Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 6804 cmdline:
C:\Users\u ser\Deskto p\file.exe MD5: 66108176E22E6F9513A62C76F2185468) - aspnet_compiler.exe (PID: 6588 cmdline:
C:\Windows \Microsoft .NET\Frame work\v4.0. 30319\aspn et_compile r.exe MD5: 17CC69238395DF61AAF483BCEF02E7C9)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Remcos, RemcosRAT | Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity. |
{"Host:Port:Password": "pekonomia.duckdns.org:30861:1", "Assigned name": "RemoteHost", "Copy file": "remcos.exe", "Startup value": "Remcos", "Mutex": "Rmc-B0VP4N", "Keylog file": "logs.dat", "Screenshot file": "Screenshots", "Audio folder": "MicRecords", "Copy folder": "Remcos", "Keylog folder": "remcos", "Keylog file max size": "100000"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | ||
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
Windows_Trojan_Remcos_b296e965 | unknown | unknown |
| |
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | ||
Click to see the 13 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | ||
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM | Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) | ditekSHen |
| |
Windows_Trojan_Remcos_b296e965 | unknown | unknown |
| |
REMCOS_RAT_variants | unknown | unknown |
| |
Click to see the 14 entries |
Stealing of Sensitive Information |
---|
Source: | Author: Joe Security: |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Avira: |
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Code function: | 2_2_00432142 |
Source: | Binary or memory string: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Privilege Escalation |
---|
Source: | Code function: | 2_2_00406B71 |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_0044D0F9 | |
Source: | Code function: | 2_2_0040B0AA | |
Source: | Code function: | 2_2_0040B2B1 | |
Source: | Code function: | 2_2_00418650 | |
Source: | Code function: | 2_2_0040B8C7 | |
Source: | Code function: | 2_2_00408909 | |
Source: | Code function: | 2_2_0041AC0A | |
Source: | Code function: | 2_2_00408D1B | |
Source: | Code function: | 2_2_00407E80 | |
Source: | Code function: | 2_2_00406EB0 |
Source: | Code function: | 2_2_0040730B |
Networking |
---|
Source: | URLs: |
Source: | DNS query: |
Source: | ASN Name: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | Code function: | 2_2_004255BC |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | Code function: | 2_2_00415802 |
Source: | Code function: | 2_2_00415802 |
Source: | Code function: | 2_2_004099E3 |
Source: | Code function: | 2_2_00415802 |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 2_2_00437040 | |
Source: | Code function: | 2_2_004361CE | |
Source: | Code function: | 2_2_004131DA | |
Source: | Code function: | 2_2_0044C249 | |
Source: | Code function: | 2_2_00432251 | |
Source: | Code function: | 2_2_00426351 | |
Source: | Code function: | 2_2_0041C46D | |
Source: | Code function: | 2_2_004264BA | |
Source: | Code function: | 2_2_00436603 | |
Source: | Code function: | 2_2_0043C76D | |
Source: | Code function: | 2_2_00425719 | |
Source: | Code function: | 2_2_00434731 | |
Source: | Code function: | 2_2_004358BA | |
Source: | Code function: | 2_2_004529D9 | |
Source: | Code function: | 2_2_0043C99C | |
Source: | Code function: | 2_2_0041DA05 | |
Source: | Code function: | 2_2_00436A38 | |
Source: | Code function: | 2_2_00444AF0 | |
Source: | Code function: | 2_2_0043CBCB | |
Source: | Code function: | 2_2_00451BAB | |
Source: | Code function: | 2_2_00425CA8 | |
Source: | Code function: | 2_2_00435DB6 | |
Source: | Code function: | 2_2_0043CE28 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 2_2_00416840 |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Static file information: | |||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 2_2_004195A5 |
Source: | Code function: | 2_2_0040E991 |
Source: | Mutant created: |
Source: | Code function: | 2_2_0041A003 |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: |
Source: | Code function: | 2_2_00456346 | |
Source: | Code function: | 2_2_0045C526 | |
Source: | Code function: | 2_2_00433759 | |
Source: | Code function: | 2_2_00455A19 |
Source: | Code function: | 2_2_0041B4C9 |
Source: | Static PE information: |
Source: | Code function: | 2_2_00406524 |
Source: | Code function: | 2_2_004195A5 |
Source: | Code function: | 2_2_0041B4C9 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Code function: | 2_2_0040ECEA |
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 2_2_004192A3 |
Source: | Thread delayed: | Jump to behavior |
Source: | API coverage: |
Source: | Code function: | 2_2_0044D0F9 | |
Source: | Code function: | 2_2_0040B0AA | |
Source: | Code function: | 2_2_0040B2B1 | |
Source: | Code function: | 2_2_00418650 | |
Source: | Code function: | 2_2_0040B8C7 | |
Source: | Code function: | 2_2_00408909 | |
Source: | Code function: | 2_2_0041AC0A | |
Source: | Code function: | 2_2_00408D1B | |
Source: | Code function: | 2_2_00407E80 | |
Source: | Code function: | 2_2_00406EB0 |
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 2_2_0040730B |
Source: | API call chain: | graph_2-47741 |
Source: | Binary or memory string: |
Source: | Code function: | 2_2_00433304 |
Source: | Code function: | 2_2_0041B4C9 |
Source: | Code function: | 2_2_00411241 |
Source: | Code function: | 2_2_00441B85 |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 2_2_00433452 | |
Source: | Code function: | 2_2_00433304 | |
Source: | Code function: | 2_2_0043A3F1 | |
Source: | Code function: | 2_2_004338CC |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 2_2_0041163A |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 2_2_00418186 |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 2_2_0044716D | |
Source: | Code function: | 2_2_00450558 | |
Source: | Code function: | 2_2_004507D0 | |
Source: | Code function: | 2_2_0045081B | |
Source: | Code function: | 2_2_004508B6 | |
Source: | Code function: | 2_2_00450943 | |
Source: | Code function: | 2_2_00450B93 | |
Source: | Code function: | 2_2_00446C84 | |
Source: | Code function: | 2_2_00450CBC | |
Source: | Code function: | 2_2_00450DC3 | |
Source: | Code function: | 2_2_0040EE14 | |
Source: | Code function: | 2_2_00450E90 |
Source: | Code function: | 2_2_0043354D |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_00404F31 |
Source: | Code function: | 2_2_00447A10 |
Source: | Code function: | 2_2_0041A168 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 2_2_0040B0AA | |
Source: | Code function: | 2_2_0040B0AA |
Source: | Code function: | 2_2_0040AF8C |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 2_2_0040567A |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 1 Windows Service | 1 Bypass User Access Control | 1 Disable or Modify Tools | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 11 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 1 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | 11 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 11 Input Capture | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 2 Service Execution | Logon Script (Windows) | 1 Windows Service | 3 Obfuscated Files or Information | 2 Credentials In Files | 1 System Service Discovery | SMB/Windows Admin Shares | 12 Clipboard Data | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 321 Process Injection | 12 Software Packing | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 21 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Bypass User Access Control | LSA Secrets | 33 System Information Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Masquerading | Cached Domain Credentials | 21 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 21 Virtualization/Sandbox Evasion | DCSync | 21 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Access Token Manipulation | Proc Filesystem | 1 Process Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 321 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 Remote System Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
24% | ReversingLabs | ByteCode-MSIL.Trojan.Generic | ||
32% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1326434 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
7% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
7% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
pekonomia.duckdns.org | 192.169.69.26 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
192.169.69.26 | pekonomia.duckdns.org | United States | 23033 | WOWUS | true |
Joe Sandbox Version: | 37.1.0 Beryl |
Analysis ID: | 882711 |
Start date and time: | 2023-06-06 17:22:07 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 3 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winEXE@3/1@68/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): audiodg.exe
- Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
- Report size getting too big, too many NtDeviceIoControlFile calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
192.169.69.26 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | VjW0rm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat, RedLine | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Azorult | Browse |
| ||
Get hash | malicious | Azorult | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
pekonomia.duckdns.org | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
WOWUS | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | Nanocore | Browse |
| ||
Get hash | malicious | Nanocore | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Nanocore | Browse |
| ||
Get hash | malicious | Nanocore | Browse |
| ||
Get hash | malicious | Nanocore | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 226 |
Entropy (8bit): | 5.354940450065058 |
Encrypted: | false |
SSDEEP: | 6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv |
MD5: | B10E37251C5B495643F331DB2EEC3394 |
SHA1: | 25A5FFE4C2554C2B9A7C2794C9FE215998871193 |
SHA-256: | 8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D |
SHA-512: | 296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.962338247780781 |
TrID: |
|
File name: | file.exe |
File size: | 500224 |
MD5: | 66108176e22e6f9513a62c76f2185468 |
SHA1: | a05e217104b39485fbb4ce3cda9cb65b20960ccb |
SHA256: | e1eb3fe18ad660415f59eaac2c768afa1b20e07f107dfc207da8b0880a888aaf |
SHA512: | 646233ba810efba1ab506041d44d698590e30c88ce22f258fcb7eb8ef4435866fb9d7ca1f8d1067c7805c0275c63c690ca98a4b1efbf635fc7b3df8f8f9ca243 |
SSDEEP: | 12288:oeV56CrxH8gnW6yhQNmPLXWu38n4RQgsAlVF+LpnN7TihIHVQMfT:deCrxsvh/Wusn4RHZvF+lnd/ |
TLSH: | F7B4129CBB1079CFC897D630AA880C28AA94B437970BC343B497255E9A1D2CFCF555E7 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......d..............0.................. ....@...... ....................................`...@......@............... ..... |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x400000 |
Entrypoint Section: | |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x647F07F4 [Tue Jun 6 10:18:28 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: |
Instruction |
---|
dec ebp |
pop edx |
nop |
add byte ptr [ebx], al |
add byte ptr [eax], al |
add byte ptr [eax+eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x7c000 | 0x596 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x7b7c4 | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2000 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x79803 | 0x79a00 | False | 0.9617564876670093 | data | 7.966829562881022 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x7c000 | 0x596 | 0x600 | False | 0.416015625 | data | 4.0776365849895475 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x7c0a0 | 0x30c | data | ||
RT_MANIFEST | 0x7c3ac | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 6, 2023 17:23:10.020539045 CEST | 49694 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:10.239814043 CEST | 30861 | 49694 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:10.248241901 CEST | 49694 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:10.261132956 CEST | 49694 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:10.739983082 CEST | 30861 | 49694 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:11.874109983 CEST | 49695 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:12.320915937 CEST | 30861 | 49695 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:12.321114063 CEST | 49695 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:12.330519915 CEST | 49695 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:12.815340042 CEST | 30861 | 49695 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:13.847930908 CEST | 49696 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:14.151731968 CEST | 30861 | 49696 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:14.152007103 CEST | 49696 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:14.163101912 CEST | 49696 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:14.464538097 CEST | 30861 | 49696 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:15.611469030 CEST | 49697 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:18.011476994 CEST | 30861 | 49697 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:18.011765957 CEST | 49697 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:18.021563053 CEST | 49697 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:18.598541975 CEST | 30861 | 49697 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:19.833255053 CEST | 49698 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:20.497962952 CEST | 30861 | 49698 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:20.498182058 CEST | 49698 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:20.507790089 CEST | 49698 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:20.711457968 CEST | 30861 | 49698 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:21.749228001 CEST | 49699 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:22.073091030 CEST | 30861 | 49699 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:22.073292971 CEST | 49699 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:22.468920946 CEST | 49699 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:22.811598063 CEST | 30861 | 49699 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:23.864869118 CEST | 49700 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:24.345674992 CEST | 30861 | 49700 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:24.345782042 CEST | 49700 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:24.351846933 CEST | 49700 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:24.563781023 CEST | 30861 | 49700 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:25.605225086 CEST | 49701 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:25.980650902 CEST | 30861 | 49701 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:25.980848074 CEST | 49701 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:25.988635063 CEST | 49701 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:26.297305107 CEST | 30861 | 49701 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:29.397516966 CEST | 49702 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:29.828934908 CEST | 30861 | 49702 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:29.829189062 CEST | 49702 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:29.838835001 CEST | 49702 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:30.092890024 CEST | 30861 | 49702 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:31.220876932 CEST | 49703 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:31.435878992 CEST | 30861 | 49703 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:31.436007977 CEST | 49703 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:31.442682981 CEST | 49703 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:31.757859945 CEST | 30861 | 49703 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:32.807379961 CEST | 49704 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:33.099116087 CEST | 30861 | 49704 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:33.099446058 CEST | 49704 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:33.108616114 CEST | 49704 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:33.503370047 CEST | 30861 | 49704 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:34.553211927 CEST | 49705 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:34.864063978 CEST | 30861 | 49705 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:34.864389896 CEST | 49705 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:34.877161980 CEST | 49705 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:35.090729952 CEST | 30861 | 49705 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:36.128022909 CEST | 49706 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:36.440148115 CEST | 30861 | 49706 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:36.440316916 CEST | 49706 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:36.446348906 CEST | 49706 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:36.637808084 CEST | 30861 | 49706 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:37.672673941 CEST | 49707 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:37.987435102 CEST | 30861 | 49707 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:37.987632036 CEST | 49707 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:38.043175936 CEST | 49707 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:38.333920956 CEST | 30861 | 49707 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:39.645679951 CEST | 49708 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:40.000320911 CEST | 30861 | 49708 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:40.000567913 CEST | 49708 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:40.444880962 CEST | 49708 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:40.715411901 CEST | 30861 | 49708 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:41.754580021 CEST | 49709 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:41.954874992 CEST | 30861 | 49709 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:41.956939936 CEST | 49709 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:41.965553999 CEST | 49709 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:42.352693081 CEST | 30861 | 49709 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:43.387157917 CEST | 49710 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:43.693973064 CEST | 30861 | 49710 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:43.694065094 CEST | 49710 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:43.700570107 CEST | 49710 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:44.025559902 CEST | 30861 | 49710 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:45.074491978 CEST | 49714 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:45.292243004 CEST | 30861 | 49714 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:45.292365074 CEST | 49714 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:45.300174952 CEST | 49714 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:45.514847994 CEST | 30861 | 49714 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:46.565622091 CEST | 49715 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:46.830353975 CEST | 30861 | 49715 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:46.830677986 CEST | 49715 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:46.837193012 CEST | 49715 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:47.192370892 CEST | 30861 | 49715 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:48.331861973 CEST | 49716 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:48.544203997 CEST | 30861 | 49716 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:48.544301987 CEST | 49716 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:48.553767920 CEST | 49716 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:48.844855070 CEST | 30861 | 49716 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:49.876605034 CEST | 49717 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:50.208838940 CEST | 30861 | 49717 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:50.211004972 CEST | 49717 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:50.218995094 CEST | 49717 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:50.914519072 CEST | 49717 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:51.945763111 CEST | 49717 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:52.452545881 CEST | 30861 | 49717 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:53.487447023 CEST | 49718 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:54.112492085 CEST | 30861 | 49718 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:54.115437031 CEST | 49718 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:54.121334076 CEST | 49718 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:54.436234951 CEST | 30861 | 49718 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:55.530462027 CEST | 49719 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:55.770064116 CEST | 30861 | 49719 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:55.773519993 CEST | 49719 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:55.799678087 CEST | 49719 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:56.352372885 CEST | 49719 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:56.398796082 CEST | 30861 | 49719 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:56.668972015 CEST | 30861 | 49719 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:57.425400972 CEST | 49720 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:57.745258093 CEST | 30861 | 49720 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:57.745419979 CEST | 49720 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:57.751274109 CEST | 49720 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:58.242929935 CEST | 30861 | 49720 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:59.433932066 CEST | 49721 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:59.878772974 CEST | 30861 | 49721 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:23:59.879043102 CEST | 49721 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:23:59.886296034 CEST | 49721 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:00.107762098 CEST | 30861 | 49721 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:01.145569086 CEST | 49722 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:01.366851091 CEST | 30861 | 49722 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:01.366976023 CEST | 49722 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:01.373670101 CEST | 49722 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:01.874022007 CEST | 30861 | 49722 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:02.919182062 CEST | 49723 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:03.387455940 CEST | 30861 | 49723 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:03.387676001 CEST | 49723 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:03.397203922 CEST | 49723 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:03.611495972 CEST | 30861 | 49723 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:04.651916981 CEST | 49724 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:07.171287060 CEST | 30861 | 49724 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:07.172282934 CEST | 49724 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:07.178219080 CEST | 49724 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:07.410247087 CEST | 30861 | 49724 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:08.439862013 CEST | 49725 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:08.764863968 CEST | 30861 | 49725 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:08.764964104 CEST | 49725 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:08.771488905 CEST | 49725 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:09.276351929 CEST | 30861 | 49725 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:10.376948118 CEST | 49726 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:10.867620945 CEST | 30861 | 49726 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:10.867831945 CEST | 49726 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:10.874739885 CEST | 49726 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:11.170367956 CEST | 30861 | 49726 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:12.216418028 CEST | 49727 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:12.682782888 CEST | 30861 | 49727 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:12.682921886 CEST | 49727 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:12.688880920 CEST | 49727 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:13.084945917 CEST | 30861 | 49727 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:14.111223936 CEST | 49728 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:14.712141037 CEST | 30861 | 49728 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:14.713109016 CEST | 49728 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:14.756300926 CEST | 49728 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:15.007545948 CEST | 30861 | 49728 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:16.458566904 CEST | 49729 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:16.714849949 CEST | 30861 | 49729 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:16.715060949 CEST | 49729 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:16.722671032 CEST | 49729 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:17.183624029 CEST | 30861 | 49729 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:18.342468023 CEST | 49730 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:18.928747892 CEST | 30861 | 49730 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:18.928982973 CEST | 49730 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:18.938545942 CEST | 49730 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:19.392245054 CEST | 30861 | 49730 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:20.530495882 CEST | 49731 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:20.742580891 CEST | 30861 | 49731 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:20.742724895 CEST | 49731 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:20.748797894 CEST | 49731 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:21.047579050 CEST | 30861 | 49731 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:22.101335049 CEST | 49732 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:22.308454990 CEST | 30861 | 49732 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:22.308595896 CEST | 49732 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:22.314699888 CEST | 49732 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:22.519577980 CEST | 30861 | 49732 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:23.551947117 CEST | 49733 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:23.976948023 CEST | 30861 | 49733 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:23.977226973 CEST | 49733 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:23.983150005 CEST | 49733 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:24.255177975 CEST | 30861 | 49733 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:25.316834927 CEST | 49734 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:25.619920015 CEST | 30861 | 49734 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:25.620073080 CEST | 49734 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:25.629213095 CEST | 49734 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:25.945034027 CEST | 30861 | 49734 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:29.137053013 CEST | 49735 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:29.438515902 CEST | 30861 | 49735 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:29.438702106 CEST | 49735 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:29.446450949 CEST | 49735 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:29.774696112 CEST | 30861 | 49735 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:30.803805113 CEST | 49736 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:31.112025976 CEST | 30861 | 49736 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:31.116293907 CEST | 49736 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:31.124258041 CEST | 49736 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:31.445497990 CEST | 30861 | 49736 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:32.474558115 CEST | 49737 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:32.735125065 CEST | 30861 | 49737 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:32.735235929 CEST | 49737 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:32.741012096 CEST | 49737 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:33.050534010 CEST | 30861 | 49737 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:34.305586100 CEST | 49738 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:34.539402008 CEST | 30861 | 49738 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:34.539501905 CEST | 49738 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:34.545975924 CEST | 49738 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:35.105670929 CEST | 49738 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:35.181283951 CEST | 30861 | 49738 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:35.364156961 CEST | 30861 | 49738 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:36.238653898 CEST | 49739 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:36.815496922 CEST | 30861 | 49739 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:36.815834999 CEST | 49739 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:36.823611021 CEST | 49739 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:37.030478954 CEST | 30861 | 49739 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:38.071619034 CEST | 49740 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:38.333754063 CEST | 30861 | 49740 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:38.333853960 CEST | 49740 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:38.343024015 CEST | 49740 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:38.668785095 CEST | 30861 | 49740 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:39.722443104 CEST | 49741 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:40.003706932 CEST | 30861 | 49741 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:40.008017063 CEST | 49741 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:40.014975071 CEST | 49741 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:40.331516027 CEST | 30861 | 49741 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:41.400082111 CEST | 49742 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:41.682156086 CEST | 30861 | 49742 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:41.682271004 CEST | 49742 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:41.691848040 CEST | 49742 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:41.990216970 CEST | 30861 | 49742 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:43.033509016 CEST | 49743 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:43.271533012 CEST | 30861 | 49743 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:43.271856070 CEST | 49743 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:43.280740976 CEST | 49743 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:43.510440111 CEST | 30861 | 49743 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:44.674881935 CEST | 49744 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:45.013586044 CEST | 30861 | 49744 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:45.013746977 CEST | 49744 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:45.019593000 CEST | 49744 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:45.484585047 CEST | 30861 | 49744 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:46.525798082 CEST | 49745 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:46.758080006 CEST | 30861 | 49745 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:46.758214951 CEST | 49745 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:46.764437914 CEST | 49745 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:47.256464005 CEST | 30861 | 49745 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:48.295209885 CEST | 49746 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:48.916579008 CEST | 30861 | 49746 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:48.916687012 CEST | 49746 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:48.923408031 CEST | 49746 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:49.233443975 CEST | 30861 | 49746 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:50.275986910 CEST | 49747 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:50.545213938 CEST | 30861 | 49747 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:50.549853086 CEST | 49747 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:50.557832956 CEST | 49747 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:51.154023886 CEST | 49747 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:51.208031893 CEST | 30861 | 49747 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:51.387751102 CEST | 30861 | 49747 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:52.249450922 CEST | 49748 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:52.920059919 CEST | 30861 | 49748 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:52.920166969 CEST | 49748 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:52.926160097 CEST | 49748 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:53.235061884 CEST | 30861 | 49748 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:54.281557083 CEST | 49749 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:54.655350924 CEST | 30861 | 49749 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:54.655930996 CEST | 49749 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:54.662023067 CEST | 49749 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:54.952296019 CEST | 30861 | 49749 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:55.994157076 CEST | 49750 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:56.273822069 CEST | 30861 | 49750 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:56.274104118 CEST | 49750 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:56.284198046 CEST | 49750 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:56.738667965 CEST | 30861 | 49750 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:57.784828901 CEST | 49751 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:58.061820030 CEST | 30861 | 49751 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:58.062114000 CEST | 49751 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:58.068386078 CEST | 49751 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:24:58.573993921 CEST | 30861 | 49751 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:24:59.603640079 CEST | 49752 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:00.276000023 CEST | 30861 | 49752 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:25:00.276130915 CEST | 49752 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:00.282345057 CEST | 49752 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:00.591722012 CEST | 30861 | 49752 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:25:01.623442888 CEST | 49753 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:01.911439896 CEST | 30861 | 49753 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:25:01.911748886 CEST | 49753 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:01.921581984 CEST | 49753 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:02.269655943 CEST | 30861 | 49753 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:25:03.315639019 CEST | 49754 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:03.550843954 CEST | 30861 | 49754 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:25:03.551131964 CEST | 49754 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:03.565720081 CEST | 49754 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:03.885087967 CEST | 30861 | 49754 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:25:04.908169031 CEST | 49755 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:05.232669115 CEST | 30861 | 49755 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:25:05.233071089 CEST | 49755 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:05.239201069 CEST | 49755 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:05.562417030 CEST | 30861 | 49755 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:25:06.609831095 CEST | 49756 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:06.801959991 CEST | 30861 | 49756 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:25:06.802129984 CEST | 49756 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:06.817325115 CEST | 49756 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:07.240406036 CEST | 30861 | 49756 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:25:08.268162966 CEST | 49757 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:08.738677025 CEST | 30861 | 49757 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:25:08.742011070 CEST | 49757 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:08.750278950 CEST | 49757 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:09.242665052 CEST | 30861 | 49757 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:25:10.275815010 CEST | 49758 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:10.765023947 CEST | 30861 | 49758 | 192.169.69.26 | 192.168.2.4 |
Jun 6, 2023 17:25:10.765155077 CEST | 49758 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:10.770080090 CEST | 49758 | 30861 | 192.168.2.4 | 192.169.69.26 |
Jun 6, 2023 17:25:11.072143078 CEST | 30861 | 49758 | 192.169.69.26 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 6, 2023 17:23:07.842909098 CEST | 59683 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:08.868144035 CEST | 59683 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:09.872961998 CEST | 59683 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:10.011384964 CEST | 53 | 59683 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:11.757905006 CEST | 64167 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:11.872504950 CEST | 53 | 64167 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:13.824974060 CEST | 58565 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:13.844806910 CEST | 53 | 58565 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:15.479593039 CEST | 52239 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:15.609191895 CEST | 53 | 52239 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:19.760226965 CEST | 56807 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:19.779814005 CEST | 53 | 56807 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:21.727471113 CEST | 61007 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:21.747344971 CEST | 53 | 61007 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:23.843090057 CEST | 60686 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:23.862986088 CEST | 53 | 60686 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:25.571588039 CEST | 61124 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:25.599648952 CEST | 53 | 61124 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:27.315334082 CEST | 59444 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:28.370309114 CEST | 59444 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:29.366127968 CEST | 59444 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:29.394942999 CEST | 53 | 59444 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:31.104743958 CEST | 55570 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:31.218715906 CEST | 53 | 55570 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:32.776896000 CEST | 64906 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:32.805476904 CEST | 53 | 64906 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:34.520683050 CEST | 59446 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:34.549218893 CEST | 53 | 59446 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:36.103789091 CEST | 50861 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:36.123658895 CEST | 53 | 50861 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:37.650890112 CEST | 61088 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:37.670564890 CEST | 53 | 61088 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:39.491831064 CEST | 58729 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:39.644150972 CEST | 53 | 58729 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:41.729126930 CEST | 64700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:41.752347946 CEST | 53 | 64700 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:43.371170998 CEST | 56022 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:43.385559082 CEST | 53 | 56022 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:45.041933060 CEST | 54851 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:45.069904089 CEST | 53 | 54851 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:46.535536051 CEST | 57300 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:46.563900948 CEST | 53 | 57300 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:48.199925900 CEST | 54521 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:48.329842091 CEST | 53 | 54521 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:49.855040073 CEST | 58914 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:49.874944925 CEST | 53 | 58914 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:53.465065956 CEST | 51419 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:53.485065937 CEST | 53 | 51419 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:55.499727011 CEST | 51054 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:55.528429985 CEST | 53 | 51054 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:57.402059078 CEST | 55673 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:57.421524048 CEST | 53 | 55673 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:23:59.402724028 CEST | 49735 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:23:59.431236982 CEST | 53 | 49735 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:01.121879101 CEST | 52437 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:01.141323090 CEST | 53 | 52437 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:02.886992931 CEST | 52825 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:02.915380001 CEST | 53 | 52825 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:04.623007059 CEST | 58530 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:04.649470091 CEST | 53 | 58530 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:08.423386097 CEST | 64959 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:08.438074112 CEST | 53 | 64959 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:10.349967003 CEST | 63093 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:10.369967937 CEST | 53 | 63093 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:12.185261965 CEST | 50433 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:12.213613033 CEST | 53 | 50433 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:14.093641043 CEST | 53498 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:14.108341932 CEST | 53 | 53498 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:16.310941935 CEST | 61460 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:16.442303896 CEST | 53 | 61460 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:18.202089071 CEST | 63001 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:18.340361118 CEST | 53 | 63001 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:20.404315948 CEST | 65133 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:20.526863098 CEST | 53 | 65133 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:22.068470955 CEST | 60998 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:22.098330021 CEST | 53 | 60998 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:23.530201912 CEST | 61733 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:23.549674034 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:25.286185980 CEST | 53370 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:25.314686060 CEST | 53 | 53370 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:26.952038050 CEST | 63746 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:27.984253883 CEST | 63746 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:28.996661901 CEST | 63746 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:29.134788036 CEST | 53 | 63746 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:30.779999971 CEST | 50622 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:30.799817085 CEST | 53 | 50622 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:32.452723980 CEST | 64773 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:32.472512960 CEST | 53 | 64773 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:34.280824900 CEST | 59818 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:34.303818941 CEST | 53 | 59818 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:36.203314066 CEST | 49684 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:36.231791019 CEST | 53 | 49684 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:38.046365023 CEST | 63229 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:38.069847107 CEST | 53 | 63229 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:39.687596083 CEST | 58576 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:39.715939045 CEST | 53 | 58576 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:41.369954109 CEST | 54044 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:41.397990942 CEST | 53 | 54044 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:43.000757933 CEST | 52259 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:43.029664993 CEST | 53 | 52259 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:44.534632921 CEST | 53887 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:44.672501087 CEST | 53 | 53887 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:46.503317118 CEST | 56218 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:46.522917032 CEST | 53 | 56218 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:48.273422956 CEST | 50094 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:48.292912006 CEST | 53 | 50094 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:50.250770092 CEST | 51766 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:50.273751974 CEST | 53 | 51766 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:52.222918987 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:52.245238066 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:54.251509905 CEST | 57349 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:54.279695988 CEST | 53 | 57349 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:55.971133947 CEST | 53963 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:55.990896940 CEST | 53 | 53963 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:57.762820959 CEST | 53622 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:57.783139944 CEST | 53 | 53622 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:24:59.581954956 CEST | 49600 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:24:59.601772070 CEST | 53 | 49600 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:25:01.598633051 CEST | 58355 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:25:01.621582031 CEST | 53 | 58355 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:25:03.282915115 CEST | 57601 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:25:03.311701059 CEST | 53 | 57601 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:25:04.892241955 CEST | 64159 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:25:04.906692028 CEST | 53 | 64159 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:25:06.580219984 CEST | 59926 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:25:06.607954979 CEST | 53 | 59926 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:25:08.251962900 CEST | 61709 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:25:08.266287088 CEST | 53 | 61709 | 8.8.8.8 | 192.168.2.4 |
Jun 6, 2023 17:25:10.254165888 CEST | 59182 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 6, 2023 17:25:10.273897886 CEST | 53 | 59182 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jun 6, 2023 17:23:07.842909098 CEST | 192.168.2.4 | 8.8.8.8 | 0xc728 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:08.868144035 CEST | 192.168.2.4 | 8.8.8.8 | 0xc728 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:09.872961998 CEST | 192.168.2.4 | 8.8.8.8 | 0xc728 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:11.757905006 CEST | 192.168.2.4 | 8.8.8.8 | 0xa0dd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:13.824974060 CEST | 192.168.2.4 | 8.8.8.8 | 0x351c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:15.479593039 CEST | 192.168.2.4 | 8.8.8.8 | 0x3285 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:19.760226965 CEST | 192.168.2.4 | 8.8.8.8 | 0x8664 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:21.727471113 CEST | 192.168.2.4 | 8.8.8.8 | 0xb42c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:23.843090057 CEST | 192.168.2.4 | 8.8.8.8 | 0x9c55 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:25.571588039 CEST | 192.168.2.4 | 8.8.8.8 | 0xee2a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:27.315334082 CEST | 192.168.2.4 | 8.8.8.8 | 0x6115 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:28.370309114 CEST | 192.168.2.4 | 8.8.8.8 | 0x6115 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:29.366127968 CEST | 192.168.2.4 | 8.8.8.8 | 0x6115 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:31.104743958 CEST | 192.168.2.4 | 8.8.8.8 | 0x7b8a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:32.776896000 CEST | 192.168.2.4 | 8.8.8.8 | 0x26d9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:34.520683050 CEST | 192.168.2.4 | 8.8.8.8 | 0xb5bb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:36.103789091 CEST | 192.168.2.4 | 8.8.8.8 | 0x3bab | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:37.650890112 CEST | 192.168.2.4 | 8.8.8.8 | 0x7d9b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:39.491831064 CEST | 192.168.2.4 | 8.8.8.8 | 0x636f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:41.729126930 CEST | 192.168.2.4 | 8.8.8.8 | 0x4052 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:43.371170998 CEST | 192.168.2.4 | 8.8.8.8 | 0x7272 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:45.041933060 CEST | 192.168.2.4 | 8.8.8.8 | 0x2741 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:46.535536051 CEST | 192.168.2.4 | 8.8.8.8 | 0xb4a1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:48.199925900 CEST | 192.168.2.4 | 8.8.8.8 | 0xad87 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:49.855040073 CEST | 192.168.2.4 | 8.8.8.8 | 0x70fc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:53.465065956 CEST | 192.168.2.4 | 8.8.8.8 | 0xc5a1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:55.499727011 CEST | 192.168.2.4 | 8.8.8.8 | 0xe4f4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:57.402059078 CEST | 192.168.2.4 | 8.8.8.8 | 0xcb52 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:23:59.402724028 CEST | 192.168.2.4 | 8.8.8.8 | 0x8c91 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:01.121879101 CEST | 192.168.2.4 | 8.8.8.8 | 0x1d7b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:02.886992931 CEST | 192.168.2.4 | 8.8.8.8 | 0xcf14 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:04.623007059 CEST | 192.168.2.4 | 8.8.8.8 | 0x1f5e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:08.423386097 CEST | 192.168.2.4 | 8.8.8.8 | 0x361c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:10.349967003 CEST | 192.168.2.4 | 8.8.8.8 | 0x5ef9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:12.185261965 CEST | 192.168.2.4 | 8.8.8.8 | 0xc983 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:14.093641043 CEST | 192.168.2.4 | 8.8.8.8 | 0x950d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:16.310941935 CEST | 192.168.2.4 | 8.8.8.8 | 0x52b5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:18.202089071 CEST | 192.168.2.4 | 8.8.8.8 | 0xed56 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:20.404315948 CEST | 192.168.2.4 | 8.8.8.8 | 0x204e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:22.068470955 CEST | 192.168.2.4 | 8.8.8.8 | 0x2055 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:23.530201912 CEST | 192.168.2.4 | 8.8.8.8 | 0x7c82 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:25.286185980 CEST | 192.168.2.4 | 8.8.8.8 | 0x16bf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:26.952038050 CEST | 192.168.2.4 | 8.8.8.8 | 0xcae8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:27.984253883 CEST | 192.168.2.4 | 8.8.8.8 | 0xcae8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:28.996661901 CEST | 192.168.2.4 | 8.8.8.8 | 0xcae8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:30.779999971 CEST | 192.168.2.4 | 8.8.8.8 | 0x414f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:32.452723980 CEST | 192.168.2.4 | 8.8.8.8 | 0x1cc5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:34.280824900 CEST | 192.168.2.4 | 8.8.8.8 | 0x1385 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:36.203314066 CEST | 192.168.2.4 | 8.8.8.8 | 0x5c3c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:38.046365023 CEST | 192.168.2.4 | 8.8.8.8 | 0x625a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:39.687596083 CEST | 192.168.2.4 | 8.8.8.8 | 0x6d9b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:41.369954109 CEST | 192.168.2.4 | 8.8.8.8 | 0x947b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:43.000757933 CEST | 192.168.2.4 | 8.8.8.8 | 0x7d50 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:44.534632921 CEST | 192.168.2.4 | 8.8.8.8 | 0xdd7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:46.503317118 CEST | 192.168.2.4 | 8.8.8.8 | 0xeec7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:48.273422956 CEST | 192.168.2.4 | 8.8.8.8 | 0x5b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:50.250770092 CEST | 192.168.2.4 | 8.8.8.8 | 0x460a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:52.222918987 CEST | 192.168.2.4 | 8.8.8.8 | 0xf2aa | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:54.251509905 CEST | 192.168.2.4 | 8.8.8.8 | 0xccbd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:55.971133947 CEST | 192.168.2.4 | 8.8.8.8 | 0xed15 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:57.762820959 CEST | 192.168.2.4 | 8.8.8.8 | 0x81b3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:24:59.581954956 CEST | 192.168.2.4 | 8.8.8.8 | 0xfba9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:25:01.598633051 CEST | 192.168.2.4 | 8.8.8.8 | 0x85f4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:25:03.282915115 CEST | 192.168.2.4 | 8.8.8.8 | 0x7a4d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:25:04.892241955 CEST | 192.168.2.4 | 8.8.8.8 | 0xe585 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:25:06.580219984 CEST | 192.168.2.4 | 8.8.8.8 | 0x8514 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:25:08.251962900 CEST | 192.168.2.4 | 8.8.8.8 | 0x57d7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 6, 2023 17:25:10.254165888 CEST | 192.168.2.4 | 8.8.8.8 | 0xb90f | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jun 6, 2023 17:23:10.011384964 CEST | 8.8.8.8 | 192.168.2.4 | 0xc728 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:11.872504950 CEST | 8.8.8.8 | 192.168.2.4 | 0xa0dd | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:13.844806910 CEST | 8.8.8.8 | 192.168.2.4 | 0x351c | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:15.609191895 CEST | 8.8.8.8 | 192.168.2.4 | 0x3285 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:19.779814005 CEST | 8.8.8.8 | 192.168.2.4 | 0x8664 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:21.747344971 CEST | 8.8.8.8 | 192.168.2.4 | 0xb42c | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:23.862986088 CEST | 8.8.8.8 | 192.168.2.4 | 0x9c55 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:25.599648952 CEST | 8.8.8.8 | 192.168.2.4 | 0xee2a | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:29.394942999 CEST | 8.8.8.8 | 192.168.2.4 | 0x6115 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:31.218715906 CEST | 8.8.8.8 | 192.168.2.4 | 0x7b8a | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:32.805476904 CEST | 8.8.8.8 | 192.168.2.4 | 0x26d9 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:34.549218893 CEST | 8.8.8.8 | 192.168.2.4 | 0xb5bb | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:36.123658895 CEST | 8.8.8.8 | 192.168.2.4 | 0x3bab | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:37.670564890 CEST | 8.8.8.8 | 192.168.2.4 | 0x7d9b | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:39.644150972 CEST | 8.8.8.8 | 192.168.2.4 | 0x636f | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:41.752347946 CEST | 8.8.8.8 | 192.168.2.4 | 0x4052 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:43.385559082 CEST | 8.8.8.8 | 192.168.2.4 | 0x7272 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:45.069904089 CEST | 8.8.8.8 | 192.168.2.4 | 0x2741 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:46.563900948 CEST | 8.8.8.8 | 192.168.2.4 | 0xb4a1 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:48.329842091 CEST | 8.8.8.8 | 192.168.2.4 | 0xad87 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:49.874944925 CEST | 8.8.8.8 | 192.168.2.4 | 0x70fc | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:53.485065937 CEST | 8.8.8.8 | 192.168.2.4 | 0xc5a1 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:55.528429985 CEST | 8.8.8.8 | 192.168.2.4 | 0xe4f4 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:57.421524048 CEST | 8.8.8.8 | 192.168.2.4 | 0xcb52 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:23:59.431236982 CEST | 8.8.8.8 | 192.168.2.4 | 0x8c91 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:01.141323090 CEST | 8.8.8.8 | 192.168.2.4 | 0x1d7b | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:02.915380001 CEST | 8.8.8.8 | 192.168.2.4 | 0xcf14 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:04.649470091 CEST | 8.8.8.8 | 192.168.2.4 | 0x1f5e | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:08.438074112 CEST | 8.8.8.8 | 192.168.2.4 | 0x361c | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:10.369967937 CEST | 8.8.8.8 | 192.168.2.4 | 0x5ef9 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:12.213613033 CEST | 8.8.8.8 | 192.168.2.4 | 0xc983 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:14.108341932 CEST | 8.8.8.8 | 192.168.2.4 | 0x950d | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:16.442303896 CEST | 8.8.8.8 | 192.168.2.4 | 0x52b5 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:18.340361118 CEST | 8.8.8.8 | 192.168.2.4 | 0xed56 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:20.526863098 CEST | 8.8.8.8 | 192.168.2.4 | 0x204e | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:22.098330021 CEST | 8.8.8.8 | 192.168.2.4 | 0x2055 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:23.549674034 CEST | 8.8.8.8 | 192.168.2.4 | 0x7c82 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:25.314686060 CEST | 8.8.8.8 | 192.168.2.4 | 0x16bf | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:29.134788036 CEST | 8.8.8.8 | 192.168.2.4 | 0xcae8 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:30.799817085 CEST | 8.8.8.8 | 192.168.2.4 | 0x414f | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:32.472512960 CEST | 8.8.8.8 | 192.168.2.4 | 0x1cc5 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:34.303818941 CEST | 8.8.8.8 | 192.168.2.4 | 0x1385 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:36.231791019 CEST | 8.8.8.8 | 192.168.2.4 | 0x5c3c | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:38.069847107 CEST | 8.8.8.8 | 192.168.2.4 | 0x625a | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:39.715939045 CEST | 8.8.8.8 | 192.168.2.4 | 0x6d9b | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:41.397990942 CEST | 8.8.8.8 | 192.168.2.4 | 0x947b | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:43.029664993 CEST | 8.8.8.8 | 192.168.2.4 | 0x7d50 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:44.672501087 CEST | 8.8.8.8 | 192.168.2.4 | 0xdd7 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:46.522917032 CEST | 8.8.8.8 | 192.168.2.4 | 0xeec7 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:48.292912006 CEST | 8.8.8.8 | 192.168.2.4 | 0x5b | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:50.273751974 CEST | 8.8.8.8 | 192.168.2.4 | 0x460a | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:52.245238066 CEST | 8.8.8.8 | 192.168.2.4 | 0xf2aa | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:54.279695988 CEST | 8.8.8.8 | 192.168.2.4 | 0xccbd | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:55.990896940 CEST | 8.8.8.8 | 192.168.2.4 | 0xed15 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:57.783139944 CEST | 8.8.8.8 | 192.168.2.4 | 0x81b3 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:24:59.601772070 CEST | 8.8.8.8 | 192.168.2.4 | 0xfba9 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:25:01.621582031 CEST | 8.8.8.8 | 192.168.2.4 | 0x85f4 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:25:03.311701059 CEST | 8.8.8.8 | 192.168.2.4 | 0x7a4d | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:25:04.906692028 CEST | 8.8.8.8 | 192.168.2.4 | 0xe585 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:25:06.607954979 CEST | 8.8.8.8 | 192.168.2.4 | 0x8514 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:25:08.266287088 CEST | 8.8.8.8 | 192.168.2.4 | 0x57d7 | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false | ||
Jun 6, 2023 17:25:10.273897886 CEST | 8.8.8.8 | 192.168.2.4 | 0xb90f | No error (0) | 192.169.69.26 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 17:23:04 |
Start date: | 06/06/2023 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x18ff8920000 |
File size: | 500224 bytes |
MD5 hash: | 66108176E22E6F9513A62C76F2185468 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 2 |
Start time: | 17:23:06 |
Start date: | 06/06/2023 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xec0000 |
File size: | 55400 bytes |
MD5 hash: | 17CC69238395DF61AAF483BCEF02E7C9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Execution Graph
Execution Coverage: | 12.1% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 38 |
Total number of Limit Nodes: | 0 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF814E7B19D Relevance: 1.7, APIs: 1, Instructions: 212injectionCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 3.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 5.1% |
Total number of Nodes: | 1178 |
Total number of Limit Nodes: | 60 |
Graph
Function 0041B4C9 Relevance: 117.4, APIs: 40, Strings: 27, Instructions: 143libraryloaderCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ECEA Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 88sleepCOMMON
Control-flow Graph
C-Code - Quality: 56% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404F31 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58timethreadCOMMON
Control-flow Graph
C-Code - Quality: 91% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A168 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004255BC Relevance: 1.5, APIs: 1, Instructions: 7networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433452 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414271 Relevance: 46.3, APIs: 5, Strings: 21, Instructions: 805sleepnetworkCOMMON
Control-flow Graph
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004048A8 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 144networkCOMMON
Control-flow Graph
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404E06 Relevance: 18.1, APIs: 12, Instructions: 65synchronizationCOMMON
Control-flow Graph
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412A57 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38registryCOMMON
Control-flow Graph
C-Code - Quality: 77% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412B5F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30registryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 90% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C577 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13synchronizationCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044DC5D Relevance: 4.5, APIs: 3, Instructions: 37COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00444A38 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32memoryCOMMONLIBRARYCODE
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00444A86 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040480D Relevance: 3.0, APIs: 2, Instructions: 40networkCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044205C Relevance: 3.0, APIs: 2, Instructions: 35COMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040163E Relevance: 3.0, APIs: 2, Instructions: 32COMMON
C-Code - Quality: 82% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414230 Relevance: 3.0, APIs: 2, Instructions: 21networkCOMMON
C-Code - Quality: 16% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004443F4 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040487E Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004255D3 Relevance: 1.5, APIs: 1, Instructions: 7networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040567A Relevance: 45.8, APIs: 15, Strings: 11, Instructions: 278pipesleepfileCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041163A Relevance: 37.0, APIs: 7, Strings: 14, Instructions: 238threadCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040730B Relevance: 34.1, APIs: 10, Strings: 9, Instructions: 835filesleepCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E991 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 223processsynchronizationCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B0AA Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 146fileCOMMON
C-Code - Quality: 97% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415802 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 83clipboardmemoryCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B2B1 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 131fileCOMMON
C-Code - Quality: 92% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004131DA Relevance: 18.0, APIs: 4, Strings: 6, Instructions: 485registrylibraryloaderCOMMONCrypto
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 15% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450E90 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 188COMMONLIBRARYCODE
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B8C7 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 112fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AC0A Relevance: 13.6, APIs: 9, Instructions: 106fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447A10 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AF8C Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004529D9 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODECrypto
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408909 Relevance: 9.3, APIs: 6, Instructions: 293fileCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411241 Relevance: 9.2, APIs: 6, Instructions: 206memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004195A5 Relevance: 9.0, APIs: 6, Instructions: 39serviceCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450558 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236COMMONLIBRARYCODE
C-Code - Quality: 68% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450CBC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408D1B Relevance: 7.7, APIs: 5, Instructions: 222fileCOMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407E80 Relevance: 7.7, APIs: 5, Instructions: 186fileCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406524 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222filenetworkCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450943 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045081B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMONLIBRARYCODE
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004508B6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044716D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00444AF0 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODECrypto
C-Code - Quality: 90% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418650 Relevance: 3.2, APIs: 2, Instructions: 245fileCOMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406EB0 Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00451BAB Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODECrypto
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450B93 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
C-Code - Quality: 59% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450DC3 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EE14 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C249 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DA05 Relevance: .6, Instructions: 598COMMONCrypto
C-Code - Quality: 93% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425CA8 Relevance: .4, Instructions: 435COMMONCrypto
C-Code - Quality: 36% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425719 Relevance: .4, Instructions: 383COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436603 Relevance: .3, Instructions: 345COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436A38 Relevance: .3, Instructions: 341COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004361CE Relevance: .3, Instructions: 331COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435DB6 Relevance: .3, Instructions: 323COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C46D Relevance: .3, Instructions: 277COMMONCrypto
C-Code - Quality: 98% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043CE28 Relevance: .2, Instructions: 237COMMONCrypto
C-Code - Quality: 83% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C76D Relevance: .2, Instructions: 214COMMONCrypto
C-Code - Quality: 88% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004264BA Relevance: .2, Instructions: 187COMMONCrypto
C-Code - Quality: 94% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437040 Relevance: .1, Instructions: 76COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C929 Relevance: 49.3, APIs: 6, Strings: 22, Instructions: 281registryCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417A23 Relevance: 47.6, APIs: 26, Strings: 1, Instructions: 307windowmemoryCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416FDD Relevance: 47.5, APIs: 22, Strings: 5, Instructions: 289libraryloaderthreadCOMMON
C-Code - Quality: 57% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C5A4 Relevance: 45.8, APIs: 6, Strings: 20, Instructions: 259registryCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004119B8 Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 190synchronizationsleepfileCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C307 Relevance: 42.2, APIs: 12, Strings: 12, Instructions: 203fileCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419BA2 Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 180synchronizationCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A4D Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 156fileCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004068E4 Relevance: 35.1, APIs: 12, Strings: 8, Instructions: 62libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044DCAD Relevance: 25.9, APIs: 17, Instructions: 419COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004140CD Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B008 Relevance: 23.0, APIs: 6, Strings: 7, Instructions: 214registryCOMMON
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A249 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 156sleepCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BE9A Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 74windowCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00444657 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004081EE Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 328fileCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044EE80 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411FF7 Relevance: 18.0, APIs: 9, Strings: 1, Instructions: 482sleepfileCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004544DC Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
C-Code - Quality: 41% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405480 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 155windowmemoryCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 15% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415881 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49clipboardCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004469A1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418B0F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 176sleeptimeCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454805 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 154COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416495 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 104sleepfileCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BD68 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 48windowstringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00452603 Relevance: 13.8, APIs: 9, Instructions: 268COMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00443A7A Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMONLIBRARYCODE
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 67% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416BCD Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 108filesynchronizationCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406FD7 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102fileCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004098BB Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63windowCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445DF1 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 389COMMONLIBRARYCODE
C-Code - Quality: 87% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044F2A5 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412D3D Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 179registryCOMMON
C-Code - Quality: 89% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045551A Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 152COMMONLIBRARYCODE
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449C3C Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412FF5 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 135registryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419EDB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69networkfileCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AD6A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B01B Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B6A6 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 48memoryCOMMON
C-Code - Quality: 70% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412AFC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 39registryCOMMON
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004393DC Relevance: 9.3, APIs: 6, Instructions: 284COMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404351 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 206sleepCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409C99 Relevance: 9.2, APIs: 6, Instructions: 163sleepCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B586 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 103sleepCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004197D3 Relevance: 9.1, APIs: 6, Instructions: 67serviceCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419601 Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041976C Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419705 Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404CA3 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121synchronizationthreadCOMMON
C-Code - Quality: 94% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040977E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70threadCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 53% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BE1A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57registryCOMMON
C-Code - Quality: 70% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406DC9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43processCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00441C0A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004050C4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35synchronizationCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041991B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30sleepCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 54% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AE1C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 18threadCOMMON
C-Code - Quality: 80% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411C1E Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 93sleepCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044DBDA Relevance: 7.6, APIs: 5, Instructions: 68COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00442968 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004165EC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132threadwindowCOMMON
C-Code - Quality: 95% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 27% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A461 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65threadCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004060D7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53libraryloaderCOMMON
C-Code - Quality: 28% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040513C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46synchronizationCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412903 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37registryCOMMON
C-Code - Quality: 77% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004013F2 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401497 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004410D1 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
C-Code - Quality: 95% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409A7A Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 81sleepCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00442303 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
C-Code - Quality: 82% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00442382 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 82% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00446DE6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041ADFE Relevance: 6.0, APIs: 4, Instructions: 50fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 19% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417F42 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437801 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040402C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93sleepCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004503B7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B6DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50threadCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447366 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMONLIBRARYCODE
C-Code - Quality: 29% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ABBC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32keyboardCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AC16 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24keyboardCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412D0B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23registryCOMMON
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411D93 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13synchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 16% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004110A2 Relevance: 5.1, APIs: 4, Instructions: 119COMMON
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |