Windows
Analysis Report
jpgcamscanner_20240521_0072345_JPEG.bat.exe
Overview
General Information
Detection
Score: | 92 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64native
jpgcamscanner_20240521_0072345_JPEG.bat.exe (PID: 1500 cmdline:
"C:\Users\ user\Deskt op\jpgcams canner_202 40521_0072 345_JPEG.b at.exe" MD5: 18776562551C3ADCDC9F49C013772FBD) dllhost.exe (PID: 7232 cmdline:
C:\Windows \system32\ DllHost.ex e /Process id:{AB8902 B4-09CA-4B B6-B78D-A8 F59079A8D5 } MD5: 08EB78E5BE019DF044C26B14703BD1FA) jpgcamscanner_20240521_0072345_JPEG.bat.exe (PID: 7232 cmdline:
"C:\Users\ user\Deskt op\jpgcams canner_202 40521_0072 345_JPEG.b at.exe" MD5: 18776562551C3ADCDC9F49C013772FBD)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 2_2_0040626D | |
Source: | Code function: | 2_2_00405732 | |
Source: | Code function: | 2_2_004026FE | |
Source: | Code function: | 4_2_0040626D | |
Source: | Code function: | 4_2_00405732 | |
Source: | Code function: | 4_2_004026FE |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | DNS query: |
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 2_2_004051CF |
Source: | Code function: | 2_2_004031D6 | |
Source: | Code function: | 4_2_004031D6 |
Source: | Code function: | 2_2_00404A0E | |
Source: | Code function: | 2_2_004065F6 | |
Source: | Code function: | 2_2_6DDA1A9C | |
Source: | Code function: | 4_2_00404A0E | |
Source: | Code function: | 4_2_004065F6 | |
Source: | Code function: | 4_2_00158908 | |
Source: | Code function: | 4_2_00154908 | |
Source: | Code function: | 4_2_001581C5 | |
Source: | Code function: | 4_2_00153CF0 | |
Source: | Code function: | 4_2_0015BD00 | |
Source: | Code function: | 4_2_00154038 | |
Source: | Code function: | 4_2_0015E73F | |
Source: | Code function: | 4_2_359A3D20 | |
Source: | Code function: | 4_2_359A1BE0 | |
Source: | Code function: | 4_2_359A9366 | |
Source: | Code function: | 4_2_359A5E80 | |
Source: | Code function: | 4_2_359AA6B8 | |
Source: | Code function: | 4_2_359A46E8 | |
Source: | Code function: | 4_2_359A0128 | |
Source: | Code function: | 4_2_359A64CF | |
Source: | Code function: | 4_2_359A5798 | |
Source: | Code function: | 4_2_001589C2 |
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 2_2_004031D6 | |
Source: | Code function: | 4_2_004031D6 |
Source: | Code function: | 2_2_0040449B |
Source: | Code function: | 2_2_004020D1 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Code function: | 2_2_6DDA1A9C |
Source: | Code function: | 2_2_6DDA2F4E | |
Source: | Code function: | 4_2_359AB9E9 | |
Source: | Code function: | 4_2_359ABBFF | |
Source: | Code function: | 4_2_359ABB4D | |
Source: | Code function: | 4_2_359ABA9B | |
Source: | Code function: | 4_2_359ABAF4 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | HTTP traffic detected: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Code function: | 2_2_0040626D | |
Source: | Code function: | 2_2_00405732 | |
Source: | Code function: | 2_2_004026FE | |
Source: | Code function: | 4_2_0040626D | |
Source: | Code function: | 4_2_00405732 | |
Source: | Code function: | 4_2_004026FE |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_2-4668 | ||
Source: | API call chain: | graph_2-4826 |
Source: | Code function: | 2_2_6DDA1A9C |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 2_2_004031D6 |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Access Token Manipulation | 12 Virtualization/Sandbox Evasion | 2 OS Credential Dumping | 211 Security Software Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 11 Process Injection | 1 Disable or Modify Tools | 1 Credentials in Registry | 12 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Access Token Manipulation | Security Account Manager | 1 System Network Configuration Discovery | SMB/Windows Admin Shares | 2 Data from Local System | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | 1 Clipboard Data | 12 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 26 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
34% | ReversingLabs | Win32.Trojan.Guloader | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ip-api.com | 208.95.112.1 | true | true | unknown | |
veysiseker.com | 192.250.227.27 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
192.250.227.27 | veysiseker.com | United States | 36454 | CNSV-LLCUS | false | |
208.95.112.1 | ip-api.com | United States | 53334 | TUT-ASUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1445937 |
Start date and time: | 2024-05-22 20:12:27 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 15m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | jpgcamscanner_20240521_0072345_JPEG.bat.exe |
Detection: | MAL |
Classification: | mal92.troj.spyw.evad.winEXE@4/18@2/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): RuntimeBroker.exe, backgroundTaskHost.exe
- Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
- Execution Graph export aborted for target jpgcamscanner_20240521_0072345_JPEG.bat.exe, PID 7232 because it is empty
- HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: jpgcamscanner_20240521_0072345_JPEG.bat.exe
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
208.95.112.1 | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | Gurcu Stealer, WhiteSnake Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ip-api.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CNSV-LLCUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | SystemBC | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
TUT-ASUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | Gurcu Stealer, WhiteSnake Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nsm54DF.tmp\System.dll | Get hash | malicious | GuLoader | Browse | ||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | FormBook, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
C:\Users\user\AppData\Local\Temp\nsm54DF.tmp\BgImage.dll | Get hash | malicious | GuLoader | Browse |
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7680 |
Entropy (8bit): | 5.186992759580577 |
Encrypted: | false |
SSDEEP: | 96:8eS0AKTIfv7QCUsthvNL85s4lk38Eb3CDfvEh8uLzqk5nLiEQjJ3KxkP:t8BfjbUA/85q3wEh8uLmcLpmP |
MD5: | 143C1B18CCD1AB2CEED02CAF0E06EF8A |
SHA1: | B59D780E0A85F816B41AA657D4A643D77BD20A99 |
SHA-256: | 8920AFAE5D9C06F6BA1F254A1E32AC2ACFB0FDB11AB2158CFE880A191045E3D7 |
SHA-512: | 91BD09610679224A7774044B16054721567385D3FAA241E72B51F27EF660870F7282E887016DF492D5B3AB3B6D9C130E036258C4F27D5CA4CC3A12B76FF71B39 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.832316471889005 |
Encrypted: | false |
SSDEEP: | 192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC |
MD5: | B0C77267F13B2F87C084FD86EF51CCFC |
SHA1: | F7543F9E9B4F04386DFBF33C38CBED1BF205AFB3 |
SHA-256: | A0CAC4CF4852895619BC7743EBEB89F9E4927CCDB9E66B1BCD92A4136D0F9C77 |
SHA-512: | F2B57A2EEA00F52A3C7080F4B5F2BB85A7A9B9F16D12DA8F8FF673824556C62A0F742B72BE0FD82A2612A4B6DBD7E0FDC27065212DA703C2F7E28D199696F66E |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9728 |
Entropy (8bit): | 5.0684006804573105 |
Encrypted: | false |
SSDEEP: | 96:oXHqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4AqndYHnxss:oXHq+CP3uKrpyREs06YxcdGn |
MD5: | EAC1C3707970FE7C71B2D760C34763FA |
SHA1: | F275E659AD7798994361F6CCB1481050ABA30FF8 |
SHA-256: | 062C75AD650548750564FFD7AEF8CD553773B5C26CAE7F25A5749B13165194E3 |
SHA-512: | 3415BD555CF47407C0AE62BE0DBCBA7173D2B33A371BF083CE908FC901811ADB888B7787D11EB9D99A1A739CBD9D1C66E565DB6CD678BDADAF753FBDA14FFD09 |
Malicious: | false |
Antivirus: |
|
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Grundtvigianerens.Unr
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 164013 |
Entropy (8bit): | 7.75758740590637 |
Encrypted: | false |
SSDEEP: | 3072:fyTCKnlTj+w9D/mJol3Al2PWQPec5TsLhAbdfh+Ye+/PN3bVuh2q:fiYw9rUolwl2uARhBfwYH/1C2q |
MD5: | 36EDCCF96AF1480036761B7767424E1B |
SHA1: | 1BD5D438646C81199CB2AA817CFB42A6E63AFFFA |
SHA-256: | 0C6F40DA67227C6CA67F37AD0FF5B204B6011A5435D2ADB59DB33775BF6DC89A |
SHA-512: | 52A7E1EE71C85303172FED4F7D06D7A4E9A88749813CF2C94BC6C4886939FF1ACA1BBD5F4AB340477867951D7D5E7CA2B684CC68315F67C7D56D1043FC972A35 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Handrailing.cir
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2066 |
Entropy (8bit): | 4.810407037549875 |
Encrypted: | false |
SSDEEP: | 48:MN9I1MAohVsLnzOOm2JN9GZb8XBkDLhCx1vmVhooQw7:MNqUVs76GJN9GZskDIx1kpt7 |
MD5: | DA8899543EFCE0A7D85A682C55AC28A0 |
SHA1: | 5858844E1CD504DE8DCB57096AB853066CC0F4FF |
SHA-256: | 3A3553C3DE7351416FD2C35B039E6ABFB5B5EA770B0F9679C8125BB4E8354815 |
SHA-512: | B08AC2EE6DD769EEFE8934E744EDA3B890DC84C12508F1C8FF5A4AEBD890705A68C4E4775D9507E3FA63CD35E7118EC686B20A7E64B73A36FE31AA5905BDC675 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Schweiziskes\Nonstationaries.pai
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3803 |
Entropy (8bit): | 4.797992434642369 |
Encrypted: | false |
SSDEEP: | 96:vAhP/FY++Ow8uK/ChMRF487eAZFknjx6trqID4LCj6fZKlD+YbtN:vANFYh8Pa8779uFQqcJjD3 |
MD5: | BD115698051CBA72973B3DB7CA9F334D |
SHA1: | FFA16DB0B0866EAE1A4ED3651CEECF9403C8A934 |
SHA-256: | DA902025B32BC72A666904243CABBF238EF1E71C4CAEFE5D68359703819E670B |
SHA-512: | FD08ADB340F3D802CB58405BA7543FA68821750E019FD9B1EC8BA687F7EC2A2954499E405C2044CE91BCA2139F1E636E863994217596B02E9EBC8F6134402CDC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Schweiziskes\Warmakers.fal
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2094 |
Entropy (8bit): | 4.910526940719618 |
Encrypted: | false |
SSDEEP: | 48:ykq7sZsXfjcVEfHrZLrlu/2O6+bpPIm91CGAn:ykq7sWvjiEfHrA2O6+lPImuGA |
MD5: | 6D178C394E50EA2084B340781537AB0B |
SHA1: | 8CF0D7A7F60ECACB2C70F51CBEC6B5665B80902E |
SHA-256: | 2DF354893105AFF58C03983A228C91C9696973462FA7C4845AD8EE673E9DF0B1 |
SHA-512: | 35005C5AEB4B82E9D92CC87421692FEEB64AB5F9B1A4AD3F39CA9C24159D501BC85193FADB79D37CB9CA432B0D3BB47535D37AE8BDF9504867AB766FD0777483 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Schweiziskes\aniara.uns
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1495 |
Entropy (8bit): | 4.786207058973599 |
Encrypted: | false |
SSDEEP: | 24:1IY23JmylAxXxU2kaUNqXxoKQ7L2YpczAkr5ldX+H6CWW3ffwBAZ+UWb1ZD:RCJjIu2DPsLRpczAk1lydvyAZ+vpp |
MD5: | F43C725B0E21DDD2A5A3D446C6ADEBE3 |
SHA1: | 5DB786BEF95C4F000FB8C960ADB17F52E111F437 |
SHA-256: | 7FC48C493CE04FE888B92A0F2C8CF0A562E58F9A0DA4AC25045ECB5102F236D9 |
SHA-512: | 3DB634BB4AB41611634A4A1E26FB05634337A9B98678D40F9EBB14FA18C676D694828D8458C8FF734B684AC364864266573957F727C1421F3FC92D6BB9DA2E85 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Schweiziskes\bekendelsesskriften.pro
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1859 |
Entropy (8bit): | 4.805075590258339 |
Encrypted: | false |
SSDEEP: | 48:NxT3LlsAmysM0+OMKN7yJFH38nSWe6orh83faEuuy:NtblN3smOzofH3zWCh83ftu7 |
MD5: | C5D99D8FFCE5F740EC0737F7C049EAA6 |
SHA1: | 74A7FC0DA11E1E5926EB0DB764DE970C13560665 |
SHA-256: | 44886489A819C10AD5E77992EE636FFAD2060A1F5C4189B15D9C7B3C1E9BDD24 |
SHA-512: | D83D201F9CA9F1CB70CDAF3EBE4548009FF9C8DB0F71F075572EB3587CA1C7538F4DD9DC6CCD17177C9ED9C9F70832B363A97D207858D130C045B77C5E62F750 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Schweiziskes\databehandlingsforeningers.sky
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4356 |
Entropy (8bit): | 4.922796623834746 |
Encrypted: | false |
SSDEEP: | 96:Z1/SWPInqKKFFprwmLQjUn3kouc4PN+gUG+S5yF6oqV/v4h+x:Z1KcInqtxLQwn3kRnN+f3yolqVm+x |
MD5: | 580AFDB7F940780A0E82DF3EBEB3F8F0 |
SHA1: | 4F32C82222EF7B9937AA35F7E82A758C5FE29EC1 |
SHA-256: | 759C6001A1A18F56EA122DE86368114000C48FB0A46B2187E8FBD1E846CC1AD1 |
SHA-512: | 6F201B231E84289259792EEA7CD3A69A6D2252A9A672FCB089BA9F44352AA4DC9150B0C5CB6B0B63925E731E535B2874A26C397C8EC07A9511F939B5E6989F0E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Schweiziskes\tsetseflues\electrohomeopathies.txt
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 349 |
Entropy (8bit): | 4.242626007880176 |
Encrypted: | false |
SSDEEP: | 6:4IvdzGAz6iKphlXA4xEQVuEtFQom0r3/8nRujRKvNqsjQsO4DjjFWBATA1OoRT8g:4IvjCAUEQVu+FvmqjYXU+DHFWBATAhQg |
MD5: | F69098FF568805BE8CF1B8B8EFA38119 |
SHA1: | 1FA8719408BFEAC133F70550A9BD5972042C5B9F |
SHA-256: | C9DD8F7ABCCA4612692F22ABF80E54CA814F9E5743CD877965E77192D42A1901 |
SHA-512: | 2DCD46E31F7D6D93BC6E65EE77DF2F8F374E7A020D62889F2F25347F7286C99CED4F473CFA65A35B7E19EC5308D0A5293BB91016A69B12EEE65BF4C6C4CBFC38 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Shamponeringers\mildewy.jam
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3719 |
Entropy (8bit): | 4.907634267564538 |
Encrypted: | false |
SSDEEP: | 96:Ev+azFX4eoB/s1N6+pCJMY6G/zLmNPbykSp7A:qzB4eoBGpCJMY6uRp8 |
MD5: | F91ED47ADC9A9DF27D912E158B8506EA |
SHA1: | 19792128C34C254D6E1BDF521B60ACCBAD4222FF |
SHA-256: | 7210161B773B11604540AD72BAA54A0CD9C530841EF8C6DE8FBE06EC7FBF2779 |
SHA-512: | CC9B8C186F300DD4F9202419FC8FBD7DB452D35352590EC5EE49E9E54CF9032ABD1DA6D9502535A260004459BB57AEFD4C90607F8B93F65E5B33EF65A7FB467B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Shamponeringers\natans.sma
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2533 |
Entropy (8bit): | 4.887150843352794 |
Encrypted: | false |
SSDEEP: | 48:RG2tOeauPi9UEMaHgblMaWvtwdkm9QtbzlI8c88+NTKqaAtYgf:TtOb0Xe0CtAkZtm8cT+cAtYK |
MD5: | 477DAB1B6549DE2D9023D8F9CF05042B |
SHA1: | D96B04B86450B9546E06D12219BCB0C0437CC447 |
SHA-256: | 3A5BA38AF3DF1E8155785933C4924A145F6759915F37CFD07D5EDEE0D300227E |
SHA-512: | 6D2BF1CC55829F058781A3586338D2A00F0C359FF68F3B0A4A72617A8F1D3BAD61CA274285F2FF6BEF887835694EDF28F00E6D4DB957BF65336B9DCC87E89F53 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Shamponeringers\ovest.tho
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1837 |
Entropy (8bit): | 4.625230572661607 |
Encrypted: | false |
SSDEEP: | 24:RKCWhhnUAECpZibkd9ggk6PUgQOfUr7Y8acQQEZS6HH66Rf1T/pUlq9t5Yn98BJN:R4REC2JEPUgyLacEZZn6gWlPkJf8Y |
MD5: | 12A53C34C5FA929682F2DB62752880B9 |
SHA1: | 6C60C458120AEE4603528266710B2AC66F3C24E1 |
SHA-256: | B0F6C977CFE459FC79DE98FA6B606F43A1A22F3E1F02F8E369C98023E451739F |
SHA-512: | C86DC338DBDA83F7C1A180152190A083CD2F7BE4ED11794C2319EE34BC10E9A896F580E23E8A06B4A4903094F018C8C7FAF5264FEA1FDCFA24B11F0E8FEC4511 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Shamponeringers\paksks.pre
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3995 |
Entropy (8bit): | 4.955156372854779 |
Encrypted: | false |
SSDEEP: | 96:OXXDCP0Z3oaT1zMhGDW7YT1Bofjsko1Z1REBzF:On4h41zMQXT64rH1R6x |
MD5: | 6A4165AA3EF3BB0B85129B53C8FC1C51 |
SHA1: | 6CCBCB4C740F34A7C3DCE4E406C3A2485BB690E2 |
SHA-256: | 1B84A4738FBCD4CA7D9A7FA44783094C780CBFAF6F323703487750B2BB38AAD4 |
SHA-512: | 83CA086A38D431E070B8E73F4E142B81C3DC419782DEFE15E95BFA345AEA05DCA3BE6CA2B6BB4ACF5E0A5E597D3AD6AA4D0007C0319E4A0A468A9A7FFA3D61D7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Shamponeringers\stttepartiets.mis
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3638 |
Entropy (8bit): | 4.92982531475471 |
Encrypted: | false |
SSDEEP: | 96:Yid6n7dx8YHj9keiS2z1ZmZcBnT6u7z71eHpm6y:Vknxx8YHwDNdT6u7v1ecf |
MD5: | 0CD5495C2AABC33E1CA835C7EC70AE67 |
SHA1: | 8AB470057A59DCA68ECD1821CA21C0E9C7083D6D |
SHA-256: | 534322DAE0EADE3B303508F2E035CD74DA3D0FDB7948E518FCF48CAD2B39432B |
SHA-512: | C94721165B8B25B7BF68C91E4D7719BF30D91D3D02E91C0AD62EE5211BAC26C5D759FD730FBBD0AB894EFE55A36698D3A876F8F15670CBEC5F84F6D509E57BC6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Shamponeringers\utilidors.lok
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 4.874765880930053 |
Encrypted: | false |
SSDEEP: | 24:8HvVZmdQB31xdZttWZlQW29eN+zliQkihQyzIWblLIpxymPDYWN/qO3fGle/E4lW:8V8dQTx+Q9gwAi2yzIsmYmP8TlelZ9u1 |
MD5: | A9A4218B4FCC915F7DECE680632B49E7 |
SHA1: | A9EA694A6E3B8DAB614079881104A48FEEE4B4B1 |
SHA-256: | 63D26C32CF8E3FFA695CEF2BAED6D5780F597169EE32100A90CE4E9881D66AA4 |
SHA-512: | 1E48C1DD6306AA614B06A4CFD2A29692771E73072A9EDDE69DB64A86260B6E8C7967EE8262469F3339B676001956F4ACA4DA5AE52A7D6ECF8F4DFA5BEB72AF8E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Vandspildet244\Shamponeringers\xenonet.mul
Download File
Process: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2222 |
Entropy (8bit): | 4.914198609346288 |
Encrypted: | false |
SSDEEP: | 48:x9sBXkZPHGOxztfW2BRz4eTRXhfltDKM3gfwgcwbUoShcYSi52WX:x1ZPb5W2BRz46bVKMl0bUowSi52WX |
MD5: | 20B88329E76E4AA925AD7D36061295AD |
SHA1: | 0E5BFD4A2DFD6149CAAD7801C5318139CBB9BFD5 |
SHA-256: | 75F8686EFE42827DE0CFAF648D5B222400200DA3EF22C2DF00764CAB7F6E500E |
SHA-512: | 4E47EB1E98EEC1873628DAB77E75532FBD9C51BE5FBA8AB05B69E25500AE873BE1E36C84854F8D4384A3088A95DC0251B1D6342542837F9211949B8840743E60 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.745778158253723 |
TrID: |
|
File name: | jpgcamscanner_20240521_0072345_JPEG.bat.exe |
File size: | 379'400 bytes |
MD5: | 18776562551c3adcdc9f49c013772fbd |
SHA1: | ee124b7cd0296b4e524454ab12059b8be60bc002 |
SHA256: | 05df6f3430171cb7db9fa5f6782b8f67b14079b6e1dffbb013c33ca91b1ad5d3 |
SHA512: | c16b5c1c7822af0bee4d5f9707e00a4513e00b0925844fa3c8ba8afbaf7172d2b185dfaf8b1bc1fdce00c6a44d62d34d5bf611c0a2219de0a030ea2f64767364 |
SSDEEP: | 6144:MDGIRuoQiOd9kyzCiY1vJ/BnA+XCzW8w3hRTMiZ4rbcevq:zItQiOdCyzItA+XLRQiZWC |
TLSH: | B8849E90D274A8A6D84312734D3BD9E0216FAF3C9574851F261DB83AA6F734B1367E0E |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L...+.oZ.................`......... |
Icon Hash: | b4b2b2b2bcb2b669 |
Entrypoint: | 0x4031d6 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5A6FED2B [Tue Jan 30 03:57:31 2018 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 3abe302b6d9a1256e6a915429af4ffd2 |
Instruction |
---|
sub esp, 00000184h |
push ebx |
push esi |
push edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 00409198h |
mov dword ptr [esp+20h], ebx |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [004070A0h] |
call dword ptr [0040709Ch] |
and eax, BFFFFFFFh |
cmp ax, 00000006h |
mov dword ptr [0042370Ch], eax |
je 00007F82A0BA03D3h |
push ebx |
call 00007F82A0BA34AAh |
cmp eax, ebx |
je 00007F82A0BA03C9h |
push 00000C00h |
call eax |
mov esi, 00407298h |
push esi |
call 00007F82A0BA3426h |
push esi |
call dword ptr [00407098h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], bl |
jne 00007F82A0BA03ADh |
push 0000000Ah |
call 00007F82A0BA347Eh |
push 00000008h |
call 00007F82A0BA3477h |
push 00000006h |
mov dword ptr [00423704h], eax |
call 00007F82A0BA346Bh |
cmp eax, ebx |
je 00007F82A0BA03D1h |
push 0000001Eh |
call eax |
test eax, eax |
je 00007F82A0BA03C9h |
or byte ptr [0042370Fh], 00000040h |
push ebp |
call dword ptr [00407044h] |
push ebx |
call dword ptr [00407288h] |
mov dword ptr [004237D8h], eax |
push ebx |
lea eax, dword ptr [esp+38h] |
push 00000160h |
push eax |
push ebx |
push 0041ECC8h |
call dword ptr [00407178h] |
push 00409188h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7428 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3d000 | 0x282e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x298 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5f0d | 0x6000 | dfef90bbbed6c8d8369917b85f400880 | False | 0.6649169921875 | data | 6.450520423955375 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x1248 | 0x1400 | 1c9a524313c13059919ecf8195d205be | False | 0.4275390625 | data | 5.007650149182371 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x1a818 | 0x400 | 06c5105864978df88e34770eefada5da | False | 0.6376953125 | data | 5.129587811765307 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x24000 | 0x19000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x3d000 | 0x282e0 | 0x28400 | e47a7998864b5d4b9b25d40ba1fdb078 | False | 0.23467221467391305 | data | 4.288859004027817 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x3d328 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.17542588430143144 |
RT_ICON | 0x4db50 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.2506043725036788 |
RT_ICON | 0x56ff8 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | United States | 0.27587800369685767 |
RT_ICON | 0x5c480 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.2593292394898441 |
RT_ICON | 0x606a8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.33112033195020746 |
RT_ICON | 0x62c50 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.36843339587242024 |
RT_ICON | 0x63cf8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.4540983606557377 |
RT_ICON | 0x64680 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.5328014184397163 |
RT_DIALOG | 0x64ae8 | 0x100 | data | English | United States | 0.5234375 |
RT_DIALOG | 0x64be8 | 0x11c | data | English | United States | 0.6056338028169014 |
RT_DIALOG | 0x64d08 | 0x60 | data | English | United States | 0.7291666666666666 |
RT_GROUP_ICON | 0x64d68 | 0x76 | data | English | United States | 0.7457627118644068 |
RT_VERSION | 0x64de0 | 0x1bc | data | English | United States | 0.536036036036036 |
RT_MANIFEST | 0x64fa0 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
DLL | Import |
---|---|
KERNEL32.dll | GetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetCurrentDirectoryA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA |
USER32.dll | ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA |
ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 22, 2024 20:14:50.984671116 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.221349001 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.221534014 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.221993923 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.458771944 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.464617968 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.464632988 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.464770079 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.464775085 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.464775085 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.464785099 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.464796066 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.464807987 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.464818954 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.464829922 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.464875937 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.464886904 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.464920044 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.464920044 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.464968920 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.464968920 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.465018034 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.701567888 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.701584101 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.701669931 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.701723099 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.701723099 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.701782942 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.701819897 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.701915026 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.701929092 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702033043 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.702106953 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702145100 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.702219963 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702310085 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.702338934 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702378988 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.702389002 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702400923 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702496052 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702496052 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.702496052 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.702507973 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702518940 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702529907 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702550888 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702593088 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.702600956 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702613115 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702642918 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.702642918 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.702691078 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.702721119 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702740908 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.702740908 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.702740908 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.702867031 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.702886105 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.703042030 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.938297033 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.938311100 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.938400030 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.938463926 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.938463926 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.938476086 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.938508987 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.938560963 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.938615084 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.938615084 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.938819885 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.938833952 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.938844919 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.938855886 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.938867092 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.938878059 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.938889027 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.938945055 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939023018 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939037085 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939048052 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939059019 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939081907 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939135075 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939152956 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939152956 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939201117 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939207077 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939295053 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939299107 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939320087 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939424992 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939424992 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939475060 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939522982 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939527035 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939538956 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939595938 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939636946 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939649105 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939718008 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939738035 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939765930 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939826965 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939835072 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939879894 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.939883947 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939883947 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939980984 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.939991951 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.940018892 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.940030098 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.940112114 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.940138102 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.940192938 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.940192938 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.940234900 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.940272093 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.940283060 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.940304995 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.940381050 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.940438986 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.940476894 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.940516949 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.940522909 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.940536022 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:51.940608978 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.940608978 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:51.940706015 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.175352097 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.175436020 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.175503016 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.175559998 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.175616026 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.175642967 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.175642967 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.175672054 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.175708055 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.175734043 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.175795078 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.175797939 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.175795078 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.175857067 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.175914049 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.175923109 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.175968885 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.175970078 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176017046 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176027060 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176065922 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176084042 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176125050 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176141977 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176232100 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176243067 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176301003 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176306963 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176354885 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176409960 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176410913 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176460028 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176465034 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176517963 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176520109 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176574945 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176579952 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176630974 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176659107 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176659107 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176686049 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176740885 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176754951 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176795959 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176804066 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176851034 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176852942 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176902056 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176906109 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.176956892 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.176960945 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177005053 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177016973 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177061081 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177074909 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177109003 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177130938 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177165031 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177186012 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177212954 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177242041 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177295923 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177346945 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177350998 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177395105 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177407026 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177443981 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177462101 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177503109 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177516937 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177551031 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177572012 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177609921 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177628040 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177684069 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177685022 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177732944 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177740097 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177788973 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177795887 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177836895 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177853107 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177892923 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177907944 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.177941084 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.177963972 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178019047 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178023100 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.178071022 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.178076029 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178131104 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178141117 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.178141117 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.178186893 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178236961 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.178244114 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178298950 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178338051 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.178354979 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178411007 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178412914 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.178466082 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178503990 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.178553104 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.178607941 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.178628922 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178687096 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178741932 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178790092 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.178841114 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.178874969 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178932905 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.178936958 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.178988934 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179023981 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179044008 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179100990 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179128885 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179128885 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179156065 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179214001 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179225922 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179267883 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179275036 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179322958 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179323912 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179373026 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179378986 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179421902 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179434061 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179491043 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179492950 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179541111 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179547071 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179604053 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179609060 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179657936 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179660082 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179688931 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179699898 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179702997 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179711103 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179752111 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179768085 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179816961 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179826021 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179874897 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179874897 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179920912 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.179924011 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.179933071 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.180022001 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.180071115 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.180169106 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.415254116 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.415277004 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.415425062 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.415425062 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.415453911 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.415477991 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.415594101 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.415649891 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.416726112 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.416846991 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.416920900 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.416955948 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.416979074 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.417017937 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.417104006 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.417104006 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.417176008 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.417273998 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.417327881 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.417399883 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.417464972 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.417484999 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.417568922 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.417587042 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.417623043 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.417623043 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.417668104 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.417716980 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.417720079 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.417783976 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.417927980 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.417938948 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.417939901 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.418071032 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.418071032 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.418190956 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.418205023 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.418314934 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.418314934 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.418404102 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.418510914 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.418559074 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.418665886 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.418818951 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.418833971 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.418845892 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.418857098 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.419003963 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.419044971 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.419087887 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.419186115 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.419186115 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.419323921 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.419339895 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.419421911 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.419461966 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.419507980 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.419589996 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.419589996 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.419696093 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.419720888 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.419910908 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.419930935 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.419935942 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.420083046 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.420187950 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.420306921 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.420317888 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.420404911 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.420420885 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.420500040 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.420536995 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:52.420577049 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:52.420778990 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:14:54.032672882 CEST | 59327 | 80 | 192.168.11.20 | 208.95.112.1 |
May 22, 2024 20:14:54.208089113 CEST | 80 | 59327 | 208.95.112.1 | 192.168.11.20 |
May 22, 2024 20:14:54.208214998 CEST | 59327 | 80 | 192.168.11.20 | 208.95.112.1 |
May 22, 2024 20:14:54.208735943 CEST | 59327 | 80 | 192.168.11.20 | 208.95.112.1 |
May 22, 2024 20:14:54.384155035 CEST | 80 | 59327 | 208.95.112.1 | 192.168.11.20 |
May 22, 2024 20:14:54.432262897 CEST | 59327 | 80 | 192.168.11.20 | 208.95.112.1 |
May 22, 2024 20:14:57.182302952 CEST | 80 | 59326 | 192.250.227.27 | 192.168.11.20 |
May 22, 2024 20:14:57.182425022 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:15:28.314335108 CEST | 80 | 59327 | 208.95.112.1 | 192.168.11.20 |
May 22, 2024 20:16:40.737230062 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:16:41.315152884 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:16:42.486804962 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:16:44.814413071 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:16:49.454058886 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:16:58.717505932 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
May 22, 2024 20:17:17.229078054 CEST | 59326 | 80 | 192.168.11.20 | 192.250.227.27 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 22, 2024 20:14:50.759366989 CEST | 64952 | 53 | 192.168.11.20 | 1.1.1.1 |
May 22, 2024 20:14:50.980803013 CEST | 53 | 64952 | 1.1.1.1 | 192.168.11.20 |
May 22, 2024 20:14:53.852298975 CEST | 49937 | 53 | 192.168.11.20 | 1.1.1.1 |
May 22, 2024 20:14:54.028419971 CEST | 53 | 49937 | 1.1.1.1 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 22, 2024 20:14:50.759366989 CEST | 192.168.11.20 | 1.1.1.1 | 0x49a3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 22, 2024 20:14:53.852298975 CEST | 192.168.11.20 | 1.1.1.1 | 0x36fc | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 22, 2024 20:14:50.980803013 CEST | 1.1.1.1 | 192.168.11.20 | 0x49a3 | No error (0) | 192.250.227.27 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 20:14:54.028419971 CEST | 1.1.1.1 | 192.168.11.20 | 0x36fc | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.11.20 | 59326 | 192.250.227.27 | 80 | 7232 | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 22, 2024 20:14:51.221993923 CEST | 166 | OUT | |
May 22, 2024 20:14:51.464617968 CEST | 1289 | IN | |
May 22, 2024 20:14:51.464632988 CEST | 1289 | IN | |
May 22, 2024 20:14:51.464770079 CEST | 1289 | IN | |
May 22, 2024 20:14:51.464785099 CEST | 1289 | IN | |
May 22, 2024 20:14:51.464796066 CEST | 1289 | IN | |
May 22, 2024 20:14:51.464807987 CEST | 1289 | IN | |
May 22, 2024 20:14:51.464818954 CEST | 1289 | IN | |
May 22, 2024 20:14:51.464829922 CEST | 1289 | IN | |
May 22, 2024 20:14:51.464875937 CEST | 1289 | IN | |
May 22, 2024 20:14:51.464886904 CEST | 1289 | IN | |
May 22, 2024 20:14:51.701567888 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.11.20 | 59327 | 208.95.112.1 | 80 | 7232 | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 22, 2024 20:14:54.208735943 CEST | 80 | OUT | |
May 22, 2024 20:14:54.384155035 CEST | 174 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 2 |
Start time: | 14:14:27 |
Start date: | 22/05/2024 |
Path: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 379'400 bytes |
MD5 hash: | 18776562551C3ADCDC9F49C013772FBD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 14:14:27 |
Start date: | 22/05/2024 |
Path: | C:\Windows\System32\dllhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7bd9e0000 |
File size: | 21'312 bytes |
MD5 hash: | 08EB78E5BE019DF044C26B14703BD1FA |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 14:14:46 |
Start date: | 22/05/2024 |
Path: | C:\Users\user\Desktop\jpgcamscanner_20240521_0072345_JPEG.bat.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 379'400 bytes |
MD5 hash: | 18776562551C3ADCDC9F49C013772FBD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 18.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 20.2% |
Total number of Nodes: | 1508 |
Total number of Limit Nodes: | 38 |
Graph
Function 004031D6 Relevance: 87.9, APIs: 32, Strings: 18, Instructions: 366stringcomfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004051CF Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405732 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004065F6 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403B35 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403798 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405F8C Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 199stringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405091 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406294 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004023D6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405609 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406A2B Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406C2C Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406942 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406447 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406895 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004069B3 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004068FF Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6DDA29C0 Relevance: 3.2, APIs: 2, Instructions: 156COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401E2B Relevance: 3.0, APIs: 2, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405B03 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004055D4 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405B7B Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405BAA Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6DDA28E5 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402340 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404055 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040403E Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040318E Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040402B Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040592D Relevance: 1.3, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404A0E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040449B Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6DDA1A9C Relevance: 20.1, APIs: 13, Instructions: 571stringlibrarymemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004026FE Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404174 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 202windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405BD9 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404070 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6DDA249C Relevance: 10.6, APIs: 7, Instructions: 124COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040495C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C7C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6DDA22B5 Relevance: 9.1, APIs: 6, Instructions: 140memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404852 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401D9B Relevance: 7.5, APIs: 5, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C0A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004059F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405902 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402CFF Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405005 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405E51 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405949 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6DDA10E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A68 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00158908 Relevance: 2.9, Instructions: 2881COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015BD00 Relevance: 2.4, Instructions: 2373COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00153CF0 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A46E8 Relevance: .8, Instructions: 821COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359AA6B8 Relevance: .6, Instructions: 638COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A3D20 Relevance: .6, Instructions: 591COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A9366 Relevance: .6, Instructions: 565COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A1BE0 Relevance: .5, Instructions: 545COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A5E80 Relevance: .5, Instructions: 476COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001581C5 Relevance: .4, Instructions: 443COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00154908 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F2C2 Relevance: 4.0, Strings: 3, Instructions: 296COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00154675 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00154680 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F600 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00153CE4 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A23F8 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001562BF Relevance: .6, Instructions: 585COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001503BD Relevance: .6, Instructions: 580COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A1945 Relevance: .4, Instructions: 394COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015E1D0 Relevance: .3, Instructions: 304COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00151170 Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001548FD Relevance: .3, Instructions: 262COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359ADC58 Relevance: .3, Instructions: 252COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A7268 Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A2A1A Relevance: .2, Instructions: 224COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00158668 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A9050 Relevance: .2, Instructions: 215COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359AC8D8 Relevance: .2, Instructions: 211COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A2D50 Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359AC8D6 Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A32E8 Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00155078 Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00151272 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A725E Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A32D9 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A3B90 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359AD8A8 Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A092D Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F0B7 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F0C8 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015FCF0 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A0940 Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00155C67 Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00155C88 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A07F0 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359ABEA7 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00152146 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359ABEB0 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00150B4D Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A0800 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00152150 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00155DA1 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00158028 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A2621 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015FE80 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00158038 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A2630 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00151511 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001516E9 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00157F29 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00154DF8 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000AD01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001516F8 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00157F38 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00151520 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00154E08 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A4E08 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015EA10 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000AD006 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00150848 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00151631 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A2740 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00151470 Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015E8D8 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359AD2C0 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F008 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00151480 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A2730 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A2400 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A2988 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359AD2D0 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015099B Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A8448 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359ADB89 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001553E1 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015E50C Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015EDD0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359AAD08 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015E5E0 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A63D0 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015E5F0 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 359A31D1 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004031D6 Relevance: 75.6, APIs: 32, Strings: 11, Instructions: 366stringcomfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404A0E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405732 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 159filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004065F6 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004051CF Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403798 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404174 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405BD9 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040449B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 274stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405F8C Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 199stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404070 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040495C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C7C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406294 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401D9B Relevance: 7.5, APIs: 5, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404852 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C0A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402CFF Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405005 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405609 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406A2B Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406C2C Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406942 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406447 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406895 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004069B3 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004068FF Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A68 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|