Windows Analysis Report TMB1fxNaqR
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for dropped file | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Dropped File: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Binary string: |
Source: | Code function: |
Source: | Code function: |
Persistence and Installation Behavior: |
---|
Creates processes via WMI | Show sources |
Source: | WMI Queries: |
Source: | File created: | Jump to dropped file |
Source: | Registry key monitored for changes: |
Source: | Process information set: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Process created: |
Source: | Code function: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation11 | Path Interception | Process Injection11 | Virtualization/Sandbox Evasion1 | Input Capture1 | Security Software Discovery1 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection11 | LSASS Memory | Query Registry1 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information1 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | Remote System Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery3 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
45% | Virustotal | Browse | ||
59% | ReversingLabs | Win32.Trojan.Wacatac |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
14% | Virustotal | Browse | ||
15% | ReversingLabs | Win32.Trojan.Generic |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.vrthcobj.com | 34.97.69.225 | true | true |
| unknown |
a.goatgame.co | 172.67.146.70 | true | false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.146.70 | a.goatgame.co | United States | 13335 | CLOUDFLARENETUS | false |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 458974 |
Start date: | 03.08.2021 |
Start time: | 23:37:18 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 47s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | TMB1fxNaqR (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 27 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal76.winEXE@5/2@3/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
23:38:09 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
172.67.146.70 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
google.vrthcobj.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
a.goatgame.co | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ce5f3254611a8c095a3d821d44539877 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\TMB1fxNaqR.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 578669 |
Entropy (8bit): | 7.965453587440716 |
Encrypted: | false |
SSDEEP: | 12288:C11ticqWIMMXa2ad3KNjZi+VUYgokNxcg8aVg1gKtY7SQgCO:ePeBaRKNjoklalbVygKtY7xgd |
MD5: | C78BF51EE294161707A6766E71CEE582 |
SHA1: | 3BB4FF0B06FC5B3753AB39F21E959895834BF7F8 |
SHA-256: | BE449F187EC6EE4C4FA40642E698FFA3BFA19EC08848F4E0273B70427A1F1FC2 |
SHA-512: | B2D7D6D8C12B0DBDD677BC8ACD764AB0687E976268E46F461B98C5CF941197785B5D5718D2E3A734EAE49B0D358064EE23D9AAE217AF5F98DA5252A8A11D531D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\TMB1fxNaqR.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 81408 |
Entropy (8bit): | 6.295064838876099 |
Encrypted: | false |
SSDEEP: | 1536:jkOh0YR+kfbE+2AJk64OceTbkS9Co5sWzcdSzEdY+wJpxpbcNop//:jkcjHY+fJhPN9H2SIdY+wJpxpQ8// |
MD5: | 05250AA12AD3C6A86DAB6DAB708D17FF |
SHA1: | E41AD72C9A43070BB11FD7411800F71DDDF6BDD8 |
SHA-256: | 7250A8A1B98D09BE823CD6EFD30D85E5418DFC3541D220BB0694DFCC547478BD |
SHA-512: | A56DF11AF5243150753154E1CBA74E3CDD0CDECF09269B88A3944AC12B73DE59909CE6DBBBD3B1B6DA691D144FAC2599645B2017F66BAC64A106437168EC38C8 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: | |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.581071120397606 |
TrID: |
|
File name: | TMB1fxNaqR.exe |
File size: | 57344 |
MD5: | a92922a71a9bf58cc2d95a6039c9a1b6 |
SHA1: | f419ba1e6da5dfc295857598e44b0a4eb0b3ecfc |
SHA256: | 213ea943865069cf1210a58860c619a8fa8928258abe8919fee8180feafea547 |
SHA512: | 0bb8f350ab4ba4570806b70e6bf82d986782d4635f5058eaf8c36550b1ba9e3bd6b6e5df098fbb9167dece0684bbae047824822bb55f54ee8a17993f29fd8007 |
SSDEEP: | 768:URFJRVA3O2pxNojkTnJQ6XWzQjkpC/xbjNxxuCqXKClZt9:MMoITVXGpC5bpHPmlZt9 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../Q..N?..N?..N?.CF`..N?..l4..N?.NR1..N?..h4..N?..h5..N?.NFb..N?..N>..N?..m...N?.Rich.N?.........PE..L...RF.a.................p. |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x40268e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x61074652 [Mon Aug 2 01:11:46 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 2cdeda7a0aa27475a825e9c41d4d95f0 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
push FFFFFFFFh |
push 00408150h |
push 00403E48h |
mov eax, dword ptr fs:[00000000h] |
push eax |
mov dword ptr fs:[00000000h], esp |
sub esp, 10h |
push ebx |
push esi |
push edi |
mov dword ptr [ebp-18h], esp |
call dword ptr [00408050h] |
xor edx, edx |
mov dl, ah |
mov dword ptr [0040CF70h], edx |
mov ecx, eax |
and ecx, 000000FFh |
mov dword ptr [0040CF6Ch], ecx |
shl ecx, 08h |
add ecx, edx |
mov dword ptr [0040CF68h], ecx |
shr eax, 10h |
mov dword ptr [0040CF64h], eax |
push 00000001h |
call 00007FE49C86475Bh |
pop ecx |
test eax, eax |
jne 00007FE49C86306Ah |
push 0000001Ch |
call 00007FE49C863110h |
pop ecx |
call 00007FE49C863BC3h |
test eax, eax |
jne 00007FE49C86306Ah |
push 00000010h |
call 00007FE49C8630FFh |
pop ecx |
and dword ptr [ebp-04h], 00000000h |
call 00007FE49C864403h |
call dword ptr [0040804Ch] |
mov dword ptr [0040D658h], eax |
call 00007FE49C8642C1h |
mov dword ptr [0040CF54h], eax |
call 00007FE49C86406Ah |
call 00007FE49C863FACh |
call 00007FE49C863D0Fh |
mov eax, dword ptr [0040CF80h] |
mov dword ptr [0040CF84h], eax |
push eax |
push dword ptr [0040CF78h] |
push dword ptr [0040CF74h] |
call 00007FE49C862B32h |
add esp, 0Ch |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8af0 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xe000 | 0x3d4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x150 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6bb7 | 0x7000 | False | 0.593296595982 | data | 6.44358253732 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x1186 | 0x2000 | False | 0.270629882812 | data | 3.63030337834 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x365c | 0x3000 | False | 0.0801595052083 | data | 0.843436221473 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xe000 | 0x1000 | 0x1000 | False | 0.111083984375 | data | 1.09363315293 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0xe058 | 0x37c | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetProcAddress, LoadLibraryA, lstrlenW, InterlockedDecrement, CloseHandle, WriteFile, CreateFileW, lstrcatW, GetModuleFileNameW, RaiseException, LocalFree, lstrlenA, InterlockedIncrement, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, RtlUnwind, GetCommandLineA, GetVersion, ExitProcess, HeapFree, HeapAlloc, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, GetLastError, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetCPInfo, GetACP, GetOEMCP, HeapSize |
USER32.dll | wsprintfW |
ole32.dll | CoInitializeSecurity, CoUninitialize, CoInitialize, CoCreateInstance, CoSetProxyBlanket |
OLEAUT32.dll | VariantInit, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayAccessData, SafeArrayUnaccessData, SysStringLen, SysAllocStringLen, SysAllocString, VariantClear, SysFreeString, GetErrorInfo |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright (C) 1995-2018 VanDyke Software, Inc. |
InternalName | License Helper |
FileVersion | 8.5.0.1740 |
CompanyName | VanDyke Software, Inc. |
Comments | \$Revision: 122570 \$ |
ProductName | License Helper |
ProductVersion | 8.5.0.1740 |
FileDescription | License Helper |
OriginalFilename | LicenseHelper.exe |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
08/03/21-23:38:25.660129 | UDP | 1948 | DNS zone transfer UDP | 58824 | 53 | 192.168.2.3 | 34.97.69.225 |
08/03/21-23:38:31.551839 | UDP | 1948 | DNS zone transfer UDP | 58824 | 53 | 192.168.2.3 | 34.97.69.225 |
08/03/21-23:38:39.386795 | UDP | 1948 | DNS zone transfer UDP | 58824 | 53 | 192.168.2.3 | 34.97.69.225 |
08/03/21-23:38:50.171576 | UDP | 1948 | DNS zone transfer UDP | 58824 | 53 | 192.168.2.3 | 34.97.69.225 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 3, 2021 23:38:06.097122908 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.114178896 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.114345074 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.119462967 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.136428118 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.144661903 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.144718885 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.144751072 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.144821882 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.150866985 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.167779922 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.167906046 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.215509892 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.232352018 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.769733906 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.769762993 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.769779921 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.769804001 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.769818068 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.769840956 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.769855976 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.769893885 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.769905090 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.769912004 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.769963026 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.769974947 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.769979954 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.770143032 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.770167112 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.770183086 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.770209074 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.770230055 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.770538092 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.770561934 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.770582914 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.770606041 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.770627975 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.770677090 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:06.771333933 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:06.811240911 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.030968904 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.030998945 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.031023026 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.031038046 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.031059027 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.031078100 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.031090021 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.031184912 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.031236887 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.031243086 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.031522989 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.031546116 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.031568050 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.031590939 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.031598091 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.031620979 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.032304049 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.032377958 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.041439056 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.041465998 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.041485071 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.041501999 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.041523933 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.041548967 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.041564941 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.041615009 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.041665077 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.041671991 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.041891098 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.041918039 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.041938066 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.041956902 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.041964054 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.042023897 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.042691946 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.042717934 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.042741060 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.042763948 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.042768955 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.042800903 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.043505907 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.043582916 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.294538975 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.294569016 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.294590950 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.294611931 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.294626951 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.294715881 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.294802904 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.295092106 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.295165062 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.295166969 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.295197010 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.295249939 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.295593023 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.295634031 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.295669079 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.295691967 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
Aug 3, 2021 23:38:07.295706987 CEST | 443 | 49708 | 172.67.146.70 | 192.168.2.3 |
Aug 3, 2021 23:38:07.295763969 CEST | 49708 | 443 | 192.168.2.3 | 172.67.146.70 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 3, 2021 23:37:56.634107113 CEST | 60985 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:37:56.676135063 CEST | 53 | 60985 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:37:57.231653929 CEST | 50200 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:37:57.282186031 CEST | 53 | 50200 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:37:57.536907911 CEST | 51281 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:37:57.573438883 CEST | 53 | 51281 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:37:58.592097998 CEST | 49199 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:37:58.619740963 CEST | 53 | 49199 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:37:59.474395037 CEST | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:37:59.509958982 CEST | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:37:59.696528912 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:37:59.729441881 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:01.026458025 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:01.076482058 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:01.869057894 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:01.896617889 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:03.027504921 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:03.059770107 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:04.618001938 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:04.643836975 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:05.781409025 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:05.806092978 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:06.049623966 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:06.085091114 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:06.987278938 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:07.021372080 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:07.800545931 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:07.825484991 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:08.934715986 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:08.960048914 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:09.537939072 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:09.570741892 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:10.155075073 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:10.190376043 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:11.050296068 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:11.085692883 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:12.071374893 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:12.098846912 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:13.260493994 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:13.296123028 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:13.925787926 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:13.951874971 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:14.363015890 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:14.364244938 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 3, 2021 23:38:14.388151884 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Aug 3, 2021 23:38:14.399341106 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 3, 2021 23:38:06.049623966 CEST | 192.168.2.3 | 8.8.8.8 | 0x9251 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 3, 2021 23:38:14.363015890 CEST | 192.168.2.3 | 8.8.8.8 | 0xc59 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 3, 2021 23:38:14.364244938 CEST | 192.168.2.3 | 8.8.8.8 | 0x3308 | Standard query (0) | 28 | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 3, 2021 23:38:06.085091114 CEST | 8.8.8.8 | 192.168.2.3 | 0x9251 | No error (0) | 172.67.146.70 | A (IP address) | IN (0x0001) | ||
Aug 3, 2021 23:38:06.085091114 CEST | 8.8.8.8 | 192.168.2.3 | 0x9251 | No error (0) | 104.21.79.144 | A (IP address) | IN (0x0001) | ||
Aug 3, 2021 23:38:14.388151884 CEST | 8.8.8.8 | 192.168.2.3 | 0xc59 | No error (0) | 34.97.69.225 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Aug 3, 2021 23:38:06.144718885 CEST | 172.67.146.70 | 443 | 192.168.2.3 | 49708 | CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Sun Jul 18 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020 | Mon Jul 18 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025 | 771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0 | ce5f3254611a8c095a3d821d44539877 |
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Mon Jan 27 13:48:08 CET 2020 | Wed Jan 01 00:59:59 CET 2025 |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 23:38:02 |
Start date: | 03/08/2021 |
Path: | C:\Users\user\Desktop\TMB1fxNaqR.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 57344 bytes |
MD5 hash: | A92922A71A9BF58CC2D95A6039C9A1B6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 23:38:03 |
Start date: | 03/08/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 23:38:03 |
Start date: | 03/08/2021 |
Path: | C:\Users\user\Desktop\TMB1fxNaqR.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 57344 bytes |
MD5 hash: | A92922A71A9BF58CC2D95A6039C9A1B6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 23:38:04 |
Start date: | 03/08/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|