |
Original sample name: | 07D9144C3B3CFE44C24F850A74FAAACC.exe |
Analysis ID: | 1429081 |
MD5: | 07d9144c3b3cfe44c24f850a74faaacc |
SHA1: | 1df82c6dbe192d9f78e137bb96c499fd5f0c93a5 |
SHA256: | 4cef1677e5e896054778060ec165cb35bcc4c923a38ea7eea43609dea20492f0 |
Tags: | exeNanoCoreRAT |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- lLX6Po7hFJ.exe (PID: 7032 cmdline:
"C:\Users\ user\Deskt op\lLX6Po7 hFJ.exe" MD5: 07D9144C3B3CFE44C24F850A74FAAACC) - schtasks.exe (PID: 7100 cmdline:
"schtasks. exe" /crea te /f /tn "DNS Host" /xml "C:\ Users\user \AppData\L ocal\Temp\ tmpC905.tm p" MD5: 48C2FE20575769DE916F48EF0676A965) - conhost.exe (PID: 7156 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - schtasks.exe (PID: 6372 cmdline:
"schtasks. exe" /crea te /f /tn "DNS Host Task" /xml "C:\Users \user\AppD ata\Local\ Temp\tmpC9 F1.tmp" MD5: 48C2FE20575769DE916F48EF0676A965) - conhost.exe (PID: 6392 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - dw20.exe (PID: 7024 cmdline:
dw20.exe - x -s 1468 MD5: 89106D4D0BA99F770EAFE946EA81BB65)
- lLX6Po7hFJ.exe (PID: 2308 cmdline:
C:\Users\u ser\Deskto p\lLX6Po7h FJ.exe 0 MD5: 07D9144C3B3CFE44C24F850A74FAAACC)
- dnshost.exe (PID: 5440 cmdline:
"C:\Progra m Files (x 86)\DNS Ho st\dnshost .exe" 0 MD5: 07D9144C3B3CFE44C24F850A74FAAACC)
- dnshost.exe (PID: 6416 cmdline:
"C:\Progra m Files (x 86)\DNS Ho st\dnshost .exe" MD5: 07D9144C3B3CFE44C24F850A74FAAACC)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Nanocore RAT, NanoCore | Nanocore is a Remote Access Tool used to steal credentials and to spy on cameras. It as been used for a while by numerous criminal actors as well as by nation state threat actors. |
{"Version": "1.2.2.0", "Mutex": "191d33a5-79e3-4242-ad2a-bdb1cfa2", "Group": "Default", "Domain1": "", "Domain2": "0.tcp.eu.ngrok.io", "Port": 11720, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "0e000100", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown |
| |
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore | detect Nanocore in memory | JPCERT/CC Incident Response Group |
| |
Click to see the 1 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown |
| |
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore | detect Nanocore in memory | JPCERT/CC Incident Response Group |
| |
Click to see the 1 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown |
| |
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore | detect Nanocore in memory | JPCERT/CC Incident Response Group |
| |
Click to see the 28 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
MALWARE_Win_NanoCore | Detects NanoCore | ditekSHen |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Windows_Trojan_Nanocore_d8c4e3c5 | unknown | unknown |
| |
Click to see the 42 entries |
AV Detection |
---|
Source: | Author: Joe Security: |
E-Banking Fraud |
---|
Source: | Author: Joe Security: |
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Persistence and Installation Behavior |
---|
Source: | Author: Joe Security: |
Stealing of Sensitive Information |
---|
Source: | Author: Joe Security: |
Remote Access Functionality |
---|
Source: | Author: Joe Security: |
Timestamp: | 04/20/24-17:17:24.137391 |
SID: | 2046914 |
Source Port: | 49740 |
Destination Port: | 11720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-17:17:36.690000 |
SID: | 2046914 |
Source Port: | 49742 |
Destination Port: | 11720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-17:17:48.359619 |
SID: | 2046914 |
Source Port: | 49744 |
Destination Port: | 11720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-17:17:53.838742 |
SID: | 2046914 |
Source Port: | 49746 |
Destination Port: | 11720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-17:18:03.957905 |
SID: | 2046914 |
Source Port: | 49748 |
Destination Port: | 11720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-17:17:03.543122 |
SID: | 2816718 |
Source Port: | 49731 |
Destination Port: | 11720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-17:17:42.667256 |
SID: | 2046914 |
Source Port: | 49743 |
Destination Port: | 11720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-17:17:58.848463 |
SID: | 2046914 |
Source Port: | 49747 |
Destination Port: | 11720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-17:17:11.936397 |
SID: | 2046914 |
Source Port: | 49732 |
Destination Port: | 11720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-17:17:04.378880 |
SID: | 2046914 |
Source Port: | 49731 |
Destination Port: | 11720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-17:17:18.030331 |
SID: | 2046914 |
Source Port: | 49739 |
Destination Port: | 11720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-17:16:58.191892 |
SID: | 2046914 |
Source Port: | 49730 |
Destination Port: | 11720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-17:17:31.011935 |
SID: | 2046914 |
Source Port: | 49741 |
Destination Port: | 11720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | Code function: | 0_2_05802D56 |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Binary or memory string: | memstr_74eedc1b-d |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_05803562 | |
Source: | Code function: | 0_2_05803527 |
Source: | Code function: | 0_2_019C8988 | |
Source: | Code function: | 0_2_019CB028 | |
Source: | Code function: | 0_2_019C3850 | |
Source: | Code function: | 0_2_019C2FA8 | |
Source: | Code function: | 0_2_019C23A0 | |
Source: | Code function: | 0_2_019C9588 | |
Source: | Code function: | 0_2_019C306F | |
Source: | Code function: | 0_2_019C964F | |
Source: | Code function: | 5_2_04AF2FA8 | |
Source: | Code function: | 5_2_04AF23A0 | |
Source: | Code function: | 5_2_04AF3850 | |
Source: | Code function: | 5_2_04AF306F | |
Source: | Code function: | 6_2_04B023A0 | |
Source: | Code function: | 6_2_04B02FA8 | |
Source: | Code function: | 6_2_04B0306F | |
Source: | Code function: | 7_2_05753850 | |
Source: | Code function: | 7_2_057523A0 | |
Source: | Code function: | 7_2_05752FA8 | |
Source: | Code function: | 7_2_0575306F |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | Code function: | 0_2_05803322 | |
Source: | Code function: | 0_2_058032EB |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_01567539 | |
Source: | Code function: | 0_2_0156752D | |
Source: | Code function: | 0_2_01569DB1 | |
Source: | Code function: | 0_2_01569DAD | |
Source: | Code function: | 0_2_018504C4 |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Process created: |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_0580169A |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_0580289A | |
Source: | Code function: | 0_2_05802848 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 1 Access Token Manipulation | 2 Masquerading | 11 Input Capture | 111 Security Software Discovery | Remote Services | 11 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 12 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 2 Process Discovery | Remote Desktop Protocol | 11 Archive Collected Data | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 1 DLL Side-Loading | 1 Scheduled Task/Job | 31 Virtualization/Sandbox Evasion | Security Account Manager | 31 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Remote Access Software | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 1 DLL Side-Loading | 12 Process Injection | LSA Secrets | 3 System Information Discovery | SSH | Keylogging | 1 Non-Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | 11 Application Layer Protocol | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Hidden Files and Directories | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Obfuscated Files or Information | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 11 Software Packing | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 1 DLL Side-Loading | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
97% | ReversingLabs | ByteCode-MSIL.Backdoor.NanoCore | ||
90% | Virustotal | Browse | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Dropper.MSIL.Gen7 | ||
100% | Joe Sandbox ML | |||
97% | ReversingLabs | ByteCode-MSIL.Backdoor.NanoCore | ||
90% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
16% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
16% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
0.tcp.eu.ngrok.io | 3.125.223.134 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | low | ||
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
3.125.223.134 | 0.tcp.eu.ngrok.io | United States | 16509 | AMAZON-02US | true | |
18.192.31.165 | unknown | United States | 16509 | AMAZON-02US | true | |
18.158.249.75 | unknown | United States | 16509 | AMAZON-02US | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1429081 |
Start date and time: | 2024-04-20 17:16:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | lLX6Po7hFJ.exerenamed because original name is a hash value |
Original Sample Name: | 07D9144C3B3CFE44C24F850A74FAAACC.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@12/12@18/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.168.117.173
- Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
16:16:56 | Autostart | |
16:16:57 | Task Scheduler | |
16:16:57 | Task Scheduler | |
17:16:55 | API Interceptor | |
17:18:40 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3.125.223.134 | Get hash | malicious | Njrat | Browse | ||
Get hash | malicious | Njrat | Browse | |||
Get hash | malicious | Njrat | Browse | |||
Get hash | malicious | Njrat | Browse | |||
Get hash | malicious | Njrat | Browse | |||
Get hash | malicious | Njrat | Browse | |||
Get hash | malicious | GhostRat | Browse | |||
Get hash | malicious | Njrat | Browse | |||
Get hash | malicious | Njrat | Browse | |||
Get hash | malicious | Njrat | Browse | |||
18.192.31.165 | Get hash | malicious | Unknown | Browse |
| |
18.158.249.75 | Get hash | malicious | CVE-2021-40444 | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
0.tcp.eu.ngrok.io | Get hash | malicious | Njrat | Browse |
| |
Get hash | malicious | DarkComet | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Njrat | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AMAZON-02US | Get hash | malicious | LummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
AMAZON-02US | Get hash | malicious | LummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
AMAZON-02US | Get hash | malicious | LummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Process: | C:\Users\user\Desktop\lLX6Po7hFJ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 207872 |
Entropy (8bit): | 7.4489272119388685 |
Encrypted: | false |
SSDEEP: | 6144:sLV6Bta6dtJmakIM51O3JM1fMKQqa7FPp0k4v:sLV6BtpmkBGpC78v |
MD5: | 07D9144C3B3CFE44C24F850A74FAAACC |
SHA1: | 1DF82C6DBE192D9F78E137BB96C499FD5F0C93A5 |
SHA-256: | 4CEF1677E5E896054778060EC165CB35BCC4C923A38EA7EEA43609DEA20492F0 |
SHA-512: | 39120F944F46DFA34F0D4A2E59A9BDB74A76D9F69B55C054969A96666B0366651BCC2A0AB4A48F3243A2046E961F43FBA5E13D5B04248EEAE0F86B7428133584 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\lLX6Po7hFJ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lLX6Po7hFJ.exe_52236c2e729429a1e3187843149972c92a6f610_00000000_229a7c85-0bb3-4dc3-8de8-e15575f19acb\Report.wer
Download File
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0345274919822214 |
Encrypted: | false |
SSDEEP: | 192:RWyBBYjGRVLqaRY9wHloympeFCyb42QUmzuiF0Z24IO8:cyBBEGRV2aaahmzuiF0Y4IO8 |
MD5: | 45AC5D04AB82DC416F086B99D3C8817B |
SHA1: | FFED13DDF89DE9DA782B608A6491C51445BD0D13 |
SHA-256: | 608CB8218DF4FD6DDF0D9D92C95A3C2A4227E791A52FE37416C98413933DB410 |
SHA-512: | 6FC2B0C6B087565E21C6CE9126E627224100DFA567ED454F96094AFDCDA606018959DF6B5A8D1BCE4E49FD1FD00BE9FDC7348269911A7F3F5EB48D9D12B02B86 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7636 |
Entropy (8bit): | 3.7103030667580272 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJFM6Rur6Y9tSU1gmfnrap1uw1fBUam:R6lXJ+6Ir6Y3SU1gmfnrmu6fBo |
MD5: | 06AE7FF2C574C987FFA1E657BA9560BC |
SHA1: | 7E6F5B97BC6F5F455EE6C634EE6474B06661DAA2 |
SHA-256: | 2F546EF5F63D14646B3C2D1453590FFC855FA794F02914BB86D98E682697CB3D |
SHA-512: | D4A1A1551CDC81077493A6EE2C5A08F7854E9034E1434A829226AFE0C8BD474DA4CB55FA58FEC1D7C1624DA99E513689A066A0F2B98F590CEB6CBD701EED3511 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4546 |
Entropy (8bit): | 4.497031625511132 |
Encrypted: | false |
SSDEEP: | 96:uIjf8I7dx7VqBJFKoPHQJPHO2zft7tyOd:uIQYdx7gTRHIHTzFp3 |
MD5: | CCCC460ECF339FF2EA9B1D59241485B0 |
SHA1: | 229A8A921452BA4E05781742F483B6E709A96154 |
SHA-256: | 5A3EE79478901BDB0871A34FFB33A2EDEF4C1B9C27291AB1CFBDE6BBDFA47478 |
SHA-512: | E1C00367E4227E98B60FFCC9778CDF609ADE5E48EB00EF1538E00C6838396B2A33C09D778760BFB71DD672A90203F30F5D0926C51880FECE96BCA3CC4F4ADE2E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\DNS Host\dnshost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 525 |
Entropy (8bit): | 5.259753436570609 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU2C9XAn10U29xtUz1B0U2uk71K6xhk70Ug+9pfu9tv:MLF2CpI329Iz52VMzffuT |
MD5: | BAF1CCDBBF490EC9AD4777DEA18A088E |
SHA1: | 182D70FB02C352E77B48E8659283D448143AE92B |
SHA-256: | 7712762A17AA3E6D3F233930BF94E91878F87A9C1C3010AC5346A4E615197E81 |
SHA-512: | 53B86FAC03DD2FA75D140143C9B1D7F49FC1E9605DAE1B894910848864D153F239676B0AF37E5666EA9E606EED8F3BF180846ADC6DB82B7840F3C1AC2EFCDEA8 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\lLX6Po7hFJ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 525 |
Entropy (8bit): | 5.259753436570609 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU2C9XAn10U29xtUz1B0U2uk71K6xhk70Ug+9pfu9tv:MLF2CpI329Iz52VMzffuT |
MD5: | BAF1CCDBBF490EC9AD4777DEA18A088E |
SHA1: | 182D70FB02C352E77B48E8659283D448143AE92B |
SHA-256: | 7712762A17AA3E6D3F233930BF94E91878F87A9C1C3010AC5346A4E615197E81 |
SHA-512: | 53B86FAC03DD2FA75D140143C9B1D7F49FC1E9605DAE1B894910848864D153F239676B0AF37E5666EA9E606EED8F3BF180846ADC6DB82B7840F3C1AC2EFCDEA8 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\lLX6Po7hFJ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1300 |
Entropy (8bit): | 5.118096768456212 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0Yg8xtn:cbk4oL600QydbQxIYODOLedq3s8j |
MD5: | 8F65F715E996FD5CC73C3A8AE48A817B |
SHA1: | 05D08CB7E77CBBE7A97D2113E07561864313344D |
SHA-256: | 077A6B8A6BFB2B94896CBB6B291F56AC64182522C757557BD1277DCC66E0901B |
SHA-512: | 46F47AE857A8CAC285F60E3EA2A277243462E554157DE79E81C99983C4B7F352E93E0A0506931E85EFB7242B52D8A47C1413171DB03BAA1511FFFFAB1C464EF2 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\lLX6Po7hFJ.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1306 |
Entropy (8bit): | 5.104451641222393 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R9lxtn:cbk4oL600QydbQxIYODOLedq3S9lj |
MD5: | CFD32F0E8DBE9B358E7445116E8FC086 |
SHA1: | 00D89923A223372FAC166743853397ABD974825B |
SHA-256: | 3662F5D5D156CFA337FF07F335FC9D34B46E66DB3A7A2CF69C820DD4BA273ADD |
SHA-512: | A190E08EDA457DF3FA3C25AA4C1211DDB8377B2C04BB3B16110F5C0FF1E440A709A1FB6543357C8625C323A1BF4E52ECF74115C1382A6EC10BBA657F42DF5014 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\lLX6Po7hFJ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 2.75 |
Encrypted: | false |
SSDEEP: | 3:FHt:f |
MD5: | FC0600FACC59FE2D0642FC881E3EB415 |
SHA1: | 46E1C2A187E1156B4F90672E785536666E51A45C |
SHA-256: | 8B69D02B871B5BAC24D06595EA28D3FC50139E541618C0EFC356882440545D1D |
SHA-512: | 599495F6AFEB6B863FDE0184F49AC03BFC2B611C21998D0DB76685A2B0F0F0DDEEE044DBB1B5ADC665ACA5535D7AB4289286AFC162CB29D3EEB0BA690E170E7E |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\lLX6Po7hFJ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 37 |
Entropy (8bit): | 4.334736393288403 |
Encrypted: | false |
SSDEEP: | 3:oNt+WfWJp9iA:oNwv9iA |
MD5: | D12CA04ABAF993D6BA8F8E7BB5DF88DB |
SHA1: | B5A164408E1279CA4295D7CFAF29D305EB4A5CDB |
SHA-256: | 99D75FD0E6A554301FAE723713FCB380451333D6C1BA27BA52FF6D565C78EB6D |
SHA-512: | 3651BBEE4C684188A4EEFF39A4DC5261016E795B1EF18738912A1B79DFF091C50A77FE51DE7355F9B2AA7D1C1927F0587CC7682059559BF5171C763467058A33 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.465375589575937 |
Encrypted: | false |
SSDEEP: | 6144:PIXfpi67eLPU9skLmb0b4gWSPKaJG8nAgejZMMhA2gX4WABl0uNpdwBCswSbt:gXD94gWlLZMM6YFH/+t |
MD5: | 34D2EFF39BC07BC5A34A8797A604FB63 |
SHA1: | 096C8EEEFD9D54FA74C80BB11C55579DC0C49E2A |
SHA-256: | CA58A15A01CAEBF18EAC4E6193BC3091708159010B49793FAA5F29109098F229 |
SHA-512: | C683757241CDD7AA462D1D59F3132095456BE67278A3E75444AF9BF0B6A6ABB62EB36612FC7108193895A7EC73B2AA24CAA1577FA1E38701FD0B0F23A0834852 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.4489272119388685 |
TrID: |
|
File name: | lLX6Po7hFJ.exe |
File size: | 207'872 bytes |
MD5: | 07d9144c3b3cfe44c24f850a74faaacc |
SHA1: | 1df82c6dbe192d9f78e137bb96c499fd5f0c93a5 |
SHA256: | 4cef1677e5e896054778060ec165cb35bcc4c923a38ea7eea43609dea20492f0 |
SHA512: | 39120f944f46dfa34f0d4a2e59a9bdb74a76d9f69b55c054969a96666b0366651bcc2a0ab4a48f3243a2046e961f43fba5e13d5b04248eeae0f86b7428133584 |
SSDEEP: | 6144:sLV6Bta6dtJmakIM51O3JM1fMKQqa7FPp0k4v:sLV6BtpmkBGpC78v |
TLSH: | 2114CF567BA8492FE2DE867D712202129779C2D3ACD3F3DE28D455B75B223E406071E3 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T.....................b........... ........@.. ..................................................................... |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x41e792 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | |
Time Stamp: | 0x54E927A1 [Sun Feb 22 00:49:37 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1e738 | 0x57 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x22000 | 0x15fc8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x20000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x1c798 | 0x1c800 | 5579f6bdb26e34a67dfc0f6a507ee611 | False | 0.5945124040570176 | data | 6.5980804852315424 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.reloc | 0x20000 | 0xc | 0x200 | fa81a8e21b7ba0db59d9a42aa7a5e570 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0x22000 | 0x15fc8 | 0x16000 | 49bcb2ba6f42631efed3dd8f8370617e | False | 1.0003107244318181 | data | 7.997347846738398 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_RCDATA | 0x22058 | 0x15f70 | data | 1.0004001422728082 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/20/24-17:17:24.137391 | TCP | 2046914 | ET TROJAN NanoCore RAT CnC 7 | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
04/20/24-17:17:36.690000 | TCP | 2046914 | ET TROJAN NanoCore RAT CnC 7 | 49742 | 11720 | 192.168.2.4 | 18.192.31.165 |
04/20/24-17:17:48.359619 | TCP | 2046914 | ET TROJAN NanoCore RAT CnC 7 | 49744 | 11720 | 192.168.2.4 | 3.125.223.134 |
04/20/24-17:17:53.838742 | TCP | 2046914 | ET TROJAN NanoCore RAT CnC 7 | 49746 | 11720 | 192.168.2.4 | 3.125.223.134 |
04/20/24-17:18:03.957905 | TCP | 2046914 | ET TROJAN NanoCore RAT CnC 7 | 49748 | 11720 | 192.168.2.4 | 18.158.249.75 |
04/20/24-17:17:03.543122 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
04/20/24-17:17:42.667256 | TCP | 2046914 | ET TROJAN NanoCore RAT CnC 7 | 49743 | 11720 | 192.168.2.4 | 3.125.223.134 |
04/20/24-17:17:58.848463 | TCP | 2046914 | ET TROJAN NanoCore RAT CnC 7 | 49747 | 11720 | 192.168.2.4 | 18.192.31.165 |
04/20/24-17:17:11.936397 | TCP | 2046914 | ET TROJAN NanoCore RAT CnC 7 | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
04/20/24-17:17:04.378880 | TCP | 2046914 | ET TROJAN NanoCore RAT CnC 7 | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
04/20/24-17:17:18.030331 | TCP | 2046914 | ET TROJAN NanoCore RAT CnC 7 | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
04/20/24-17:16:58.191892 | TCP | 2046914 | ET TROJAN NanoCore RAT CnC 7 | 49730 | 11720 | 192.168.2.4 | 3.125.223.134 |
04/20/24-17:17:31.011935 | TCP | 2046914 | ET TROJAN NanoCore RAT CnC 7 | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 20, 2024 17:16:56.228662014 CEST | 49730 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:16:56.435530901 CEST | 11720 | 49730 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:16:56.435688972 CEST | 49730 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:16:56.469959974 CEST | 49730 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:16:56.676558018 CEST | 11720 | 49730 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:16:56.951133966 CEST | 49730 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:16:57.157915115 CEST | 11720 | 49730 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:16:57.158000946 CEST | 49730 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:16:57.364367008 CEST | 11720 | 49730 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:16:57.364666939 CEST | 49730 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:16:57.571516037 CEST | 11720 | 49730 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:16:57.571710110 CEST | 49730 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:16:57.778506994 CEST | 11720 | 49730 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:16:57.778645992 CEST | 49730 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:16:57.985223055 CEST | 11720 | 49730 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:16:57.985297918 CEST | 49730 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:16:58.191816092 CEST | 11720 | 49730 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:16:58.191891909 CEST | 49730 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:16:58.373116016 CEST | 49730 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:16:58.398425102 CEST | 11720 | 49730 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:16:58.398653030 CEST | 49730 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:02.496771097 CEST | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:02.705611944 CEST | 11720 | 49731 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:02.705822945 CEST | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:02.706064939 CEST | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:02.914865017 CEST | 11720 | 49731 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:02.915088892 CEST | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:03.124845028 CEST | 11720 | 49731 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:03.124922991 CEST | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:03.333929062 CEST | 11720 | 49731 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:03.334028959 CEST | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:03.543047905 CEST | 11720 | 49731 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:03.543122053 CEST | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:03.751923084 CEST | 11720 | 49731 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:03.752023935 CEST | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:03.960779905 CEST | 11720 | 49731 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:03.960887909 CEST | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:04.169773102 CEST | 11720 | 49731 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:04.169872999 CEST | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:04.378757000 CEST | 11720 | 49731 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:04.378880024 CEST | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:04.528868914 CEST | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:04.587606907 CEST | 11720 | 49731 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:04.587879896 CEST | 49731 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:08.653834105 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:08.861382008 CEST | 11720 | 49732 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:08.861500978 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:08.862850904 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:09.070281982 CEST | 11720 | 49732 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:09.070396900 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:09.277859926 CEST | 11720 | 49732 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:09.277936935 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:09.485487938 CEST | 11720 | 49732 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:09.485586882 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:09.693484068 CEST | 11720 | 49732 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:09.693866968 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:09.901721954 CEST | 11720 | 49732 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:09.901962996 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:10.109420061 CEST | 11720 | 49732 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:10.185362101 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:10.392734051 CEST | 11720 | 49732 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:10.392833948 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:10.600294113 CEST | 11720 | 49732 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:10.600399971 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:10.808165073 CEST | 11720 | 49732 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:11.520167112 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:11.728585958 CEST | 11720 | 49732 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:11.728682995 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:11.936283112 CEST | 11720 | 49732 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:11.936397076 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:11.997706890 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:12.144325018 CEST | 11720 | 49732 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:12.144479990 CEST | 49732 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:16.139549017 CEST | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:17:16.348557949 CEST | 11720 | 49739 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:17:16.350541115 CEST | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:17:16.350796938 CEST | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:17:16.559737921 CEST | 11720 | 49739 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:17:16.560123920 CEST | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:17:16.769434929 CEST | 11720 | 49739 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:17:16.769651890 CEST | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:17:16.978907108 CEST | 11720 | 49739 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:17:16.979294062 CEST | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:17:17.188668013 CEST | 11720 | 49739 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:17:17.189347029 CEST | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:17:17.398582935 CEST | 11720 | 49739 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:17:17.402292967 CEST | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:17:17.611428976 CEST | 11720 | 49739 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:17:17.611788988 CEST | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:17:17.820889950 CEST | 11720 | 49739 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:17:17.820965052 CEST | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:17:18.030077934 CEST | 11720 | 49739 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:17:18.030330896 CEST | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:17:18.122662067 CEST | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:17:18.239346981 CEST | 11720 | 49739 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:17:18.239438057 CEST | 49739 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:17:22.247869015 CEST | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:22.456825018 CEST | 11720 | 49740 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:22.456984043 CEST | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:22.457343102 CEST | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:22.666804075 CEST | 11720 | 49740 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:22.666865110 CEST | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:22.875648022 CEST | 11720 | 49740 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:22.875827074 CEST | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:23.084590912 CEST | 11720 | 49740 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:23.084712982 CEST | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:23.293508053 CEST | 11720 | 49740 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:23.293737888 CEST | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:23.502877951 CEST | 11720 | 49740 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:23.504296064 CEST | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:23.714279890 CEST | 11720 | 49740 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:23.716285944 CEST | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:23.927850962 CEST | 11720 | 49740 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:23.928284883 CEST | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:24.137257099 CEST | 11720 | 49740 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:24.137391090 CEST | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:24.325834990 CEST | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:24.346044064 CEST | 11720 | 49740 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:24.348258972 CEST | 49740 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:29.130882978 CEST | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:29.339993954 CEST | 11720 | 49741 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:29.340186119 CEST | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:29.340476990 CEST | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:29.549094915 CEST | 11720 | 49741 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:29.549186945 CEST | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:29.757843971 CEST | 11720 | 49741 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:29.758043051 CEST | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:29.966984034 CEST | 11720 | 49741 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:29.967148066 CEST | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:30.176054001 CEST | 11720 | 49741 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:30.176224947 CEST | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:30.384994030 CEST | 11720 | 49741 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:30.385149956 CEST | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:30.593859911 CEST | 11720 | 49741 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:30.593934059 CEST | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:30.802823067 CEST | 11720 | 49741 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:30.802902937 CEST | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:31.011713028 CEST | 11720 | 49741 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:31.011934996 CEST | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:31.106983900 CEST | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:31.220547915 CEST | 11720 | 49741 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:31.220623970 CEST | 49741 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:35.232255936 CEST | 49742 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:35.440092087 CEST | 11720 | 49742 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:35.440440893 CEST | 49742 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:35.440562010 CEST | 49742 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:35.648292065 CEST | 11720 | 49742 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:35.648422956 CEST | 49742 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:35.856242895 CEST | 11720 | 49742 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:35.856590033 CEST | 49742 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:36.064487934 CEST | 11720 | 49742 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:36.064690113 CEST | 49742 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:36.273324013 CEST | 11720 | 49742 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:36.273669958 CEST | 49742 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:36.481616974 CEST | 11720 | 49742 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:36.481848955 CEST | 49742 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:36.689867973 CEST | 11720 | 49742 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:36.690000057 CEST | 49742 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:36.891896963 CEST | 11720 | 49742 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:36.892162085 CEST | 49742 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:36.892795086 CEST | 49742 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:36.897851944 CEST | 11720 | 49742 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:37.099806070 CEST | 11720 | 49742 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:41.011722088 CEST | 49743 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:41.218372107 CEST | 11720 | 49743 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:41.218499899 CEST | 49743 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:41.218897104 CEST | 49743 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:41.425506115 CEST | 11720 | 49743 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:41.425616026 CEST | 49743 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:41.632308006 CEST | 11720 | 49743 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:41.632401943 CEST | 49743 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:41.839024067 CEST | 11720 | 49743 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:41.839119911 CEST | 49743 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:42.045908928 CEST | 11720 | 49743 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:42.046077013 CEST | 49743 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:42.252811909 CEST | 11720 | 49743 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:42.252909899 CEST | 49743 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:42.459914923 CEST | 11720 | 49743 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:42.460236073 CEST | 49743 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:42.667160034 CEST | 11720 | 49743 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:42.667256117 CEST | 49743 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:42.779107094 CEST | 49743 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:42.875076056 CEST | 11720 | 49743 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:42.875245094 CEST | 49743 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:46.902838945 CEST | 49744 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:47.110732079 CEST | 11720 | 49744 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:47.110836983 CEST | 49744 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:47.111129999 CEST | 49744 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:47.318983078 CEST | 11720 | 49744 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:47.319171906 CEST | 49744 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:47.527287960 CEST | 11720 | 49744 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:47.527508020 CEST | 49744 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:47.735563040 CEST | 11720 | 49744 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:47.735771894 CEST | 49744 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:47.943685055 CEST | 11720 | 49744 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:47.943900108 CEST | 49744 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:48.151670933 CEST | 11720 | 49744 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:48.151798010 CEST | 49744 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:48.359556913 CEST | 11720 | 49744 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:48.359618902 CEST | 49744 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:48.451021910 CEST | 49744 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:48.567563057 CEST | 11720 | 49744 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:48.567744970 CEST | 49744 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:52.573405981 CEST | 49746 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:52.784250975 CEST | 11720 | 49746 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:52.784343958 CEST | 49746 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:52.784615993 CEST | 49746 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:52.994896889 CEST | 11720 | 49746 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:52.994997025 CEST | 49746 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:53.205286026 CEST | 11720 | 49746 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:53.205341101 CEST | 49746 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:53.415618896 CEST | 11720 | 49746 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:53.415680885 CEST | 49746 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:53.626033068 CEST | 11720 | 49746 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:53.628329992 CEST | 49746 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:53.838639021 CEST | 11720 | 49746 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:53.838742018 CEST | 49746 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:53.872812033 CEST | 49746 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:54.049273014 CEST | 11720 | 49746 | 3.125.223.134 | 192.168.2.4 |
Apr 20, 2024 17:17:54.051420927 CEST | 49746 | 11720 | 192.168.2.4 | 3.125.223.134 |
Apr 20, 2024 17:17:58.011709929 CEST | 49747 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:58.220511913 CEST | 11720 | 49747 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:58.220747948 CEST | 49747 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:58.221596956 CEST | 49747 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:58.430361986 CEST | 11720 | 49747 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:58.430466890 CEST | 49747 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:58.639251947 CEST | 11720 | 49747 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:58.639451027 CEST | 49747 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:58.848222017 CEST | 11720 | 49747 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:58.848463058 CEST | 49747 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:58.997786045 CEST | 49747 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:17:59.057056904 CEST | 11720 | 49747 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:17:59.057193995 CEST | 49747 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:03.122606039 CEST | 49748 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:18:03.331162930 CEST | 11720 | 49748 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:18:03.331401110 CEST | 49748 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:18:03.331737041 CEST | 49748 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:18:03.540256977 CEST | 11720 | 49748 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:18:03.540395975 CEST | 49748 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:18:03.748734951 CEST | 11720 | 49748 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:18:03.749151945 CEST | 49748 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:18:03.957561016 CEST | 11720 | 49748 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:18:03.957905054 CEST | 49748 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:18:04.060225010 CEST | 49748 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:18:04.166557074 CEST | 11720 | 49748 | 18.158.249.75 | 192.168.2.4 |
Apr 20, 2024 17:18:04.166851044 CEST | 49748 | 11720 | 192.168.2.4 | 18.158.249.75 |
Apr 20, 2024 17:18:08.186741114 CEST | 49749 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:08.393408060 CEST | 11720 | 49749 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:18:08.393534899 CEST | 49749 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:08.393773079 CEST | 49749 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:08.435225964 CEST | 49749 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:08.600117922 CEST | 11720 | 49749 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:18:08.602303982 CEST | 49749 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:12.557626009 CEST | 49750 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:12.766166925 CEST | 11720 | 49750 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:18:12.766298056 CEST | 49750 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:12.766592979 CEST | 49750 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:12.794668913 CEST | 49750 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:12.974972963 CEST | 11720 | 49750 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:18:12.975065947 CEST | 49750 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:16.924803972 CEST | 49751 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:17.135847092 CEST | 11720 | 49751 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:18:17.136331081 CEST | 49751 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:17.136706114 CEST | 49751 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:17.185164928 CEST | 49751 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:17.347595930 CEST | 11720 | 49751 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:18:17.348303080 CEST | 49751 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:21.308887005 CEST | 49752 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:21.515479088 CEST | 11720 | 49752 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:18:21.515620947 CEST | 49752 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:21.515892982 CEST | 49752 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:21.544557095 CEST | 49752 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:21.722425938 CEST | 11720 | 49752 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:18:21.728385925 CEST | 49752 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:25.674253941 CEST | 49753 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:25.882098913 CEST | 11720 | 49753 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:18:25.882359982 CEST | 49753 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:25.882838011 CEST | 49753 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:25.904046059 CEST | 49753 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:26.090567112 CEST | 11720 | 49753 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:18:26.090740919 CEST | 49753 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:30.026487112 CEST | 49754 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:30.236013889 CEST | 11720 | 49754 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:18:30.236196995 CEST | 49754 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:30.236972094 CEST | 49754 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:30.247646093 CEST | 49754 | 11720 | 192.168.2.4 | 18.192.31.165 |
Apr 20, 2024 17:18:30.446286917 CEST | 11720 | 49754 | 18.192.31.165 | 192.168.2.4 |
Apr 20, 2024 17:18:30.446495056 CEST | 49754 | 11720 | 192.168.2.4 | 18.192.31.165 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 20, 2024 17:16:56.114391088 CEST | 63002 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:16:56.221467018 CEST | 53 | 63002 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:17:02.389811993 CEST | 60759 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:17:02.495512962 CEST | 53 | 60759 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:17:08.547640085 CEST | 58467 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:17:08.653023958 CEST | 53 | 58467 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:17:16.031946898 CEST | 60375 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:17:16.138897896 CEST | 53 | 60375 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:17:22.139462948 CEST | 51788 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:17:22.246814966 CEST | 53 | 51788 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:17:29.025079012 CEST | 55775 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:17:29.130325079 CEST | 53 | 55775 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:17:35.123785973 CEST | 57223 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:17:35.231515884 CEST | 53 | 57223 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:17:40.905378103 CEST | 54911 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:17:41.010709047 CEST | 53 | 54911 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:17:46.797152996 CEST | 64540 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:17:46.902158022 CEST | 53 | 64540 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:17:52.467348099 CEST | 65092 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:17:52.572583914 CEST | 53 | 65092 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:17:57.889056921 CEST | 50237 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:17:58.011102915 CEST | 53 | 50237 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:18:03.014661074 CEST | 54725 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:18:03.121939898 CEST | 53 | 54725 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:18:08.076833963 CEST | 56074 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:18:08.182642937 CEST | 53 | 56074 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:18:12.451982021 CEST | 61014 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:18:12.556866884 CEST | 53 | 61014 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:18:16.813385963 CEST | 50993 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:18:16.920650005 CEST | 53 | 50993 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:18:21.202725887 CEST | 59804 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:18:21.307925940 CEST | 53 | 59804 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:18:25.561564922 CEST | 52063 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:18:25.666897058 CEST | 53 | 52063 | 8.8.8.8 | 192.168.2.4 |
Apr 20, 2024 17:18:29.920797110 CEST | 58631 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 20, 2024 17:18:30.025738001 CEST | 53 | 58631 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 20, 2024 17:16:56.114391088 CEST | 192.168.2.4 | 8.8.8.8 | 0x7d7c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:17:02.389811993 CEST | 192.168.2.4 | 8.8.8.8 | 0xd84c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:17:08.547640085 CEST | 192.168.2.4 | 8.8.8.8 | 0x3d4a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:17:16.031946898 CEST | 192.168.2.4 | 8.8.8.8 | 0xd51f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:17:22.139462948 CEST | 192.168.2.4 | 8.8.8.8 | 0xdcb2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:17:29.025079012 CEST | 192.168.2.4 | 8.8.8.8 | 0x52fc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:17:35.123785973 CEST | 192.168.2.4 | 8.8.8.8 | 0x959b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:17:40.905378103 CEST | 192.168.2.4 | 8.8.8.8 | 0xe3e4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:17:46.797152996 CEST | 192.168.2.4 | 8.8.8.8 | 0xaa0e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:17:52.467348099 CEST | 192.168.2.4 | 8.8.8.8 | 0xb628 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:17:57.889056921 CEST | 192.168.2.4 | 8.8.8.8 | 0xd6ff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:18:03.014661074 CEST | 192.168.2.4 | 8.8.8.8 | 0xbd54 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:18:08.076833963 CEST | 192.168.2.4 | 8.8.8.8 | 0x491d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:18:12.451982021 CEST | 192.168.2.4 | 8.8.8.8 | 0xc5fb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:18:16.813385963 CEST | 192.168.2.4 | 8.8.8.8 | 0x6ca8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:18:21.202725887 CEST | 192.168.2.4 | 8.8.8.8 | 0x75b8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:18:25.561564922 CEST | 192.168.2.4 | 8.8.8.8 | 0x7d19 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 17:18:29.920797110 CEST | 192.168.2.4 | 8.8.8.8 | 0x20a6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 20, 2024 17:16:56.221467018 CEST | 8.8.8.8 | 192.168.2.4 | 0x7d7c | No error (0) | 3.125.223.134 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:17:02.495512962 CEST | 8.8.8.8 | 192.168.2.4 | 0xd84c | No error (0) | 3.125.223.134 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:17:08.653023958 CEST | 8.8.8.8 | 192.168.2.4 | 0x3d4a | No error (0) | 3.125.223.134 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:17:16.138897896 CEST | 8.8.8.8 | 192.168.2.4 | 0xd51f | No error (0) | 18.158.249.75 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:17:22.246814966 CEST | 8.8.8.8 | 192.168.2.4 | 0xdcb2 | No error (0) | 3.125.223.134 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:17:29.130325079 CEST | 8.8.8.8 | 192.168.2.4 | 0x52fc | No error (0) | 3.125.223.134 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:17:35.231515884 CEST | 8.8.8.8 | 192.168.2.4 | 0x959b | No error (0) | 18.192.31.165 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:17:41.010709047 CEST | 8.8.8.8 | 192.168.2.4 | 0xe3e4 | No error (0) | 3.125.223.134 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:17:46.902158022 CEST | 8.8.8.8 | 192.168.2.4 | 0xaa0e | No error (0) | 3.125.223.134 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:17:52.572583914 CEST | 8.8.8.8 | 192.168.2.4 | 0xb628 | No error (0) | 3.125.223.134 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:17:58.011102915 CEST | 8.8.8.8 | 192.168.2.4 | 0xd6ff | No error (0) | 18.192.31.165 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:18:03.121939898 CEST | 8.8.8.8 | 192.168.2.4 | 0xbd54 | No error (0) | 18.158.249.75 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:18:08.182642937 CEST | 8.8.8.8 | 192.168.2.4 | 0x491d | No error (0) | 18.192.31.165 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:18:12.556866884 CEST | 8.8.8.8 | 192.168.2.4 | 0xc5fb | No error (0) | 18.192.31.165 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:18:16.920650005 CEST | 8.8.8.8 | 192.168.2.4 | 0x6ca8 | No error (0) | 18.192.31.165 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:18:21.307925940 CEST | 8.8.8.8 | 192.168.2.4 | 0x75b8 | No error (0) | 18.192.31.165 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:18:25.666897058 CEST | 8.8.8.8 | 192.168.2.4 | 0x7d19 | No error (0) | 18.192.31.165 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 17:18:30.025738001 CEST | 8.8.8.8 | 192.168.2.4 | 0x20a6 | No error (0) | 18.192.31.165 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:16:54 |
Start date: | 20/04/2024 |
Path: | C:\Users\user\Desktop\lLX6Po7hFJ.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe50000 |
File size: | 207'872 bytes |
MD5 hash: | 07D9144C3B3CFE44C24F850A74FAAACC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 17:16:54 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa10000 |
File size: | 187'904 bytes |
MD5 hash: | 48C2FE20575769DE916F48EF0676A965 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 17:16:55 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 17:16:55 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa10000 |
File size: | 187'904 bytes |
MD5 hash: | 48C2FE20575769DE916F48EF0676A965 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 17:16:55 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 17:16:57 |
Start date: | 20/04/2024 |
Path: | C:\Users\user\Desktop\lLX6Po7hFJ.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2f0000 |
File size: | 207'872 bytes |
MD5 hash: | 07D9144C3B3CFE44C24F850A74FAAACC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 17:16:57 |
Start date: | 20/04/2024 |
Path: | C:\Program Files (x86)\DNS Host\dnshost.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x320000 |
File size: | 207'872 bytes |
MD5 hash: | 07D9144C3B3CFE44C24F850A74FAAACC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 17:17:04 |
Start date: | 20/04/2024 |
Path: | C:\Program Files (x86)\DNS Host\dnshost.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf50000 |
File size: | 207'872 bytes |
MD5 hash: | 07D9144C3B3CFE44C24F850A74FAAACC |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 12 |
Start time: | 17:18:29 |
Start date: | 20/04/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10000000 |
File size: | 36'264 bytes |
MD5 hash: | 89106D4D0BA99F770EAFE946EA81BB65 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Execution Graph
Execution Coverage: | 18.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 6.6% |
Total number of Nodes: | 211 |
Total number of Limit Nodes: | 13 |
Graph
Function 019C8988 Relevance: 3.0, Strings: 2, Instructions: 505COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C23A0 Relevance: 3.0, Strings: 2, Instructions: 505COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CB028 Relevance: 2.2, Strings: 1, Instructions: 949COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05802848 Relevance: 1.6, APIs: 1, Instructions: 94networkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058032EB Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05802D56 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05803527 Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580289A Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05803322 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580169A Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05803562 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C3850 Relevance: .8, Instructions: 758COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C2FA8 Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CFB48 Relevance: 7.7, Strings: 6, Instructions: 244COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C0980 Relevance: 5.2, Strings: 4, Instructions: 180COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C09A9 Relevance: 5.1, Strings: 4, Instructions: 105COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C02E8 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CA210 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CA220 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058035DC Relevance: 1.6, APIs: 1, Instructions: 101windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580180C Relevance: 1.6, APIs: 1, Instructions: 97networkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05801394 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058011CC Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05800736 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05800D68 Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05801491 Relevance: 1.6, APIs: 1, Instructions: 91COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05801EC6 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058025D0 Relevance: 1.6, APIs: 1, Instructions: 87timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05802A33 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058013B6 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05802C3D Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05800E64 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144AF50 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05802082 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058018F6 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05802D36 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05800D8E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05801EF2 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05800F34 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05800C97 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05801597 Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580100F Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05800776 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058001F4 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058020A2 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05801916 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05802C62 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580346D Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580260E Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05802A72 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144A51F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144B7CA Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058014DE Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058015BA Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05800F66 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144BB4F Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144BE05 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144B71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144BEB4 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05801667 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144A75B Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580104A Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05800EA6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05800CCE Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580349E Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144A8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144BED2 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580123E Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580365E Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144B746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144A546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144AF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05800232 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580187A Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144BB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144A78A Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144B806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144A8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144A372 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0144BE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C20D0 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C32BB Relevance: 1.4, Strings: 1, Instructions: 193COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 068502E8 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C2D58 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C0682 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06850007 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CD170 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C45C8 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6C92 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C8620 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06850469 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0685045D Relevance: 1.3, Strings: 1, Instructions: 86COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C8630 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06850070 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6CE6 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C25DE Relevance: 1.3, Strings: 1, Instructions: 75COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C8BC6 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CC3D1 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CC7F8 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CC7E8 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C61A0 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C7560 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C4710 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C7570 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6100 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6110 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C61B0 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C12A0 Relevance: .5, Instructions: 460COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CAB00 Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6270 Relevance: .2, Instructions: 241COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6261 Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE8E0 Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE178 Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C76D8 Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C7328 Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C7BC0 Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C7E91 Relevance: .1, Instructions: 141COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CCBE8 Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C0BC0 Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE8D1 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CF8A9 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C5920 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6EA8 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 068504D1 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6EB8 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C91D8 Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C84B8 Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE458 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE168 Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C02DA Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CECA8 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CEC98 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C1292 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE051 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C0006 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CAAEF Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE5C0 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C43C0 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06850198 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C50E0 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C731C Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C5B51 Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C43D0 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CDE69 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C55E8 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CEE59 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE718 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C5730 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CDD00 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CEB98 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06850189 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C21E8 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C5830 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C48B8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C4F10 Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C4510 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C5840 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CFA0E Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C21F8 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE468 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C7BB0 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C5000 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C50D0 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C46A7 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CC6C8 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01850854 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C54F8 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CF7A0 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C4FF0 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CDB70 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CCA48 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0185088C Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C2390 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6211 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C4788 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0156AA38 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C7B1A Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C05BA Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CDB80 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C7B28 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C5740 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CFEF8 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CFEE8 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C1209 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CA8A0 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 018505DF Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C05C8 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6BE8 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CA890 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C9328 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CAA10 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C1218 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6BD8 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CA1A1 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CFE87 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6618 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6628 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C84A8 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE871 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C5CD1 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C45B8 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CC6BA Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CDFBF Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CFA20 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 068506D8 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C8748 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C55D9 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C4701 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE7F0 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CFE98 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01850948 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CC9EE Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C74FF Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CD897 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01850606 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE800 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CDFD0 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0156AA87 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CCA39 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CFA30 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CCA00 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C5DE8 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE011 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CFE50 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C6220 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE020 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE841 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C57F6 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C7698 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C02A1 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 068506E8 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C016F Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06850668 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C85D7 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C7148 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CE850 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C9300 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C0650 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06850720 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 068506A8 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014423F4 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014423BC Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C5478 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C7E0E Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C0180 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C5D5F Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C5D70 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C860F Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CC7C9 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C0660 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CD1A0 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C61F1 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C716C Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C9323 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C2EC0 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06850730 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C9588 Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C306F Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C964F Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CEF60 Relevance: 11.7, Strings: 9, Instructions: 467COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014426AA Relevance: 6.7, Strings: 5, Instructions: 407COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C0D8C Relevance: 6.5, Strings: 5, Instructions: 252COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CD700 Relevance: 5.1, Strings: 4, Instructions: 66COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 15.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 60 |
Total number of Limit Nodes: | 6 |
Graph
Function 04AF23A0 Relevance: 3.0, Strings: 2, Instructions: 505COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF3850 Relevance: .8, Instructions: 760COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF2FA8 Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF0980 Relevance: 5.2, Strings: 4, Instructions: 176COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF09A9 Relevance: 5.1, Strings: 4, Instructions: 105COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF02E8 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF0681 Relevance: 2.6, Strings: 2, Instructions: 129COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090AF50 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090B7CA Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090A51F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090BB4F Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090BE05 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090B71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090BEB4 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090A75B Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090A8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090BED2 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090A546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090B746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090AF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090BB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090A78A Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090B806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090A8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090BE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF20D0 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF32BB Relevance: 1.4, Strings: 1, Instructions: 193COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF2D58 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF25DE Relevance: 1.3, Strings: 1, Instructions: 75COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF12A0 Relevance: .5, Instructions: 460COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF0BC0 Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF02D9 Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF1291 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF0C68 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF0006 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF21E8 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF4190 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF21F8 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D80854 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D8088C Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF2390 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF05B9 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D805E0 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF1209 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF0908 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF05C8 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF1218 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF4180 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF0918 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D80948 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D80606 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF0B10 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF02A1 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF016F Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF21B8 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF0650 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009023F4 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009023BC Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF0180 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF0660 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF2EC0 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04AF0D93 Relevance: 6.5, Strings: 5, Instructions: 249COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009026AA Relevance: 5.4, Strings: 4, Instructions: 382COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 14.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 60 |
Total number of Limit Nodes: | 6 |
Graph
Function 04B023A0 Relevance: 3.0, Strings: 2, Instructions: 505COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B02FA8 Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B00980 Relevance: 5.2, Strings: 4, Instructions: 177COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B009A9 Relevance: 5.1, Strings: 4, Instructions: 105COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B002E8 Relevance: 2.7, Strings: 2, Instructions: 174COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2AF50 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2B7CA Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2A51F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2BB4F Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2BE05 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2B71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2BEB4 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2A75B Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2A8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2BED2 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2A546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2B746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2AF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2BB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2A78A Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2B806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2A8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A2BE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B032BB Relevance: 1.4, Strings: 1, Instructions: 192COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B02D58 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B021F8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B025DE Relevance: 1.3, Strings: 1, Instructions: 75COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B04180 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B03B10 Relevance: .5, Instructions: 487COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B012A0 Relevance: .5, Instructions: 460COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B00908 Relevance: .1, Instructions: 139COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B00681 Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B00BC0 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B002D9 Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B020D0 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B01291 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B00006 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B021E8 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B04190 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B03AB8 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078088C Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078085C Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007805E0 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B02390 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B005B9 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B01209 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B005C8 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780830 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B01218 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B00918 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780948 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780606 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B002A1 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B0016F Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B00650 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A223F4 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A223BC Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B00180 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B00660 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B02EC0 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B00D93 Relevance: 6.5, Strings: 5, Instructions: 249COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A226AA Relevance: 5.4, Strings: 4, Instructions: 387COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 13.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 64 |
Total number of Limit Nodes: | 7 |
Graph
Function 057523A0 Relevance: 3.0, Strings: 2, Instructions: 505COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05753850 Relevance: .7, Instructions: 742COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05752FA8 Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057509A0 Relevance: 5.2, Strings: 4, Instructions: 177COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057502E8 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05750681 Relevance: 2.6, Strings: 2, Instructions: 129COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176AF50 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176A51F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176B7CA Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176BB4F Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 059205EF Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176BE05 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176B71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176A75B Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176A8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176A546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176B746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0592061E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176AF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176BB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176A78A Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176B806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176A8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0176BE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057520D0 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057532BB Relevance: 1.4, Strings: 1, Instructions: 182COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057525DE Relevance: 1.3, Strings: 1, Instructions: 75COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057512A0 Relevance: .5, Instructions: 460COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05750BC0 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057502D9 Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05751291 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0575003F Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057521E8 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05754190 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AA0856 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AA088C Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05752390 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057505B9 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05751209 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057505C8 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AA05E0 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05751218 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05754180 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AA0948 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AA0606 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0575016F Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017623F4 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05750650 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017623BC Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057502AC Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05750180 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05752EC0 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05750660 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05750D7F Relevance: 6.5, Strings: 5, Instructions: 255COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017626AA Relevance: 5.4, Strings: 4, Instructions: 387COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |