Edit tour
Windows
Analysis Report
LA0gY3d103.exe
Overview
General Information
| Sample name: | LA0gY3d103.exerenamed because original name is a hash value |
| Original sample name: | e13d0f9fd3d953a7561bb2e190664871513d431acf134cb3eee63b8d04b2e6f5.exe |
| Analysis ID: | 1577212 |
| MD5: | 84344446f13fafc82222d1c2946de989 |
| SHA1: | 3cb6374dcfd3b579e53ed687712c1763d27ab099 |
| SHA256: | e13d0f9fd3d953a7561bb2e190664871513d431acf134cb3eee63b8d04b2e6f5 |
| Tags: | 139-99-188-124exeuser-JAMESWT_MHT |
| Infos: |  |
 | |
Detection
PureCrypter, PureLog Stealer
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Detected PureCrypter Trojan
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Tries to harvest and steal Bitcoin Wallet information
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
- System is w10x64
LA0gY3d103.exe (PID: 2672 cmdline: "C:\Users\ user\Deskt op\LA0gY3d 103.exe" MD5: 84344446F13FAFC82222D1C2946DE989)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| PureCrypter | According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021The malware has been observed distributing a variety of remote access trojans and information stealersThe loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption and obfuscation to evade antivirus software productsPureCrypter features provide persistence, injection and defense mechanisms that are configurable in Googles Protocol Buffer message format | No Attribution |
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-18T09:40:07.575206+0100 | 2035595 | 1 | Domain Observed Used for C2 Detected | 139.99.188.124 | 56001 | 192.168.2.8 | 49704 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_0103E900 | |
| Source: | Code function: | 0_2_01030D70 | |
| Source: | Code function: | 0_2_01030D62 | |
| Source: | Code function: | 0_2_0103A7E0 | |
| Source: | Code function: | 0_2_050D5D38 | |
| Source: | Code function: | 0_2_055034F0 | |
| Source: | Code function: | 0_2_055057E0 | |
| Source: | Code function: | 0_2_0550E6F0 | |
| Source: | Code function: | 0_2_05503850 | |
| Source: | Code function: | 0_2_055034E0 | |
| Source: | Code function: | 0_2_05503840 | |
| Source: | Code function: | 0_2_0550EBDA | |
| Source: | Code function: | 0_2_06A92BB8 | |
| Source: | Code function: | 0_2_06A90880 | |
| Source: | Code function: | 0_2_06A906C8 | |
| Source: | Code function: | 0_2_06A92667 | |
| Source: | Code function: | 0_2_06A92670 | |
| Source: | Code function: | 0_2_06A90BA7 | |
| Source: | Code function: | 0_2_06A90781 | |
| Source: | Code function: | 0_2_06A92BC1 | |
| Source: | Code function: | 0_2_06A90730 | |
| Source: | Code function: | 0_2_06A9275C | |
| Source: | Code function: | 0_2_06A92C90 | |
| Source: | Code function: | 0_2_06A90871 | |
| Source: | Code function: | 0_2_06A901B2 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Classification label: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | WMI Queries: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | .Net Code: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_01031DF6 | |
| Source: | Code function: | 0_2_050D8E67 | |
| Source: | Code function: | 0_2_05523516 | |
| Source: | Code function: | 0_2_05525938 | |
| Source: | Code function: | 0_2_05522FD3 | |
| Source: | Static PE information: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | String found in binary or memory: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 321 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Disable or Modify Tools | OS Credential Dumping | 1 Query Registry | Remote Services | 11 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 341 Virtualization/Sandbox Evasion | LSASS Memory | 431 Security Software Discovery | Remote Desktop Protocol | 1 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Deobfuscate/Decode Files or Information | NTDS | 341 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 12 Software Packing | Cached Domain Credentials | 213 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Timestomp | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 42% | Virustotal | Browse | ||
| 50% | ReversingLabs | Win32.Infostealer.Tinba | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
| default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | 217.20.58.100 | true | false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 139.99.188.124 | unknown | Canada | 16276 | OVHFR | true |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1577212 |
| Start date and time: | 2024-12-18 09:38:59 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 5s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 6 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | LA0gY3d103.exerenamed because original name is a hash value |
| Original Sample Name: | e13d0f9fd3d953a7561bb2e190664871513d431acf134cb3eee63b8d04b2e6f5.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@1/2@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 217.20.58.100, 52.149.20.212, 13.107.246.63
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 03:40:09 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 139.99.188.124 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | Get hash | malicious | PureCrypter | Browse |
| |
| Get hash | malicious | PureCrypter | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | SmokeLoader | Browse |
| ||
| Get hash | malicious | SmokeLoader | Browse |
| ||
| Get hash | malicious | SmokeLoader | Browse |
| ||
| Get hash | malicious | PureCrypter, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | SmokeLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| OVHFR | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | PureCrypter, PureLog Stealer | Browse |
| ||
| Get hash | malicious | PureCrypter | Browse |
| ||
| Get hash | malicious | PureCrypter | Browse |
| ||
| Get hash | malicious | PureCrypter | Browse |
| ||
| Get hash | malicious | PureCrypter, PureLog Stealer | Browse |
| ||
| Get hash | malicious | PureCrypter | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Users\user\Desktop\LA0gY3d103.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Users\user\Desktop\LA0gY3d103.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.108740171929208 |
| Encrypted: | false |
| SSDEEP: | 6:kKbc9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:TDnLNkPlE99SNxAhUe/3 |
| MD5: | 1254521554C0EBB0B7E37195241FA0A4 |
| SHA1: | 681AB1478CEB15A316647BBC4658942E2C6BF732 |
| SHA-256: | A628DA149B8818A71554F76C0DBF0C883499EFC4E129857E07CB76B08FBF27CF |
| SHA-512: | 62DEB9F929CEE2C25D83B48C3F7F10B942BD7864D95801223132E4E0D21C41F56A22E141370120594EBC22C05AFD4ADE8047D8D197A7B41FEE6E84D359C15045 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.59711791792846 |
| TrID: |
|
| File name: | LA0gY3d103.exe |
| File size: | 551'936 bytes |
| MD5: | 84344446f13fafc82222d1c2946de989 |
| SHA1: | 3cb6374dcfd3b579e53ed687712c1763d27ab099 |
| SHA256: | e13d0f9fd3d953a7561bb2e190664871513d431acf134cb3eee63b8d04b2e6f5 |
| SHA512: | a0102068a540d5280cd9fd5c112fa2aeac65088fe306303b793265b4dee25bef0a46a7314560d7cd3ed30fd3e6c07a5d419c29d5cff01646573bffe44ee8844e |
| SSDEEP: | 12288:66EO6yHGDAK5COkUf0CMBWGSy4GD8wCgq:66EO5OATBUpoWBy98Pgq |
| TLSH: | 20C4DF3A32A54F42C6186978C8EB96301FF2EC877A73DB4A3E4636D11D213A49D937D4 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@................0..J... .......i... ........@.. ....................................@................................ |
 | |
| Icon Hash: | 0396a6a5a1a1a6bb |
| Entrypoint: | 0x48690e |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x8FFF4003 [Sun Jul 22 10:59:15 2046 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x868c0 | 0x4b | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x88000 | 0x1c3c | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x8a000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0x84914 | 0x84a00 | 53f3ee1e22f49d01ede69f89a439fb75 | False | 0.8403757510603205 | SysEx File - | 7.637336684046911 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x88000 | 0x1c3c | 0x1e00 | 54a9f89345c97b8a359d9a06e7c6d03c | False | 0.156640625 | data | 2.90517259788541 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .reloc | 0x8a000 | 0xc | 0x200 | 893d2848a1bf66039f171909cc89d0df | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x88140 | 0x1628 | Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colors | 0.08885754583921016 | ||
| RT_GROUP_ICON | 0x89768 | 0x14 | data | 1.1 | ||
| RT_VERSION | 0x8977c | 0x2d4 | data | 0.4350828729281768 | ||
| RT_MANIFEST | 0x89a50 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-18T09:40:07.575206+0100 | 2035595 | ET MALWARE Generic AsyncRAT Style SSL Cert | 1 | 139.99.188.124 | 56001 | 192.168.2.8 | 49704 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 18, 2024 09:40:04.754230976 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:04.873718977 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:04.873950958 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:05.754993916 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:05.874448061 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:05.874584913 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:05.876445055 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:05.995862961 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:05.995918989 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:06.116599083 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:07.373092890 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:07.373193026 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:07.373478889 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:07.455739975 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:07.575206041 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:07.977056980 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:08.020653963 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:14.557151079 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:14.676717043 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:14.676922083 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:14.796521902 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:47.350214958 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:47.469818115 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:47.469901085 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:47.589431047 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:48.084112883 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:48.123513937 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:48.123627901 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:48.203804016 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:48.243277073 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:48.380295992 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:48.394242048 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:48.513751984 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:48.513859987 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:48.633352995 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:48.864697933 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:48.911356926 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:49.073339939 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:49.078886986 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:49.198357105 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:40:49.198432922 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:40:49.317872047 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:25.084364891 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:25.203860998 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:25.203994036 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:25.323554993 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:25.857870102 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:25.911473989 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:26.114792109 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:26.116988897 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:26.236520052 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:26.236605883 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:26.356609106 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:51.990118980 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:52.110013008 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:52.110105038 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:52.229638100 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:52.774961948 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:52.835347891 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:53.021640062 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:53.029484034 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:53.149053097 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:53.150331020 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:53.269887924 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:56.708714008 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:56.828372955 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:56.828563929 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:56.948084116 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:57.319104910 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:57.438785076 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:57.438848019 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:57.487488985 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:57.536520958 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:57.558413029 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:57.740711927 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:57.742696047 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:57.862206936 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:57.862267971 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:57.981829882 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:58.097456932 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:58.099334002 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:58.218934059 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:58.219268084 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:58.306766033 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:58.339154959 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:58.342708111 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:58.462557077 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:58.775888920 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:58.817930937 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:59.009212017 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:59.012701988 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:59.132508039 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:41:59.132661104 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:41:59.252504110 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:21.350522041 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:21.470216036 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:21.470259905 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:21.589840889 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:22.143996954 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:22.193417072 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:22.397872925 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:22.407753944 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:22.527836084 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:22.535128117 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:22.658653975 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:45.115099907 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:45.234642029 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:45.235219955 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:45.354707003 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:45.896178961 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:45.942887068 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:46.147823095 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:46.150355101 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:46.270019054 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:46.270138979 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:46.389962912 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:48.709011078 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:48.828701019 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:48.828789949 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:48.948359966 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:49.485019922 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:49.536632061 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:49.741671085 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:49.743944883 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:49.863492966 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:49.863629103 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:49.983088970 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:57.349798918 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:57.469419956 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:57.469463110 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:57.591444016 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:57.912187099 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:58.031959057 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:58.032006025 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:58.126157045 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:58.151581049 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:58.177272081 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:58.384074926 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:58.386909008 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:58.506541014 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:58.506736994 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:58.617501974 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:58.626344919 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:58.661753893 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:58.852361917 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:58.898437977 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:58.907835007 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:59.027378082 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:42:59.032371044 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:42:59.151930094 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:02.287333012 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:02.407324076 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:02.407368898 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:02.526859999 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:03.063381910 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:03.114906073 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:03.320516109 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:03.322938919 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:03.442442894 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:03.442545891 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:03.562081099 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:39.289676905 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:39.409420967 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:39.412391901 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:39.532594919 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:40.070837021 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:40.114880085 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:40.320774078 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:40.322683096 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:40.442364931 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:40.442451954 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:40.562016010 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:43.318403959 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:43.438051939 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:43.438127041 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:43.557677984 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:44.096198082 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:44.146146059 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:44.352343082 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:44.354290009 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:44.474064112 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:43:44.474231005 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:43:44.593950033 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:44:03.654275894 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:44:03.773964882 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:44:03.774015903 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:44:03.893662930 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:44:04.442281961 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:44:04.490061998 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:44:04.696352005 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:44:04.701145887 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:44:04.820988894 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Dec 18, 2024 09:44:04.821619034 CET | 49704 | 56001 | 192.168.2.8 | 139.99.188.124 |
| Dec 18, 2024 09:44:04.941222906 CET | 56001 | 49704 | 139.99.188.124 | 192.168.2.8 |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 18, 2024 09:40:08.272656918 CET | 1.1.1.1 | 192.168.2.8 | 0xf73c | No error (0) | default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 18, 2024 09:40:08.272656918 CET | 1.1.1.1 | 192.168.2.8 | 0xf73c | No error (0) | 217.20.58.100 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:40:08.272656918 CET | 1.1.1.1 | 192.168.2.8 | 0xf73c | No error (0) | 217.20.58.101 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:40:08.272656918 CET | 1.1.1.1 | 192.168.2.8 | 0xf73c | No error (0) | 217.20.58.99 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:40:08.272656918 CET | 1.1.1.1 | 192.168.2.8 | 0xf73c | No error (0) | 217.20.58.98 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:41:23.812802076 CET | 1.1.1.1 | 192.168.2.8 | 0x881f | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:41:23.812802076 CET | 1.1.1.1 | 192.168.2.8 | 0x881f | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 0 |
| Start time: | 03:39:57 |
| Start date: | 18/12/2024 |
| Path: | C:\Users\user\Desktop\LA0gY3d103.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x7f0000 |
| File size: | 551'936 bytes |
| MD5 hash: | 84344446F13FAFC82222D1C2946DE989 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 11.8% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 35 |
| Total number of Limit Nodes: | 3 |
Graph
Function 0103E900 Relevance: 14.2, Strings: 11, Instructions: 443COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A90880 Relevance: 2.7, Strings: 1, Instructions: 1499COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550E6F0 Relevance: 2.7, Strings: 1, Instructions: 1499COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A90871 Relevance: 2.7, Strings: 1, Instructions: 1498COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A90BA7 Relevance: 2.6, Strings: 1, Instructions: 1311COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A906C8 Relevance: 2.5, Strings: 1, Instructions: 1280COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A90730 Relevance: 2.5, Strings: 1, Instructions: 1248COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A90781 Relevance: 2.5, Strings: 1, Instructions: 1237COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550EBDA Relevance: 1.9, Strings: 1, Instructions: 696COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A92BB8 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A92BC1 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A92C90 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01030D62 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01030D70 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055057E0 Relevance: 1.0, Instructions: 1041COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05503850 Relevance: .7, Instructions: 674COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055034E0 Relevance: .2, Instructions: 156COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055034F0 Relevance: .2, Instructions: 150COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 014586A8 Relevance: 4.1, Instructions: 4052COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D26C4 Relevance: 3.8, Strings: 3, Instructions: 30COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A93A28 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0103C038 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A92ED7 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A92EE4 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0145E070 Relevance: 1.3, Instructions: 1331COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A93140 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0103CAF0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0552251E Relevance: 1.3, Strings: 1, Instructions: 24COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05504780 Relevance: .8, Instructions: 776COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055049CE Relevance: .6, Instructions: 607COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A9402D Relevance: .6, Instructions: 600COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05504A48 Relevance: .6, Instructions: 583COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05504A7C Relevance: .6, Instructions: 572COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05504ADA Relevance: .6, Instructions: 551COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0145C218 Relevance: .3, Instructions: 314COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A9981D Relevance: .2, Instructions: 234COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A94B82 Relevance: .2, Instructions: 225COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055057D0 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550C290 Relevance: .2, Instructions: 156COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05509831 Relevance: .2, Instructions: 155COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05509840 Relevance: .1, Instructions: 149COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D2ADA Relevance: .1, Instructions: 130COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A95840 Relevance: .1, Instructions: 125COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A94CC7 Relevance: .1, Instructions: 112COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0145E000 Relevance: .1, Instructions: 93COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05508D38 Relevance: .1, Instructions: 92COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A9480F Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05509E38 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0552FD68 Relevance: .1, Instructions: 81COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05509E48 Relevance: .1, Instructions: 81COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05505650 Relevance: .1, Instructions: 79COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550B3C8 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550B3B8 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4D3C8 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E6D01C Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D60B8 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A97111 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550AFFE Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A95220 Relevance: .1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A9A710 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E6D005 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550BC58 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A952F0 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A99C51 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0145868C Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05505680 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A99C60 Relevance: .1, Instructions: 58COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D9BB2 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4D3C3 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055086E1 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A94790 Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055086F0 Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A97140 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550A230 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A947A0 Relevance: .0, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A99FD1 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4D819 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A9A740 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550AD61 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05508C20 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A99CA7 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550A220 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4D818 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05527A8F Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D60A8 Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550927D Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550928D Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D675E Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550A3B0 Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055046F8 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055062E9 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05509D80 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550B628 Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A98F69 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A9A000 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550A1E8 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05503397 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D9CE1 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550A440 Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05503CCA Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A99597 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05509D90 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05508C50 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05509E01 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05526E49 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A95E68 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A95D38 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055034A8 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05504708 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05504110 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055092A8 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550AD98 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A95A61 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055041B1 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A962E0 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A9733B Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A9A080 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A97CD8 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A97DB8 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550B380 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055033A8 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D607F Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05526E58 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A97B59 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05504322 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D9DAF Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05527B20 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05509D51 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D9D01 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D13F7 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D2AB0 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0552FE88 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A962F0 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A995A8 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055034B8 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05504120 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550C258 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05509C40 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05509FB0 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550AEE0 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055089E1 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550D8B8 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A99520 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055086C0 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A97CE8 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A999E0 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A9A5F1 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550E6C1 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05505C27 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550FFB0 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550A870 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05508800 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055288B0 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0550C510 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05508AA0 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D9D10 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D9DC0 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D6090 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05509810 Relevance: .0, Instructions: 10COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D1408 Relevance: .0, Instructions: 10COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D2AC0 Relevance: .0, Instructions: 10COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D9B70 Relevance: .0, Instructions: 9COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05528C50 Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05528CB0 Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A99470 Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D6E77 Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 055057C0 Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A97DF8 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A99480 Relevance: .0, Instructions: 5COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A96DA0 Relevance: .0, Instructions: 5COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A97120 Relevance: .0, Instructions: 5COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05504330 Relevance: .0, Instructions: 5COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D9B80 Relevance: .0, Instructions: 5COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A99A72 Relevance: .0, Instructions: 4COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A993A2 Relevance: .0, Instructions: 4COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A96090 Relevance: .0, Instructions: 4COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A90840 Relevance: .0, Instructions: 4COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05508C30 Relevance: .0, Instructions: 4COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A901B2 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0103A7E0 Relevance: .7, Instructions: 669COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A92667 Relevance: .3, Instructions: 295COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A92670 Relevance: .3, Instructions: 295COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D5D38 Relevance: .3, Instructions: 281COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05503840 Relevance: .3, Instructions: 279COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06A9275C Relevance: .2, Instructions: 245COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 050D229B Relevance: 7.7, Strings: 6, Instructions: 204COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05504340 Relevance: 5.1, Strings: 4, Instructions: 145COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|