Windows
Analysis Report
Aviso legal.exe
Overview
General Information
Detection
Score: | 92 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64native
- Aviso legal.exe (PID: 8552 cmdline:
"C:\Users\ user\Deskt op\Aviso l egal.exe" MD5: C7AE7BFDA7F71B76C6F3213CFE94529E) - Aviso legal.exe (PID: 6196 cmdline:
"C:\Users\ user\Deskt op\Aviso l egal.exe" MD5: C7AE7BFDA7F71B76C6F3213CFE94529E)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00405C49 | |
Source: | Code function: | 0_2_00406873 | |
Source: | Code function: | 0_2_0040290B | |
Source: | Code function: | 10_2_00405C49 | |
Source: | Code function: | 10_2_00406873 | |
Source: | Code function: | 10_2_0040290B |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_004056DE |
Source: | Code function: | 0_2_0040352D | |
Source: | Code function: | 10_2_0040352D |
Source: | Code function: | 0_2_0040755C | |
Source: | Code function: | 0_2_00406D85 | |
Source: | Code function: | 0_2_705B1BFF | |
Source: | Code function: | 10_2_0040755C | |
Source: | Code function: | 10_2_00406D85 | |
Source: | Code function: | 10_2_0016D0B8 | |
Source: | Code function: | 10_2_0016A3B8 | |
Source: | Code function: | 10_2_0016AFD0 | |
Source: | Code function: | 10_2_00160600 | |
Source: | Code function: | 10_2_0016A700 | |
Source: | Code function: | 10_2_3611EE00 | |
Source: | Code function: | 10_2_36113EE8 | |
Source: | Code function: | 10_2_3611CCC0 | |
Source: | Code function: | 10_2_39304570 | |
Source: | Code function: | 10_2_393009D0 | |
Source: | Code function: | 10_2_395D5938 | |
Source: | Code function: | 10_2_395D40C8 | |
Source: | Code function: | 10_2_395DC320 | |
Source: | Code function: | 10_2_361149D2 |
Source: | Code function: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_0040352D | |
Source: | Code function: | 10_2_0040352D |
Source: | Code function: | 0_2_0040498A |
Source: | Code function: | 0_2_004021AA |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Code function: | 0_2_705B1BFF |
Source: | Code function: | 0_2_705B30EE | |
Source: | Code function: | 10_2_00160C7A | |
Source: | Code function: | 10_2_00160C7A | |
Source: | Code function: | 10_2_395DD489 |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Code function: | 0_2_00405C49 | |
Source: | Code function: | 0_2_00406873 | |
Source: | Code function: | 0_2_0040290B | |
Source: | Code function: | 10_2_00405C49 | |
Source: | Code function: | 10_2_00406873 | |
Source: | Code function: | 10_2_0040290B |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-4308 | ||
Source: | API call chain: | graph_0-4463 |
Source: | Code function: | 10_2_00401941 |
Source: | Code function: | 0_2_705B1BFF |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_0040352D |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 2 OS Credential Dumping | 111 Security Software Discovery | Remote Services | 1 Email Collection | 11 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 11 Process Injection | 12 Virtualization/Sandbox Evasion | 1 Credentials in Registry | 12 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Disable or Modify Tools | Security Account Manager | 1 System Network Configuration Discovery | SMB/Windows Admin Shares | 2 Data from Local System | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | 1 Clipboard Data | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 26 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1331786 | ||
18% | ReversingLabs | Win32.Trojan.Generic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
api.ipify.org | 104.26.12.205 | true | false | unknown | |
lovekelley.ru.com | 172.93.121.7 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.26.12.205 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false | |
172.93.121.7 | lovekelley.ru.com | United States | 393960 | HOST4GEEKS-LLCUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1445943 |
Start date and time: | 2024-05-22 20:28:54 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 15m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 25 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Aviso legal.exe |
Detection: | MAL |
Classification: | mal92.troj.spyw.evad.winEXE@3/22@2/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe, UsoClient.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, login.live.com, tse1.mm.bing.net, settings-win.data.microsoft.com, g.bing.com, arc.msn.com
- HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: Aviso legal.exe
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.26.12.205 | Get hash | malicious | Stealit | Browse |
| |
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Bunny Loader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
172.93.121.7 | Get hash | malicious | GuLoader | Browse |
| |
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
api.ipify.org | Get hash | malicious | GuLoader | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
HOST4GEEKS-LLCUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | GuLoader | Browse |
| |
Get hash | malicious | GuLoader, XWorm | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | GookitLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nscAAC8.tmp\System.dll | Get hash | malicious | GuLoader | Browse | ||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | PrivateLoader, PureLog Stealer | Browse | |||
Get hash | malicious | PrivateLoader, PureLog Stealer | Browse | |||
Get hash | malicious | DCRat | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 409078 |
Entropy (8bit): | 7.025047982289486 |
Encrypted: | false |
SSDEEP: | 6144:OfFg587/PrfLt9lGgbFJDyW2CIqjgOov+PoQJ3yEDi9UlzbWIBSYtU1vMfud:ONg58DzfLt9nbFJDxXcT+A6DP0aSYtbQ |
MD5: | 7590D8090323B4D45AB454BA0F2ACD51 |
SHA1: | FA077E6D2FA069CA51852408A0A2D047BC57F5AD |
SHA-256: | 8D5E0C4D96592BFB50D72E07228097FC855A248CD2E3DF72984AB17CE9489180 |
SHA-512: | 32CA31F735849E8309E52C548704A6BE578F2BFA4BF7FCBD2BBF9AB14F71C05BDEBFB52EEBC077C2FD167D0EF91E14E61ED29252CE76F48074BAB92A22624CFD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2722 |
Entropy (8bit): | 4.839690262251353 |
Encrypted: | false |
SSDEEP: | 48:9WnDbvUVgjwxk7wk8PQfmln5hXmXohRU5lhK/PgknruS/D072pPGE3/Nf:0H4AMc/RfyZmXohRUhKngYDD0yp+At |
MD5: | 92B65A4EA85F4C1AF62CB993C61D4568 |
SHA1: | E79E5232494CA1FED6CD9BC4915C0125623B96CD |
SHA-256: | C14C2EC59396E3A6C1E8CA9ED1216674B7F291E322ADBB235EB10C3EAED9650C |
SHA-512: | 4821CE96C99D6782BB7DB99E55E699B986D6F6C8B1B57AF6C9E7C4152C46FA50FB221DD54AECCF142A5E8D08808A9821EC0F5BA094EFEAF4EC453B1CA78530BC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4874 |
Entropy (8bit): | 4.920645246986102 |
Encrypted: | false |
SSDEEP: | 96:0SaNvSiGMnOW/lBLz7rTbdD+3i6sG+dlWYzrRz/xOXJD8fNOvqg0JZ:0prDjLzvTbdN6wdpzrH4SLJZ |
MD5: | 6A8C19E05EA72B2EE372C52E9DE150A4 |
SHA1: | C452083D0DC5A85CD773650D5D3F0F87DC1A32A6 |
SHA-256: | A58474474F73CB6EAC7C81D72004AB151C47B179C41D29D73E9CDB2C532453E7 |
SHA-512: | 64C825FF86B1CE4500D34D980A17214418FAEDE7C5F61AAEC7118B75BDA847BA6465AA675EF07612B46AED914CA6D84C2D0F1BEC25BFCCB7A482194C13B3B00C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3195 |
Entropy (8bit): | 4.826172613201672 |
Encrypted: | false |
SSDEEP: | 48:lX4ebVADs8uHITJH2Zk59dKvOlEyDtVdwk25jdM7lJ73NSjUqEqow:S8VADluHIZmkX9dR25RkJLNSjUqEqow |
MD5: | 6086222E2529C10A1AEB663C2288CF7B |
SHA1: | FCEE6B724FB6C4584037EC812CE6CFF5EDD42087 |
SHA-256: | 1DC923EE41E90DEC393A8B7625B4FD439F1974BF97FBD2508BA05FE194BF1DF2 |
SHA-512: | 17812F6669FA981913E89CFDC635B696672CE31B3960237E3BD1B3668BECC5496067CBAFD3BE1DA2DABD10A99B20DE9B2E98B30766EB607D96952C699ED22492 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4002 |
Entropy (8bit): | 4.943041620513792 |
Encrypted: | false |
SSDEEP: | 96:CsV83xzIfux1gb13Xm4DdkLgA6m7jcxhtekQk:CU8hAMQdhk0A774xhX |
MD5: | 018A675A1E69825895455988720F29A6 |
SHA1: | 851955113A180EFBD020A625A2DBD55AEC4722B0 |
SHA-256: | 434FC226BC639382893C1742DA91B39578531F13D24804F5CA815907885DA53E |
SHA-512: | D11B8A9E0B2DE3F3E63D5D3FFCF1D0D8E8ACAC3B87F5D12FB669B8918AB79E99501AD82F489F3C2FA21190C5020104E322FCA25C82AFA57C4CC20B7F61BA61FB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3887 |
Entropy (8bit): | 4.916542368312967 |
Encrypted: | false |
SSDEEP: | 96:ZouYwQAzTQTRKfyovTlmgfRPg101L2uTYxk:ZDlTQT0TPNYk |
MD5: | 462C5590A716548FA229D546C6BB94A9 |
SHA1: | 7BD3C711C70797841BC5410D76935E55B3F0550C |
SHA-256: | 85D36884D0EF6A606604A19741EC4BC57005D328C6AA1F6C8E2DABB86D66216E |
SHA-512: | EB07E696421E7E566A58695968FF79E71953AEB95064EAD505B9FD557AACEF4F5E97C17DB46A2933B2E8269B43B6B380A8A7B747C5F6B2351E588BB473EC8081 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 331 |
Entropy (8bit): | 4.2631934244817185 |
Encrypted: | false |
SSDEEP: | 6:uAIFWxlKGzpBfgJtDi+arecCh7L1mQqVMVeKAoF3+uhNMSqLIR8OFRLUAP+:uGaGLGBal7J4eKAoFJM7I2qJU9 |
MD5: | F23E5726FF94C1301BD5E32F3A384C3E |
SHA1: | BE012A7A0E997F13FFA5AD5308EF79D1516457C3 |
SHA-256: | F6F91C19DFFD7364E76C6CA987933CA9E376E3923455EA1CE5AD34BA23F38BE3 |
SHA-512: | 2E7F46E6483C7AD322EC25CB25FB43B11AB0B7251A4977D32BBE067E4238119CA2188F5E0546525F580906335AAA1F3F62E426332CE8DFA0B1CFC9E7F739862E |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4778 |
Entropy (8bit): | 4.9444746463548395 |
Encrypted: | false |
SSDEEP: | 96:QwmJdGj23rzlbBg4rB/sZGk1b6YiiBwsCTuP377ed8/C7G1:QwAUs5N/Tk1b6Iw43Wd8/C7G1 |
MD5: | 28034ACE2355FFFC34BC9E04BE013F82 |
SHA1: | 6F4DFAFAD03DB531FA1F1D2BB1E1DBAEB2DB834A |
SHA-256: | 54D6568B778AD41428D64C10224FEF7D0E10E9933B9B7E37525291DE1A29D7D1 |
SHA-512: | 13829D45F74364752E207F44B8AD80037C0C247523DAEB6A29660F74B39692757064B8EDB353E2ABFC78F132401E4388E749F123FE40F1A27650501E84FC07D8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3058 |
Entropy (8bit): | 4.867985240125452 |
Encrypted: | false |
SSDEEP: | 48:HBKUYIf22stTn+B4PWJRjnDj443qlGh1HnQmMP/RkjlyElrY7Ysc5v/sxSpzJoDQ:HoUXf2hn+BLb/j44+GrHojUYEsIvpVMQ |
MD5: | D90BE3D6F13E5C07EF0E73E87BE8C414 |
SHA1: | A660A630B8786513BC8474C2FEEE0C5A8EAA5F36 |
SHA-256: | F7167DE10D85A53381DD593BACA7763F8D5E354E36790D090183CAF76A69AF0A |
SHA-512: | 3C957815684E6E39215E250AEA04637DD8CCDC0CBBC6962C83D717AC7F3CCAA61FA510EC2E9C95F106E4954CAF28936C20EB12C52AC986E0FDDBA8D05B88F661 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4423 |
Entropy (8bit): | 4.949270542878988 |
Encrypted: | false |
SSDEEP: | 96:zL/Ix9oqXYZ74DMge7/pnsCj7LP1OBLde4kxd3BdeLQ:z0n3XYZ74wg+1U7sdwQ |
MD5: | B186E4CFD624F52C189CC24BDB396D8A |
SHA1: | 45F714FFE18E6B5C8FFE9A89FC5AA79210CF8E6B |
SHA-256: | 5E38990F303EFD9B1441FC30FAC0283DF4210F2DF44B6BFD035DC08A7C1714A4 |
SHA-512: | 7B3B68277F2C930B4E9E99233DB6C6B391972FF17007609F85B5F69564278B0CCCA5D4277D69BBA3953C2653133A61EE0FDF16F4C49B20EBA1FDF3359E04ADCA |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4892 |
Entropy (8bit): | 4.895010256290898 |
Encrypted: | false |
SSDEEP: | 96:VPthYc6b6NH3BEPHywchTFqK2GYdXR074ibaY5smmt735M0gR:HhKbQXKPH6Zq3dq74w1IpY |
MD5: | F6A285726B14A1ACE757153A1CF12B5B |
SHA1: | B8569BD93B142BC1A0F24BE9E7BB28434DB3873A |
SHA-256: | 2B3A8EF4AEA23CCBF84F43C765EF57F2DCF22F2D1B74F1228BB50CA675392062 |
SHA-512: | 505D95401633E7CEFFC208F588219BF10812861871EDFA4F53562E3058B82D11AA07E9A64EB88F1D148BCAF8E5A8A109A320CA80323516D0F6F0E3D19CAEAA07 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3615 |
Entropy (8bit): | 4.781717113533645 |
Encrypted: | false |
SSDEEP: | 48:fY3eTl0lNjDAiMeKMRyDQyJDxlm2fUFNJLQYyEA1KVMAd7EDlLLTj3mVXotkgv7:w3eyt7cDlFlf2JQcRxdYBbttPv7 |
MD5: | 451F7B3BC2501AFDFDD0B5AF1E3706F9 |
SHA1: | 7CBAFB7CEBCBD0A10D3B32A8A01D68390E5E24B9 |
SHA-256: | 165FD704517A414C5579286871CE6717BEE64908B3DAD07802AFD2EE81371BB8 |
SHA-512: | E051168098EDA4D96188B34E82060AC195C03D061DEC2A798EBC0C78D783564FB49CCF7E154235EC9D24664CBFC120594B515D50E738808328ADCA984A33DB6B |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3672 |
Entropy (8bit): | 4.97616940802998 |
Encrypted: | false |
SSDEEP: | 48:xFS79alozLFOVJpXsZHdigJOuiNA4G+stAqo3/neCXLsiEzvwY7Fw5fiTjjpPQD:xY79GVaHdjEA4GJ89XQS8Xp+ |
MD5: | EEDA9DA1B55D1D2B24EADF3AAB92C34C |
SHA1: | 855DD4C049A987BB5801F201953F777067DCDEDB |
SHA-256: | 2F90A5F2F6BF58DC153B44DC2879CBEF1C78DE3891D9B3E6EEA9BF2A6B588376 |
SHA-512: | 2ABA51EF997943679FC2E48DF582F04BDDCB91AF48E9C83100D194B0B367D03440FE7A9E822DB8A55FC8897E5F3B0BEE151E60261D33D88B77140AF2551BA282 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2641 |
Entropy (8bit): | 4.912370258732604 |
Encrypted: | false |
SSDEEP: | 48:+M4x/IiuH84UKlQlzNROyeCFA6t5CXPTfLXKK+BHGUD5c:+M4x/IiiUJlzleCC6bqPuHGUD5c |
MD5: | CF17370F08735B5C4A7ED26B0563463F |
SHA1: | D7EDF15F524BC780F626A84A43CF352BD7216AEF |
SHA-256: | 15759A8E0FC11F64C4B2F23602B8748664313F421B8D766D3CB9AEFFB74DD7B9 |
SHA-512: | 0C63D7695F04E7AED64EF2346C2CDC8E49BD9BFE52875DE27F35B677A7FD63C555E935EE09128AE9EBF2152F253ADEC72848AE7F8C17B67E8C14B3B36D6CC816 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2067 |
Entropy (8bit): | 4.965244696425312 |
Encrypted: | false |
SSDEEP: | 24:HnfGRZfBdLl/b/CmvGHbgs/k7Lqc/IsiYuGghgfaZTMvj61a6SJks+2bU207PNWu:/GRZfDRDTr6NIkfdGj6tdeTyWhYWXn4B |
MD5: | DF7943BFD11E14F049F4BD3D91DECD2B |
SHA1: | 13DBFC7E14CB175310AA3F4840A7D6D3B3C8CE14 |
SHA-256: | 97EC7C704B6F51EA3BAFB10FDB0EA5E75C1A2C32939434956DEC192AB23EEC03 |
SHA-512: | 07A13D183798AF38D683F1B2C465B0AE98A530713EE05328194ACDC408A9643A889F009A9CF840C658F5B06D57EAF91C40B490CFF0B49CA5707F592E315C3C86 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 92253 |
Entropy (8bit): | 4.596041951543385 |
Encrypted: | false |
SSDEEP: | 1536:DVE3+5YGgIGS185zYsJhwGIrJrxUn9Pb9a1vzEpxDP8a7af:C3+5ZgzYsU7bUn9D0cJEa7af |
MD5: | DF166856C7BBD30800ED9DB7A4A9EC6D |
SHA1: | C5ECB8B843D5C0B4BB245B940358A299C50A2D13 |
SHA-256: | A38112A083EE7B2AE0B7DD3C3FEA1F5AF44D9C93708E0C19F88DFC708898E560 |
SHA-512: | 78629B41D26EA80E91C042E27C63489DCB6D2A7253F01A9AB69742E58829ECFBC08A7DF9AE396DC50D4240FF98D79F1FC94DE5F971BCAC3194A40FEA4327525D |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 74 |
Entropy (8bit): | 3.9637832956585757 |
Encrypted: | false |
SSDEEP: | 3:sRQE1wFEt/ijNJyI3dj2+n:aQEGiwh3D |
MD5: | 16D513397F3C1F8334E8F3E4FC49828F |
SHA1: | 4EE15AFCA81CA6A13AF4E38240099B730D6931F0 |
SHA-256: | D3C781A1855C8A70F5ACA88D9E2C92AFFFA80541334731F62CAA9494AA8A0C36 |
SHA-512: | 4A350B790FDD2FE957E9AB48D5969B217AB19FC7F93F3774F1121A5F140FF9A9EAAA8FA30E06A9EF40AD776E698C2E65A05323C3ADF84271DA1716E75F5183C3 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 5.814115788739565 |
Encrypted: | false |
SSDEEP: | 192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr |
MD5: | CFF85C549D536F651D4FB8387F1976F2 |
SHA1: | D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E |
SHA-256: | 8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8 |
SHA-512: | 531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 52 |
Entropy (8bit): | 4.0914493934217315 |
Encrypted: | false |
SSDEEP: | 3:sBa99k1NoCFOn:KankVg |
MD5: | 5D04A35D3950677049C7A0CF17E37125 |
SHA1: | CAFDD49A953864F83D387774B39B2657A253470F |
SHA-256: | A9493973DD293917F3EBB932AB255F8CAC40121707548DE100D5969956BB1266 |
SHA-512: | C7B1AFD95299C0712BDBC67F9D2714926D6EC9F71909AF615AFFC400D8D2216AB76F6AC35057088836435DE36E919507E1B25BE87B07C911083F964EB67E003B |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 4.256564762130954 |
Encrypted: | false |
SSDEEP: | 3:DyWgLQIfLBJXmgU:mkIP25 |
MD5: | F15BFDEBB2DF02D02C8491BDE1B4E9BD |
SHA1: | 93BD46F57C3316C27CAD2605DDF81D6C0BDE9301 |
SHA-256: | C87F2FF45BB530577FB8856DF1760EDAF1060AE4EE2934B17FDD21B7D116F043 |
SHA-512: | 1757ED4AE4D47D0C839511C18BE5D75796224D4A3049E2D8853650ACE2C5057C42040DE6450BF90DD4969862E9EBB420CD8A34F8DD9C970779ED2E5459E8F2F1 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.543716429911504 |
Encrypted: | false |
SSDEEP: | 3:sEMBQEJkJVEji6J2vdWxQoXUn:/6AWxvUn |
MD5: | 2D45B071BCE5847E12B6308C981E1AB7 |
SHA1: | 5BC8E983895ACD8ED0D5BB4FC48355CF5871ED2C |
SHA-256: | 3E9039677F7626A652276F60ECB67B20CD004050AF6D7CEC32D237591254CB81 |
SHA-512: | E838C8C079A8CA453EAA5509DF7FE8340329AFBF6E6205938EBCAC23A98514B7465E8AB7CC9E1BE1AF10423AB87C8F1797013B58DFFCC3D29A35A792D8F05EBC |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Aviso legal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 56 |
Entropy (8bit): | 4.250903860294566 |
Encrypted: | false |
SSDEEP: | 3:sAAEVvjs8S6JA84n:fLXS6U |
MD5: | C599D20101D8532A39FEFBEC3A4162A9 |
SHA1: | 6215D1ABF9002230448221E1EBDCB2916DF29CB3 |
SHA-256: | DB2D57C0D52D8989DE271B0B5440E043C7C93B4F58092DE80A1C1E569F5327B2 |
SHA-512: | DF32094A64597C11D96B2844EA097C960CF39901508DCDF9D0892E2879706D2B6A178D1F798A1BA22613091C79B11BA468B21AD04F7856C8BE3CFD517330DF93 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.653105824231968 |
TrID: |
|
File name: | Aviso legal.exe |
File size: | 841'240 bytes |
MD5: | c7ae7bfda7f71b76c6f3213cfe94529e |
SHA1: | eebcb778056a8fa9a33255141d70ffac41523caf |
SHA256: | 93b75e7f99768d86cb26282a3164d806d36a2c890fb7d367f0cf389a75d304d4 |
SHA512: | 70326a8b9f6c7d99f82e32f0116b23e2b879bbea3235b03e7510a080ffbbeabc2620b09be4406a2a2b28b62c0679a3ee56e39b7398991693c80da0d84fe43fd2 |
SSDEEP: | 12288:8bBFvUojlMVWIhWL7Uc8Eh8xn8mWpXS0iNrmY:8bPvUohIWIhko9xnVWpCH |
TLSH: | 4F05E1C2B18014A6E9744F3958365C8726B77D7DFCB0B81E6996F0A65B7B2E3102BC07 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j......... |
Icon Hash: | 0401250109010d0c |
Entrypoint: | 0x40352d |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 56a78d55f3f7af51443e58e0ce2fb5f6 |
Signature Valid: | false |
Signature Issuer: | E=Dictating@Neals.Tel, O=Trapper, OU="Upaataltes Proterothesis Toothcup ", CN=Trapper, L=Bevington, S=Iowa, C=US |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 11BC420115D8ACEACC5D6244ABF4373D |
Thumbprint SHA-1: | 8AB6E862ACF364220D20DC9B3B751F722332D317 |
Thumbprint SHA-256: | 7324B8CF0875F2DD6EA0F7AEBB1948BFF8D6582FCFD80B28C72C7C5B76198877 |
Serial: | 06CB303D2313543B083B326C3429254DD90C4ADA |
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 000003F4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [ebp-14h], ebx |
mov dword ptr [ebp-04h], 0040A2E0h |
mov dword ptr [ebp-10h], ebx |
call dword ptr [004080CCh] |
mov esi, dword ptr [004080D0h] |
lea eax, dword ptr [ebp-00000140h] |
push eax |
mov dword ptr [ebp-0000012Ch], ebx |
mov dword ptr [ebp-2Ch], ebx |
mov dword ptr [ebp-28h], ebx |
mov dword ptr [ebp-00000140h], 0000011Ch |
call esi |
test eax, eax |
jne 00007F3C34B16D6Ah |
lea eax, dword ptr [ebp-00000140h] |
mov dword ptr [ebp-00000140h], 00000114h |
push eax |
call esi |
mov ax, word ptr [ebp-0000012Ch] |
mov ecx, dword ptr [ebp-00000112h] |
sub ax, 00000053h |
add ecx, FFFFFFD0h |
neg ax |
sbb eax, eax |
mov byte ptr [ebp-26h], 00000004h |
not eax |
and eax, ecx |
mov word ptr [ebp-2Ch], ax |
cmp dword ptr [ebp-0000013Ch], 0Ah |
jnc 00007F3C34B16D3Ah |
and word ptr [ebp-00000132h], 0000h |
mov eax, dword ptr [ebp-00000134h] |
movzx ecx, byte ptr [ebp-00000138h] |
mov dword ptr [00434FB8h], eax |
xor eax, eax |
mov ah, byte ptr [ebp-0000013Ch] |
movzx eax, ax |
or eax, ecx |
xor ecx, ecx |
mov ch, byte ptr [ebp-2Ch] |
movzx ecx, cx |
shl eax, 10h |
or eax, ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8610 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x59000 | 0x64ea8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xcc1f0 | 0x1428 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6897 | 0x6a00 | ce9df19df15aa7bfbc0a8d0af0b841d0 | False | 0.6661261792452831 | data | 6.458398214928006 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x14a6 | 0x1600 | a118375c929d970903c1204233b7583d | False | 0.4392755681818182 | data | 5.024109281264143 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x2b018 | 0x600 | 82a10c59a8679bb952fc8316070b8a6c | False | 0.521484375 | data | 4.15458210408643 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x36000 | 0x23000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x59000 | 0x64ea8 | 0x65000 | 5294253f9c9db21a50d62c4c6bdf0863 | False | 0.13441029161509901 | data | 1.8715837561545812 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x59328 | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 270336 | English | United States | 0.1180356244637098 |
RT_ICON | 0x9b350 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.14203537205725777 |
RT_ICON | 0xabb78 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.1536157241959218 |
RT_ICON | 0xb5020 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.1853448275862069 |
RT_ICON | 0xb9248 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.20881742738589212 |
RT_ICON | 0xbb7f0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.2626641651031895 |
RT_ICON | 0xbc898 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.305327868852459 |
RT_ICON | 0xbd220 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.3608156028368794 |
RT_DIALOG | 0xbd688 | 0x100 | data | English | United States | 0.5234375 |
RT_DIALOG | 0xbd788 | 0x11c | data | English | United States | 0.6091549295774648 |
RT_DIALOG | 0xbd8a8 | 0x60 | data | English | United States | 0.7291666666666666 |
RT_GROUP_ICON | 0xbd908 | 0x76 | data | English | United States | 0.7203389830508474 |
RT_VERSION | 0xbd980 | 0x1e4 | data | English | United States | 0.512396694214876 |
RT_MANIFEST | 0xbdb68 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 22, 2024 20:31:38.749021053 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:38.955976963 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:38.956182003 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:38.956564903 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.163436890 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.164582968 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.164630890 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.164743900 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.164908886 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.166707039 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.166754961 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.167052984 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.168845892 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.168894053 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.169130087 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.169262886 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.170985937 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.171036005 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.171225071 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.173146963 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.173197031 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.173373938 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.173373938 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.371903896 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.371952057 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.371974945 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.372076035 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.372112989 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.372134924 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.372359991 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.374114037 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.374226093 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.374335051 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.374397993 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.376269102 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.376388073 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.376512051 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.376589060 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.378413916 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.378488064 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.378678083 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.380562067 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.380675077 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.380836964 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.380911112 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.387412071 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.387439966 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.387623072 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.389549971 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.389662981 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.389847994 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.389868975 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.392904043 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.392991066 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.393076897 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.393237114 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.395081997 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.395195961 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.395265102 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.395381927 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.579178095 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.579219103 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.579245090 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.579385042 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.579452991 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.579483032 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.579608917 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.582335949 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.582367897 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.582653046 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.584382057 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.584424019 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.584734917 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.586503029 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.586546898 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.586831093 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.588727951 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.588759899 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.588922024 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.589071989 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.590886116 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.590918064 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.591296911 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.593007088 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.593049049 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.593272924 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.595138073 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.595180988 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.595397949 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.597299099 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.597338915 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.597538948 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.597568989 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.599458933 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.599499941 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.599776983 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.601656914 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.601700068 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.601917028 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.603816986 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.603863001 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.604116917 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.605983973 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.606015921 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.606197119 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.608068943 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.608100891 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.608222961 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.608329058 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.610392094 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.610424042 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.610682964 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.612380981 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.612413883 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.612695932 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.614530087 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.614561081 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.614751101 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.616946936 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.616978884 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.617218018 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.619093895 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.619143963 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.619353056 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.786384106 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.786454916 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.786508083 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.786581039 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.786611080 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.786623955 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.786726952 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.786835909 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.788507938 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.788599968 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.788732052 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.789041996 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.790719986 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.790741920 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.790990114 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.792934895 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.793042898 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.793332100 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.795039892 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.795152903 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.795232058 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.795319080 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.797172070 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.797329903 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.797514915 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.797514915 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.799350023 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.799451113 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.799652100 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.801462889 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.801574945 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.801645041 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.801862001 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.803620100 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.803760052 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.803813934 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.804069042 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.805809021 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.805824041 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.806081057 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.807957888 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.807972908 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.808309078 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.810054064 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.810162067 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.810318947 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.810333014 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.812242985 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.812350988 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.812475920 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.812546968 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.814373970 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.814513922 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.814600945 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.814718008 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.816550970 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.816657066 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.816747904 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.816992998 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.818694115 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.818794966 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.818880081 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.819009066 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.820893049 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.820908070 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.821206093 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.822984934 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.823098898 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.823194027 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.823286057 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.825232983 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.825248957 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.825529099 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.827368021 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.827383041 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.827604055 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.829549074 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.829564095 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.829839945 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.831674099 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.831784964 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.832036018 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.833806038 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.833916903 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.833997011 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.834106922 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.835968018 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.836039066 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.836126089 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.836241007 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.838052034 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.838093042 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.838243961 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.840250015 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.840265989 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.840487957 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.842375040 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.842488050 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.842554092 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.842780113 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.844491959 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.844532967 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.844686031 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.846752882 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.846862078 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.846978903 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.847063065 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.848845005 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.848956108 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.849066973 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.849144936 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.850960016 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.851094007 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.851119041 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.851342916 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.853133917 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.853306055 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.853477955 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.853477955 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.855349064 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.855364084 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.855499983 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.855642080 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.857484102 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.857498884 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.857749939 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.859668970 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.859683990 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.859905958 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.861846924 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.861958981 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.862019062 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.862143993 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.866331100 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.866345882 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.866628885 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.873281002 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.873296022 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.873543978 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.880366087 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.880381107 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.880630016 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.993592024 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.993613958 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.993626118 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.993788958 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.993797064 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.993885040 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.993957996 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.995759964 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.995867968 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.996052980 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.996052980 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:39.997960091 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.997975111 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:39.998306036 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.000134945 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.000149965 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.000361919 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.002342939 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.002357960 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.002573967 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.004410982 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.004508972 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.004771948 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.006633043 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.006747007 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.006942034 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.006942034 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.008785963 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.008800983 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.009128094 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.011018038 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.011033058 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.011260033 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.013055086 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.013166904 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.013257980 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.013350964 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.015181065 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.015288115 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.015415907 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.015490055 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.017353058 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.017452002 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.017600060 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.017690897 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.019546032 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.019642115 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.019809961 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.019885063 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.026360035 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.026468039 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.026717901 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.030826092 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.030941010 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.031162024 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.038001060 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.038117886 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.038202047 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.038290977 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.044836044 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.044850111 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.045093060 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.051654100 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.051670074 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.051893950 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:40.058461905 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:40.058696985 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:31:41.769321918 CEST | 49796 | 443 | 192.168.11.20 | 104.26.12.205 |
May 22, 2024 20:31:41.769346952 CEST | 443 | 49796 | 104.26.12.205 | 192.168.11.20 |
May 22, 2024 20:31:41.770241976 CEST | 49796 | 443 | 192.168.11.20 | 104.26.12.205 |
May 22, 2024 20:31:41.783468008 CEST | 49796 | 443 | 192.168.11.20 | 104.26.12.205 |
May 22, 2024 20:31:41.783474922 CEST | 443 | 49796 | 104.26.12.205 | 192.168.11.20 |
May 22, 2024 20:31:42.145601988 CEST | 443 | 49796 | 104.26.12.205 | 192.168.11.20 |
May 22, 2024 20:31:42.146598101 CEST | 49796 | 443 | 192.168.11.20 | 104.26.12.205 |
May 22, 2024 20:31:42.147721052 CEST | 49796 | 443 | 192.168.11.20 | 104.26.12.205 |
May 22, 2024 20:31:42.147726059 CEST | 443 | 49796 | 104.26.12.205 | 192.168.11.20 |
May 22, 2024 20:31:42.147984982 CEST | 443 | 49796 | 104.26.12.205 | 192.168.11.20 |
May 22, 2024 20:31:42.178507090 CEST | 49796 | 443 | 192.168.11.20 | 104.26.12.205 |
May 22, 2024 20:31:42.220176935 CEST | 443 | 49796 | 104.26.12.205 | 192.168.11.20 |
May 22, 2024 20:31:42.622144938 CEST | 443 | 49796 | 104.26.12.205 | 192.168.11.20 |
May 22, 2024 20:31:42.622205973 CEST | 443 | 49796 | 104.26.12.205 | 192.168.11.20 |
May 22, 2024 20:31:42.623277903 CEST | 49796 | 443 | 192.168.11.20 | 104.26.12.205 |
May 22, 2024 20:31:42.624605894 CEST | 49796 | 443 | 192.168.11.20 | 104.26.12.205 |
May 22, 2024 20:31:44.812458038 CEST | 80 | 49794 | 172.93.121.7 | 192.168.11.20 |
May 22, 2024 20:31:44.812674046 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:33:28.489192009 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:33:29.004561901 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:33:30.019934893 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:33:32.050760031 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:33:36.096785069 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:33:44.188710928 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
May 22, 2024 20:34:00.357021093 CEST | 49794 | 80 | 192.168.11.20 | 172.93.121.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 22, 2024 20:31:38.497641087 CEST | 59066 | 53 | 192.168.11.20 | 1.1.1.1 |
May 22, 2024 20:31:38.745045900 CEST | 53 | 59066 | 1.1.1.1 | 192.168.11.20 |
May 22, 2024 20:31:41.588360071 CEST | 63067 | 53 | 192.168.11.20 | 1.1.1.1 |
May 22, 2024 20:31:41.764492035 CEST | 53 | 63067 | 1.1.1.1 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 22, 2024 20:31:38.497641087 CEST | 192.168.11.20 | 1.1.1.1 | 0x6c77 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 22, 2024 20:31:41.588360071 CEST | 192.168.11.20 | 1.1.1.1 | 0x1513 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 22, 2024 20:31:38.745045900 CEST | 1.1.1.1 | 192.168.11.20 | 0x6c77 | No error (0) | 172.93.121.7 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 20:31:41.764492035 CEST | 1.1.1.1 | 192.168.11.20 | 0x1513 | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 20:31:41.764492035 CEST | 1.1.1.1 | 192.168.11.20 | 0x1513 | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 20:31:41.764492035 CEST | 1.1.1.1 | 192.168.11.20 | 0x1513 | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.11.20 | 49794 | 172.93.121.7 | 80 | 6196 | C:\Users\user\Desktop\Aviso legal.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 22, 2024 20:31:38.956564903 CEST | 174 | OUT | |
May 22, 2024 20:31:39.164582968 CEST | 1289 | IN | |
May 22, 2024 20:31:39.164630890 CEST | 1289 | IN | |
May 22, 2024 20:31:39.166707039 CEST | 1289 | IN | |
May 22, 2024 20:31:39.166754961 CEST | 1289 | IN | |
May 22, 2024 20:31:39.168845892 CEST | 1289 | IN | |
May 22, 2024 20:31:39.168894053 CEST | 1289 | IN | |
May 22, 2024 20:31:39.170985937 CEST | 1289 | IN | |
May 22, 2024 20:31:39.171036005 CEST | 1289 | IN | |
May 22, 2024 20:31:39.173146963 CEST | 1289 | IN | |
May 22, 2024 20:31:39.173197031 CEST | 1289 | IN | |
May 22, 2024 20:31:39.371903896 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.11.20 | 49796 | 104.26.12.205 | 443 | 6196 | C:\Users\user\Desktop\Aviso legal.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-22 18:31:42 UTC | 155 | OUT | |
2024-05-22 18:31:42 UTC | 211 | IN | |
2024-05-22 18:31:42 UTC | 12 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:30:54 |
Start date: | 22/05/2024 |
Path: | C:\Users\user\Desktop\Aviso legal.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 841'240 bytes |
MD5 hash: | C7AE7BFDA7F71B76C6F3213CFE94529E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 10 |
Start time: | 14:31:25 |
Start date: | 22/05/2024 |
Path: | C:\Users\user\Desktop\Aviso legal.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 841'240 bytes |
MD5 hash: | C7AE7BFDA7F71B76C6F3213CFE94529E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 21.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 16% |
Total number of Nodes: | 1564 |
Total number of Limit Nodes: | 39 |
Graph
Function 0040352D Relevance: 88.0, APIs: 33, Strings: 17, Instructions: 450stringfilecomCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 705B2B98 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401FA4 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004023B2 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 705B2A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040498A Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 705B1BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406D85 Relevance: .3, Instructions: 334COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040755C Relevance: .3, Instructions: 300COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404658 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 705B2655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405F14 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 705B2480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 705B16BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 705B10E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 10.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 155 |
Total number of Limit Nodes: | 15 |
Graph
Function 3611CCC0 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36113EE8 Relevance: 2.9, Instructions: 2857COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 361149D2 Relevance: 1.7, Instructions: 1666COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611EE00 Relevance: .3, Instructions: 286COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611AD70 Relevance: 6.6, Strings: 5, Instructions: 370COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3930CC28 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3930CC38 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611E3C8 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611E3B8 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611B28F Relevance: 2.6, Strings: 2, Instructions: 109COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 361118A8 Relevance: 1.8, Strings: 1, Instructions: 559COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 395D71F2 Relevance: 1.8, APIs: 1, Instructions: 277COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 395D7350 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00168004 Relevance: 1.6, APIs: 1, Instructions: 99libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00164E34 Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3930CE78 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3930CE80 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 395D0A7C Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 395D21D8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 395DC100 Relevance: 1.5, APIs: 1, Instructions: 47comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 395DB210 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00162288 Relevance: 1.5, APIs: 1, Instructions: 39libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00161A60 Relevance: 1.5, APIs: 1, Instructions: 37libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36119928 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611A12F Relevance: 1.4, Strings: 1, Instructions: 125COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611BE33 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36110EE8 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36119910 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611BCF7 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36110ED8 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611BD08 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36113318 Relevance: .4, Instructions: 408COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611DAF8 Relevance: .2, Instructions: 223COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36113C48 Relevance: .2, Instructions: 216COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611DE20 Relevance: .2, Instructions: 215COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611DE30 Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611EC72 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 361100D0 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611A638 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611A648 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 361100C0 Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 361131EB Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611D701 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611D710 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36113200 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611CCA6 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 361130F1 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36113100 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611B0B8 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611D820 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611A588 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611D4D8 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36119E98 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611DA58 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611A9A8 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36113C38 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611A31E Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611D80F Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611DA68 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36111000 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36119A7E Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3611A350 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 361175B4 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36119B61 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36119B70 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040352D Relevance: 75.7, APIs: 33, Strings: 10, Instructions: 450stringfilecomCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405C49 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401941 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403BEC Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404658 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040498A Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040307D Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 181memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040657A Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 196stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A6E Relevance: 6.0, APIs: 4, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405F14 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|