Windows
Analysis Report
99200032052824.bat.exe
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64native
99200032052824.bat.exe (PID: 8652 cmdline:
"C:\Users\ user\Deskt op\9920003 2052824.ba t.exe" MD5: 085DE7AC75BBD791C1B1F979FE8FF78C) 99200032052824.bat.exe (PID: 7240 cmdline:
"C:\Users\ user\Deskt op\9920003 2052824.ba t.exe" MD5: 085DE7AC75BBD791C1B1F979FE8FF78C)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_3 | Yara detected GuLoader | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 5_2_00405768 | |
Source: | Code function: | 5_2_004062A3 | |
Source: | Code function: | 5_2_004026FE | |
Source: | Code function: | 9_2_00405768 | |
Source: | Code function: | 9_2_004026FE | |
Source: | Code function: | 9_2_004062A3 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | DNS query: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 5_2_00405205 |
Source: | Code function: | 5_2_0040320C | |
Source: | Code function: | 9_2_0040320C |
Source: | Code function: | 5_2_00404A44 | |
Source: | Code function: | 5_2_00406F54 | |
Source: | Code function: | 5_2_0040677D | |
Source: | Code function: | 5_2_73A31A98 | |
Source: | Code function: | 9_2_00404A44 | |
Source: | Code function: | 9_2_00406F54 | |
Source: | Code function: | 9_2_0040677D | |
Source: | Code function: | 9_2_00169028 | |
Source: | Code function: | 9_2_001688BB | |
Source: | Code function: | 9_2_001638F8 | |
Source: | Code function: | 9_2_00164910 | |
Source: | Code function: | 9_2_0016C360 | |
Source: | Code function: | 9_2_0016F6A0 | |
Source: | Code function: | 9_2_00164040 | |
Source: | Code function: | 9_2_0016E98A | |
Source: | Code function: | 9_2_375F7700 | |
Source: | Code function: | 9_2_375F8668 | |
Source: | Code function: | 9_2_375F2690 | |
Source: | Code function: | 9_2_375F1CA0 | |
Source: | Code function: | 9_2_375F3750 | |
Source: | Code function: | 9_2_375FA880 | |
Source: | Code function: | 9_2_0016C648 |
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 5_2_0040320C | |
Source: | Code function: | 9_2_0040320C |
Source: | Code function: | 5_2_004044D1 |
Source: | Code function: | 5_2_004020D1 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File written: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 5_2_73A31A98 |
Source: | Code function: | 5_2_73A32F4E |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | HTTP traffic detected: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Code function: | 5_2_00405768 | |
Source: | Code function: | 5_2_004062A3 | |
Source: | Code function: | 5_2_004026FE | |
Source: | Code function: | 9_2_00405768 | |
Source: | Code function: | 9_2_004026FE | |
Source: | Code function: | 9_2_004062A3 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | API call chain: | graph_5-4690 | ||
Source: | API call chain: | graph_5-4511 |
Source: | Code function: | 5_2_00402340 |
Source: | Code function: | 5_2_73A31A98 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 5_2_0040320C |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 231 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 2 OS Credential Dumping | 4 File and Directory Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Native API | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | 1 Credentials in Registry | 36 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 11 Process Injection | 2 Obfuscated Files or Information | Security Account Manager | 32 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | NTDS | 23 Virtualization/Sandbox Evasion | Distributed Component Object Model | 1 Clipboard Data | 12 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Masquerading | LSA Secrets | 1 System Network Configuration Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 23 Virtualization/Sandbox Evasion | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 11 Process Injection | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | ReversingLabs | |||
20% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ip-api.com | 208.95.112.1 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
208.95.112.1 | ip-api.com | United States | 53334 | TUT-ASUS | true | |
109.248.151.11 | unknown | Russian Federation | 52048 | DATACLUBLV | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1447846 |
Start date and time: | 2024-05-27 09:12:50 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 15m 37s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 99200032052824.bat.exe |
Detection: | MAL |
Classification: | mal96.troj.spyw.evad.winEXE@3/23@1/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, HxTsr.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): assets.msn.com, login.live.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, api.msn.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target 99200032052824.bat.exe, PID 7240 because it is empty
- HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
208.95.112.1 | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Discord Token Stealer, XWorm | Browse |
| ||
Get hash | malicious | VMdetect | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ip-api.com | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Discord Token Stealer, XWorm | Browse |
| ||
Get hash | malicious | VMdetect | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TUT-ASUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Discord Token Stealer, XWorm | Browse |
| ||
Get hash | malicious | VMdetect | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
DATACLUBLV | Get hash | malicious | GuLoader | Browse |
| |
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Nanocore | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, AgentTesla, DBatLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | WSHRat, VjW0rm | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nsvDCDA.tmp\System.dll | Get hash | malicious | GuLoader | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | FormBook, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse |
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39 |
Entropy (8bit): | 3.994004065616087 |
Encrypted: | false |
SSDEEP: | 3:bMQGHbS9n:fG7Gn |
MD5: | DC764DAEA004E907E2A4076DC2E81DCE |
SHA1: | 64CC2F14C8426031E8FE9995DA24887FF5BEEC97 |
SHA-256: | 8A3DD54ACAC47298AFA45E7048A9297F897E35CB351E511FBE5A421B1ED6523D |
SHA-512: | F03E8C65E1974E8BC1608E292A9898054C791B5E8505B8BBD5F9EB832CD414C3FB19F7E328286984CC73A07937D60731DD00F20C3E31DB77245A2F178E5BF257 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 51 |
Entropy (8bit): | 4.7896890672920085 |
Encrypted: | false |
SSDEEP: | 3:ayWFXQLQIfLBJXlFGfv:bmXQkIPeH |
MD5: | F09045A90C78C38BE8C9CBABC14C5AF5 |
SHA1: | 0EC854B7F04157763C40DCB430DE981380BA82CF |
SHA-256: | EB547F6C09B10F5824FA51272FE7EBDA82A2942209E8C795250A3A71A73789E3 |
SHA-512: | E10CA8614F3BD2FED1CFD752FCED2754853DA013CBA37E9258F03ECA34F5C0E9DA524989E5234349935D9BA47CF63034D73A8275D61EB9B4B7D1D90531F9981C |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.825582780706362 |
Encrypted: | false |
SSDEEP: | 192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4 |
MD5: | FBE295E5A1ACFBD0A6271898F885FE6A |
SHA1: | D6D205922E61635472EFB13C2BB92C9AC6CB96DA |
SHA-256: | A1390A78533C47E55CC364E97AF431117126D04A7FAED49390210EA3E89DD0E1 |
SHA-512: | 2CB596971E504EAF1CE8E3F09719EBFB3F6234CEA5CA7B0D33EC7500832FF4B97EC2BBE15A1FBF7E6A5B02C59DB824092B9562CD8991F4D027FEAB6FD3177B06 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25 |
Entropy (8bit): | 4.163856189774724 |
Encrypted: | false |
SSDEEP: | 3:+gMn:8 |
MD5: | ECB33F100E1FCA0EB01B36757EF3CAC8 |
SHA1: | 61DC848DD725DB72746E332D040A032C726C9816 |
SHA-256: | 8734652A2A9E57B56D6CBD22FA9F305FC4691510606BCD2DFCA248D1BF9E79C7 |
SHA-512: | D56951AC8D3EB88020E79F4581CB9282CA40FAA8ADC4D2F5B8864779E28E5229F5DFE13096CF4B373BBC9BC2AC4BFC58955D9420136FB13537F11C137D633C18 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Krapyls172.syg
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4409 |
Entropy (8bit): | 4.998325107222196 |
Encrypted: | false |
SSDEEP: | 96:Z8NR23i27mHC6ldsqGicLJ4YmJjKMt6kG7MK/e4:ZuR23yCAcPajB6V7MKT |
MD5: | FE67CBDFC33E4BCA1D5DE148DFD4CCA7 |
SHA1: | 601B7664814ACEA408AA7BBB121D5BB26301DB57 |
SHA-256: | 67CEA0A0C921025E558737D5BB54EAD4D0E795AD3D9688A87D18C3531C9A9A10 |
SHA-512: | E3B9871379906B4ACB92B71A67CD85BEC1DC490CB710E39335A34DCA7DC1DD9B05F80AC8A4201C6BCB115A76E3E439134745CB08D59F111F6FC44B6DCBFD06C7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Mattias.nap
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2532 |
Entropy (8bit): | 4.9678315283199135 |
Encrypted: | false |
SSDEEP: | 48:ufsILXIGNP20GjA52PD7Iy6o7dX3bDUiRaGCi0yy2WoHBF5d:ufsI8GN+0sAoPDs7mX3PFRoVoHz |
MD5: | C6878D37B9258F8AF8406998E372374A |
SHA1: | 0C98231F7395C3BADD802AF8B6F54759D042B778 |
SHA-256: | D1437C6D99ED6EEF50164DC663DF24DF9E67783900A605B804EFB3728EEDCD69 |
SHA-512: | B291DFCF1EEB22C04EDAF4B43AC1AE88B69AB1E4AED7AAA55EFAB1951B6F64BB395C8242874AF449C036AD1A2C63CB0364943C03F096FA20F4A1B3C571A846DC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Nydannelses.Aar
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 267175 |
Entropy (8bit): | 7.5093466450966755 |
Encrypted: | false |
SSDEEP: | 6144:0bkpKe8XvlKE8doHmvveIqwPYxv9eh63gVua+orBWDar4pbq:0bkp2XkBZvvPqrl9MMgVuboVWDaiq |
MD5: | EFE533BAAD77375996164F3CA96F08C7 |
SHA1: | 61DAC0069B45D17CC6DAA70D1392A46A6CB22C55 |
SHA-256: | 518FF4DA0147E66D5D832FA038BFAD15017A7CC81F6986492737E520A3DD6999 |
SHA-512: | 6C02F5E7F336337DD621F0F2E95B984EB660E6F6DA8A5D0F238335D8875AA15ACC05D21796CEC2150D0122B442756B15963274D8A36A30F7793EFA97859EEB42 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Sestertius.djv
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3100 |
Entropy (8bit): | 4.748208227621493 |
Encrypted: | false |
SSDEEP: | 96:0+WozLtosUl81/8yuN9lvcoE5B9+crXOL:0+W0Pf1UysE/H9A |
MD5: | 175C8E8CBBA4FEE420E7131DEFEE9C57 |
SHA1: | ED7CA0AC22608E41CEBE91020026F4C7E30B5A42 |
SHA-256: | DE842BB06394A7859D97C6188D1AFA217F10784A1F564EB3E0140C94FFC90048 |
SHA-512: | 7B88A23A4B8D767A33987478B64F73EC8DEF254042F1C3A12F0120A85DC6E072DCF641709FAA858AECD52425419FCD04B1D26AB06B18106ED436DDD7A93BEAE8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Slidsomt.bra
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7510 |
Entropy (8bit): | 4.91720718259004 |
Encrypted: | false |
SSDEEP: | 192:fpfdSEMUTMZjVLoPmnXD3/gCu1G5xa8sAiN4Ce:fNdSTUYz8Pm74Cgc48VtV |
MD5: | 3C54B9521872A75B7FF9C08D5F58FC2C |
SHA1: | 1C8A2A51E9A78B8E1F7E91B59A3AA4D9301095CB |
SHA-256: | 7817A04E5EC98E43939698025A2133653F287290223320F237C12C1D3B6B126C |
SHA-512: | F121270D58F6F04BF57B6A86061CCACFACA783800A43DA56EDE010B22542DF9553C237445C4E86E8D812F090D2255CD1B6540B87B25543B6BFE2DAFAF413E0D3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Strand\afslres.ten
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2501 |
Entropy (8bit): | 4.812074749205284 |
Encrypted: | false |
SSDEEP: | 48:YzKTprRUztTLPa86AEg32I6bSmPd30YDvSQLc3hePoE/eHv4d1w:bUu42NbBh0AaQJPIPuC |
MD5: | ED9E84934782D5FDC90AC9781DC9A6E1 |
SHA1: | 39DD2E37586C5CB5DD86A9F6A987C1FCDFF45FFF |
SHA-256: | 37AD2DBD7F711971FD8DDD2BD78D5BDFEAACF52724FF9D7C7FC9B293F7C9B5FE |
SHA-512: | 07FE7559008D6E528E8227BD64F305BA51EB739128067FCA911485F02F5A07B4531B6B5CD3D32A2CF02114CA27E64E0B32FCC1D813B55FE2EA00F33D0843D598 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Strand\discomposed.non
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2577 |
Entropy (8bit): | 5.07901334387277 |
Encrypted: | false |
SSDEEP: | 48:qFvj/6l92Aw0Xf3MtDM81l4U3d2pjLAFQKm12qEIVH4oqTVzj9lPj3UFhCNQ:wjGnw0fWD1l4UNYLXKBqbA/PjwhR |
MD5: | 5FEC97594CEB46A5C143053B0A9FA6E2 |
SHA1: | 8B9C1B04B41BE3AE4E9D4909D873D7A3BC67272B |
SHA-256: | 02F91F9E1D345BD7DAA518A98B5FD84B8DAE146633A6A8F3B15C0586D8C074DE |
SHA-512: | A3832EBBB5DB00C38FA4F60F9BA687499E4FCA6F5C036E4B7BD3C1F1039C0425B7B8B82D834B00E39557F40748DA5E725E6000C2A0BAD0701B11BCEDF96CF395 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Strand\dred.jpg
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 23244 |
Entropy (8bit): | 7.540912926808858 |
Encrypted: | false |
SSDEEP: | 384:wZVE8byaUmJ0B1YWBWiU+y/KnPXLeO/4NK05cT8SLs3afUXiH43j:wbrbz6HYWBWiZy/KnP49cTbfUXr |
MD5: | 18E048BA7596E10380F1AE242781B676 |
SHA1: | AEA8403BFC4B42ADDC05F6098D5EE56E8BABC532 |
SHA-256: | 69881C64F796D9F2571116A8E6C3D9E1B77E6EB1A2CAFE6C9A333E6EE486B842 |
SHA-512: | E5599C1F77C9DB3E027A2B38727F374E1746DD1281F42AC6397E478B9E4FCFC5A769AE8EA3F20333A409CBBCE28CE1C7869B44336D7E4EE4D5F41609C6EE30FE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Strand\gametophoric.txt
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 443 |
Entropy (8bit): | 4.26226221852899 |
Encrypted: | false |
SSDEEP: | 12:QhhpvdH/VEZ66gB2tzWlnyEKXL2WMeZ9JDHoJt:QhhFxdEZG20lKJM09Not |
MD5: | 052A3D0375E8EEB3A6A667ABFFC5F0EF |
SHA1: | 761CA63CE01BAE7BD014F1CBF299E3432604B8AE |
SHA-256: | D4E94A18C627B29290276983B249D999F0F5DF0233A2D8CE187DC7978D70AA18 |
SHA-512: | 716B27E42775AC6A96BCA6ACE56D207362AEB8889DB4DC10160A3F37D6C313E52F67EB70D8201B288B34CAF0238FC332AB7DB9297E42818FA7E963697EEC0E43 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Strand\isocola.sol
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3309 |
Entropy (8bit): | 4.898399826501928 |
Encrypted: | false |
SSDEEP: | 96:+f7M5oZ8Y0WrHmP+DwnfcXed5TAd6pivr:+TKS8Y024TccAd6pQ |
MD5: | 1E5426FBAE44458D0B5526B99D0958CA |
SHA1: | E0934E69B42ABFDD6695ED678077725ECF0B5084 |
SHA-256: | EA79B75BC89ADB3FAAFF4C957AFCD5CEEE4A40B88F22BBED3B045C659517B9A5 |
SHA-512: | C63CD9C148ACBEFB50F49B6168C0BD2D01D2A62629ECA8DCDFFD05A269D6092871D2CA7DFA86C3629453B8791E63F90C4A61CF6EF8E6F47194F39BAF595A7B10 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Strand\malningerne.bog
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13465 |
Entropy (8bit): | 4.947258320601266 |
Encrypted: | false |
SSDEEP: | 192:ftl1uywODc/D4zuFLp+h9JqgH01ZFDwMVyDdb8m7wzLqb8IpcypMHKc4nqAtpGn:f/YvqWDt898gU1ZFDwMIIr94G |
MD5: | 2AE1A3CDABC68B7F2AA156DC80A8BA6A |
SHA1: | E3065DB21D4CD531E715CB46B300FAC2A3AD2289 |
SHA-256: | D5443C561171FDE4676C329F857AE86851BAD9755348EC79B9B54CDB60555BBE |
SHA-512: | 03A1C5CD20A980A248ACF0EEAD25E0E77227F70082622BE4CB56B6F86FA3D366CB9567C4418CE2001A8534B57D77A27541F8C90BE56DE8C79E1762F4D1068BF2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Strand\monodomous.kal
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7722 |
Entropy (8bit): | 4.85176842716064 |
Encrypted: | false |
SSDEEP: | 192:nZFPnCY2Hm36vHT+Tm7rsMnTRmGJ/w79zdpwIf6S:7fCLHm36PT+Tm7gMTbxwxdpxz |
MD5: | 29907025DE7D88B9E24D525BCFCD0ACA |
SHA1: | 992446AAE89264303D61432F16C934781A628EB1 |
SHA-256: | 2EE335FBD15E3E22CF0522BF4A7FA28E58C329E2B1691A01CD40DC4E18C7A4E3 |
SHA-512: | 29215F48A2F67FCE3B25AB7F6497A27DAC1E97EA35847830706FC073558E51775371BC9FCFDDFB760832E420FAE8DA2F106B2E62418DB2004EC400FBBF067A2E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Strand\ornery.cem
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3105 |
Entropy (8bit): | 4.917605198162765 |
Encrypted: | false |
SSDEEP: | 96:qPt4g9NwI1VI64tPI9331YoNn4szSJaIryd:I4gjv2r0yoUJ/yd |
MD5: | 2820C0E9196BFB3569D0957C4D310813 |
SHA1: | 44B546C5A75241DECB0D419D509D86B0F83A228F |
SHA-256: | 2DB6D4FE9932E4D1F9A3FCF304FB869EA176385B5BB24DF8FE1B64179D3A5F5E |
SHA-512: | 57DF8A0782035D14DB6D29628FF210658A5395A31C614FB55EA1C93753FD9DCD07233BCD2264F8DC6522F90DCE28A852D6A4EB6A690D8B8BE11A11A22F9A9962 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Strand\podagrist.ref
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9978 |
Entropy (8bit): | 4.908627124521558 |
Encrypted: | false |
SSDEEP: | 192:lT1mzLGWI8BObOtq2V6JCGtsNigpgDjR1i8BxwYwu+p6:lTSI80bOgC6R7X+p6 |
MD5: | D1AA27BE4695EFFDE130C89CA7BFBC62 |
SHA1: | 32CF0D7B76A74A29B94E3F05858E0DA7DFCC9F08 |
SHA-256: | F209716D597B246F27998DA4749DB45AD61A645DE446E886463D18CB54DD187D |
SHA-512: | AA635DDF1F0F9A0DD7812B341C67624D193AA1BE7D0C2AA88AE64A2F51F1849323A3173EE6784D481BF91307FFF55CF66EF6271FB8CDBD901CA3000A1FAFFB71 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Strand\soliloquium.bor
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3350 |
Entropy (8bit): | 4.894453707611395 |
Encrypted: | false |
SSDEEP: | 48://vGRembfsNciS59pnhjSQZPbKDPiaI6hI2VmwLJ0z6G0mQuN4hZ:/wkNGdhjS2PbVAmwF0t0T |
MD5: | 16AF1A5579221F98F7A49F0A9E521704 |
SHA1: | B9C4E48C381998605EA86DCD99C4F116BF2D2790 |
SHA-256: | FDB32CC85C39D7FA95FF9634B7AB406F1959C6388A60F0ED7877EC1A492D6EE3 |
SHA-512: | 4BF5749FFB3C367728610C3D9B8640E4A3663AACAB47C898C5C5E7DCDAB54C15E4368DF4819F2467D9E22D6716860E4F0F6DE12361F48BF8C1AFED35F2136ED9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Strand\thoroughwort.ret
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13209 |
Entropy (8bit): | 4.958809693126459 |
Encrypted: | false |
SSDEEP: | 384:A0BxOjCRAKa0HAMddbG798fJhmTu1US21:7S4PahS8SJpKSo |
MD5: | A0EED22B474BBB911B0CBD28BDD4A543 |
SHA1: | 3810338ADD88F5AB3837AEB87AD0C8CD66C20AEC |
SHA-256: | 02D407A9D84325C5A53D156AB1008A5A7DAEDBC6087C0BB21AED461976EE5EB6 |
SHA-512: | EAD609280EDEC21AE14B2514D2356B1B39FE3760B2419E63172EAFA095DB900069EB8D5FA36D6BEBB7A81DD3796234794D90BC0EE742542C20AE18DEE211036F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\Strand\torminal.wes
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1918 |
Entropy (8bit): | 4.866117324562928 |
Encrypted: | false |
SSDEEP: | 48:tcSw5sLkgw4mnWWIFDXB5yZknRnYSPv0w1s68BUmN:tcDSrgPWbB5vnRNPMys62Uq |
MD5: | F5FA64BA1796D441E9069D66EAC986C9 |
SHA1: | D1A07F8E72F9DDEAB1CEA5AE64068C92483F9237 |
SHA-256: | DCADA90E85DDF4B55AFA174DA586C17DBD970C76801A526FBBFC4C73C8619E17 |
SHA-512: | 0BB8BE2340B996061B92E7C004A301852208428961FFDCEC6909872B21E3C68D3672CEFC07231D6E05ED80A0395CA32381CF557043E76BBBD1DA1C78020AB89E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\Quizs\afkontrollere.urb
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14713 |
Entropy (8bit): | 4.934954013154932 |
Encrypted: | false |
SSDEEP: | 192:P15IKag1z48yfTvHm1GpudD2DrxwmUnagvnp4xzaM8QIbpU3NbiLghghkLm:NJX88yKQpuUa31fpfM8QHGgWv |
MD5: | 4F98614616B284CB3F6BE2259A3BAA26 |
SHA1: | C750B5F26D0663189B089D2FE799F085E533B90C |
SHA-256: | 9E0410CA591D013A22A483F132A6B42E66D799953F4B4450AA42B02015B93CFA |
SHA-512: | C5FB64F244D4A41D35AA00F5991004F03C621264885ED9E4748799F7B7E15A8C1DDD2BFD32A75CAB8C350ACE2AD7C3CEB2BAEF375E2B660E8927F9D863CA2E7B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Bemangle\parsleywort\parallelopipedon.idi
Download File
Process: | C:\Users\user\Desktop\99200032052824.bat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16272 |
Entropy (8bit): | 4.562088205470639 |
Encrypted: | false |
SSDEEP: | 384:CUZhzCym6kuUq5PHVtiNLm4l5j+iWb4WCs9JDbGo4mt:9h+ymGn5PjiNplVDWLCwJZ42 |
MD5: | BCD7E822363D8366F1EF6E6611BC2F3D |
SHA1: | 9A0245A3BBC5635641745368A3AD683ECF00BBA3 |
SHA-256: | 062B935DB8D2D43C3A7B8C813E36F904C4FAFF8005D36F5005E7CA8040372D22 |
SHA-512: | BB842534FBA2E80705BD7465CD00B7E43B2DAD8146A69D9A3D06F7558606CAA4197009837413D1794B0BA0CC08CE9E290DD43D8B9944DF0DBA535625EAA68227 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.232824297475422 |
TrID: |
|
File name: | 99200032052824.bat.exe |
File size: | 543'903 bytes |
MD5: | 085de7ac75bbd791c1b1f979fe8ff78c |
SHA1: | f33f25a99dbf0f7b9c2ad2bc886e7748cb5d888f |
SHA256: | f76bdeb70f9927c49aa87d92d92eb93d05317a3bde63da7a78a11033b29b41ab |
SHA512: | afb829b774d73e4195702ff0e604626e485c2fc1b1bba93218e487947c75b2fe895ce1078f314746b256e591bbba545736be4722e569546d84a0edef7c259d4f |
SSDEEP: | 6144:i7eSVq22TITpPumUWUdtmYQ+V3Wm8WABXQsHSx4J5t9oDTsaPhygOdtUwj0Tnmu9:karCpPHibxB3mlaPhygoRu6Xo |
TLSH: | 97C4BD3827F0A386D176A67107E1E1355BF01F24EDD8C707D9B0661AAB62DDA3C8924F |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L...)..\.................d...|..... |
Icon Hash: | 347aa6868692d22e |
Entrypoint: | 0x40320c |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5C157F29 [Sat Dec 15 22:24:41 2018 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 3abe302b6d9a1256e6a915429af4ffd2 |
Instruction |
---|
sub esp, 00000184h |
push ebx |
push esi |
push edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 0040A198h |
mov dword ptr [esp+20h], ebx |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [004080A0h] |
call dword ptr [0040809Ch] |
and eax, BFFFFFFFh |
cmp ax, 00000006h |
mov dword ptr [0042F40Ch], eax |
je 00007F809508D333h |
push ebx |
call 00007F809509040Ah |
cmp eax, ebx |
je 00007F809508D329h |
push 00000C00h |
call eax |
mov esi, 00408298h |
push esi |
call 00007F8095090386h |
push esi |
call dword ptr [00408098h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], bl |
jne 00007F809508D30Dh |
push 0000000Ah |
call 00007F80950903DEh |
push 00000008h |
call 00007F80950903D7h |
push 00000006h |
mov dword ptr [0042F404h], eax |
call 00007F80950903CBh |
cmp eax, ebx |
je 00007F809508D331h |
push 0000001Eh |
call eax |
test eax, eax |
je 00007F809508D329h |
or byte ptr [0042F40Fh], 00000040h |
push ebp |
call dword ptr [00408044h] |
push ebx |
call dword ptr [00408288h] |
mov dword ptr [0042F4D8h], eax |
push ebx |
lea eax, dword ptr [esp+38h] |
push 00000160h |
push eax |
push ebx |
push 00429830h |
call dword ptr [00408178h] |
push 0040A188h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x853c | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x41000 | 0x2c198 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x298 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x628f | 0x6400 | 6cd58568c5809fdd0c7dcb006e4acdba | False | 0.6700390625 | data | 6.442207080714446 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x135c | 0x1400 | b27ba0846d4bbf5bff764f5a5c418a97 | False | 0.4611328125 | data | 5.240043476337556 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x25518 | 0x600 | 12c02de2bdc517e2722ceeb84aff8b34 | False | 0.455078125 | data | 4.04938010159809 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x30000 | 0x11000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x41000 | 0x2c198 | 0x2c200 | 96489cbbab3b3da7b86af0f759d0ecdd | False | 0.21858954497167138 | data | 4.658248901906368 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x41388 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.09613450845853543 |
RT_ICON | 0x51bb0 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.1351955013664074 |
RT_ICON | 0x5b058 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | United States | 0.16353974121996304 |
RT_ICON | 0x604e0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.1528696268304204 |
RT_ICON | 0x64708 | 0x3ba1 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9931215198165738 |
RT_ICON | 0x682b0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.21597510373443984 |
RT_ICON | 0x6a858 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.2575046904315197 |
RT_ICON | 0x6b900 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.3622950819672131 |
RT_ICON | 0x6c288 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.4787234042553192 |
RT_DIALOG | 0x6c6f0 | 0x100 | data | English | United States | 0.5234375 |
RT_DIALOG | 0x6c7f0 | 0x11c | data | English | United States | 0.6056338028169014 |
RT_DIALOG | 0x6c910 | 0xc4 | data | English | United States | 0.5918367346938775 |
RT_DIALOG | 0x6c9d8 | 0x60 | data | English | United States | 0.7291666666666666 |
RT_GROUP_ICON | 0x6ca38 | 0x84 | data | English | United States | 0.7348484848484849 |
RT_VERSION | 0x6cac0 | 0x398 | OpenPGP Public Key | English | United States | 0.4880434782608696 |
RT_MANIFEST | 0x6ce58 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
DLL | Import |
---|---|
KERNEL32.dll | GetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetCurrentDirectoryA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA |
USER32.dll | ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA |
ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 27, 2024 09:15:10.686388969 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:10.897634983 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:10.897831917 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:10.898099899 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.112833977 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.112972021 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.112987041 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.113018990 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.113080025 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.113132954 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.113132954 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.113289118 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.324342012 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.324438095 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.324537039 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.324553013 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.324620008 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.324654102 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.324686050 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.324738026 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.324785948 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.324786901 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.324800968 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.324903965 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.324934006 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.324934006 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.325114012 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.537586927 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.537686110 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.537700891 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.537781000 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.537892103 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.537909031 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.537942886 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.538033962 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.538084984 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.538147926 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.538162947 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.538188934 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.538274050 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.538367033 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.538423061 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.538423061 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.538536072 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.538548946 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.538564920 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.538610935 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.538662910 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.538722992 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.538722992 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.538733006 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.538789988 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.538825035 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.538942099 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.748940945 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749038935 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749054909 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749135971 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749142885 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.749217987 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.749249935 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749313116 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.749377012 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749389887 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749401093 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749403954 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.749470949 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749558926 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.749592066 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749644041 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749690056 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.749721050 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749767065 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749779940 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.749871969 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.749871969 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.749878883 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749891043 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.749902010 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750001907 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.750005960 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750052929 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.750111103 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750122070 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750133991 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750169992 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.750216007 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750236034 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.750236034 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.750346899 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750359058 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750391006 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.750396013 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750503063 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750508070 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.750610113 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750622034 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750633001 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750704050 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.750715971 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750751972 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.750751972 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.750849009 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.750879049 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750891924 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.750897884 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.750902891 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.751015902 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.751064062 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.959512949 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.959613085 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.959758043 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.959867001 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.960447073 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.960566044 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.960573912 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.960604906 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.960691929 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.960731983 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.960732937 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.960772038 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.960804939 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.960854053 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.960927010 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.960942984 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961004972 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961019039 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961050987 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961124897 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961173058 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961173058 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961175919 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961227894 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961240053 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961321115 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961368084 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961416960 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961422920 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961476088 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961488962 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961550951 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961595058 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961595058 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961611032 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961692095 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961724043 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961736917 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961741924 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961790085 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961831093 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961842060 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961852074 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961889029 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961949110 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961961985 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.961971045 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961971045 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.961973906 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.962094069 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.962172985 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.962191105 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.962227106 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.962244034 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.962333918 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.962347031 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.962385893 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.962426901 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.962490082 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.962541103 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.962589979 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.962610006 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.962625027 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.962677956 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.962763071 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.962805033 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.962827921 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.962857008 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.962946892 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.962963104 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.962995052 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.963066101 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.963114023 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.963227034 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.963239908 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.963283062 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.963387012 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.964725018 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.964958906 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.964983940 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.965135098 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.965168953 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.965302944 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.965410948 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.965437889 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.965538025 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.965574026 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.965579987 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.965593100 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.965689898 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.965689898 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.965707064 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.965720892 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.965828896 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.965857029 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.965909958 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.965962887 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.965974092 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.966000080 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.966038942 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.966059923 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.966181993 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.966214895 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.966239929 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.966259956 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.966288090 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.966334105 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.966339111 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.966382027 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.966432095 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.966448069 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.966460943 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.966556072 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.966572046 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.966572046 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.966620922 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.966689110 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:11.966718912 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:11.966867924 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.170274019 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.170372009 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.170461893 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.170514107 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.170546055 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.170584917 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.170694113 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.170734882 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.170794964 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.170872927 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.170886040 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.170922995 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.170970917 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.170988083 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.171026945 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.171036959 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.171144009 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.171155930 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.171170950 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.171221972 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.171221972 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.171313047 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.171313047 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.171416044 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.171813011 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.171933889 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.171962976 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.171991110 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.172066927 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.172096014 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.172116041 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.172221899 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.172235012 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.172287941 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.172311068 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.172353983 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.172353983 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.172367096 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.172456980 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.172480106 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.172492027 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.172503948 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.172508955 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.172559977 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.172638893 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.172698021 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.172709942 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.172718048 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.172801018 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.172816992 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.172863960 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.172976971 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.172990084 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.173089981 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.173103094 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.173132896 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.173182964 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.173211098 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.173211098 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.173338890 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.173353910 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.173463106 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.173475027 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.173485041 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.173489094 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.173507929 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.173563957 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.173588037 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.173640013 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.173640013 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.173696995 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.173710108 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.173737049 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.173820972 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.173821926 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.173872948 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.173964024 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.174073935 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174088001 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174182892 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174236059 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174251080 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.174340963 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.174381971 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174390078 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.174401045 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174447060 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174485922 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174496889 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.174575090 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.174575090 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.174606085 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174619913 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174623966 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.174724102 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174731970 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.174731970 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.174741030 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174861908 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174875975 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174932957 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174935102 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.174988031 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.174992085 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.174992085 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.175088882 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.175106049 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.175120115 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.175137997 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.175220966 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.175235033 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.175302982 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.175308943 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.175354958 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.175354958 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.175467968 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.175576925 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.175590992 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.175683975 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.175693035 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.175740957 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.175796986 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:15:12.175822973 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:12.175995111 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:15:15.688504934 CEST | 50032 | 80 | 192.168.11.30 | 208.95.112.1 |
May 27, 2024 09:15:15.787225962 CEST | 80 | 50032 | 208.95.112.1 | 192.168.11.30 |
May 27, 2024 09:15:15.787427902 CEST | 50032 | 80 | 192.168.11.30 | 208.95.112.1 |
May 27, 2024 09:15:15.790935040 CEST | 50032 | 80 | 192.168.11.30 | 208.95.112.1 |
May 27, 2024 09:15:15.891424894 CEST | 80 | 50032 | 208.95.112.1 | 192.168.11.30 |
May 27, 2024 09:15:15.933357954 CEST | 50032 | 80 | 192.168.11.30 | 208.95.112.1 |
May 27, 2024 09:16:26.807048082 CEST | 80 | 50032 | 208.95.112.1 | 192.168.11.30 |
May 27, 2024 09:16:26.807188034 CEST | 50032 | 80 | 192.168.11.30 | 208.95.112.1 |
May 27, 2024 09:16:47.477433920 CEST | 80 | 50032 | 208.95.112.1 | 192.168.11.30 |
May 27, 2024 09:17:00.675314903 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
May 27, 2024 09:17:00.886801958 CEST | 80 | 50031 | 109.248.151.11 | 192.168.11.30 |
May 27, 2024 09:17:00.887015104 CEST | 50031 | 80 | 192.168.11.30 | 109.248.151.11 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 27, 2024 09:15:15.552639008 CEST | 61029 | 53 | 192.168.11.30 | 1.1.1.1 |
May 27, 2024 09:15:15.653435946 CEST | 53 | 61029 | 1.1.1.1 | 192.168.11.30 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 27, 2024 09:15:15.552639008 CEST | 192.168.11.30 | 1.1.1.1 | 0xe9e8 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 27, 2024 09:15:15.653435946 CEST | 1.1.1.1 | 192.168.11.30 | 0xe9e8 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.11.30 | 50031 | 109.248.151.11 | 80 | 7240 | C:\Users\user\Desktop\99200032052824.bat.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 27, 2024 09:15:10.898099899 CEST | 178 | OUT | |
May 27, 2024 09:15:11.112833977 CEST | 1289 | IN | |
May 27, 2024 09:15:11.112972021 CEST | 1289 | IN | |
May 27, 2024 09:15:11.112987041 CEST | 1289 | IN | |
May 27, 2024 09:15:11.113080025 CEST | 1289 | IN | |
May 27, 2024 09:15:11.324342012 CEST | 1289 | IN | |
May 27, 2024 09:15:11.324438095 CEST | 1289 | IN | |
May 27, 2024 09:15:11.324537039 CEST | 1289 | IN | |
May 27, 2024 09:15:11.324620008 CEST | 1289 | IN | |
May 27, 2024 09:15:11.324654102 CEST | 1289 | IN | |
May 27, 2024 09:15:11.324786901 CEST | 1289 | IN | |
May 27, 2024 09:15:11.324800968 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.11.30 | 50032 | 208.95.112.1 | 80 | 7240 | C:\Users\user\Desktop\99200032052824.bat.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 27, 2024 09:15:15.790935040 CEST | 80 | OUT | |
May 27, 2024 09:15:15.891424894 CEST | 175 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 5 |
Start time: | 03:14:46 |
Start date: | 27/05/2024 |
Path: | C:\Users\user\Desktop\99200032052824.bat.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 543'903 bytes |
MD5 hash: | 085DE7AC75BBD791C1B1F979FE8FF78C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 9 |
Start time: | 03:15:00 |
Start date: | 27/05/2024 |
Path: | C:\Users\user\Desktop\99200032052824.bat.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 543'903 bytes |
MD5 hash: | 085DE7AC75BBD791C1B1F979FE8FF78C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 21.9% |
Dynamic/Decrypted Code Coverage: | 15.9% |
Signature Coverage: | 19.9% |
Total number of Nodes: | 1522 |
Total number of Limit Nodes: | 42 |
Graph
Function 0040320C Relevance: 89.6, APIs: 32, Strings: 19, Instructions: 366stringcomfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405205 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405768 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062A3 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402340 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403B6B Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004037CE Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405FC2 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 199stringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004050C7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062CA Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004023D6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040563F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401E2B Relevance: 3.0, APIs: 2, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040156F Relevance: 3.0, APIs: 2, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405B39 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040560A Relevance: 3.0, APIs: 2, Instructions: 9COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 73A329F8 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004025CA Relevance: 1.6, APIs: 1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402688 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004022FC Relevance: 1.5, APIs: 1, Instructions: 26COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405BE0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405BB1 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 73A328E1 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040408B Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404074 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004031C4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404061 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404A44 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004044D1 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004026FE Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040677D Relevance: .3, Instructions: 334COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406F54 Relevance: .3, Instructions: 300COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004041AA Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 202windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405C0F Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004040A6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 73A32498 Relevance: 10.6, APIs: 7, Instructions: 124COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404992 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C7C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 73A322B1 Relevance: 9.1, APIs: 6, Instructions: 140memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404888 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401D9B Relevance: 7.5, APIs: 5, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C0A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405938 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402CFF Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040503B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405E87 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040597F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 73A310E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 73A32015 Relevance: 5.1, APIs: 4, Instructions: 91stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A9E Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0016F6A0 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00169028 Relevance: 2.8, Instructions: 2822COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0016C360 Relevance: 2.2, Instructions: 2236COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F1CA0 Relevance: 1.8, Strings: 1, Instructions: 595COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001688BB Relevance: 1.8, Strings: 1, Instructions: 514COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0016E98A Relevance: 1.0, Instructions: 1012COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F2690 Relevance: .8, Instructions: 815COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F8668 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F7700 Relevance: .6, Instructions: 575COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00164910 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001638F8 Relevance: .2, Instructions: 238COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F7B28 Relevance: 8.0, Strings: 6, Instructions: 477COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F1270 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F5608 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F1261 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00165080 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F9F96 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0016E7FD Relevance: 1.4, Strings: 1, Instructions: 110COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001663B8 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001663A8 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F47B7 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F1159 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00166E01 Relevance: .6, Instructions: 557COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F0A34 Relevance: .5, Instructions: 544COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00161168 Relevance: .3, Instructions: 297COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00164905 Relevance: .3, Instructions: 262COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001638ED Relevance: .2, Instructions: 235COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F05A0 Relevance: .2, Instructions: 224COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00168D88 Relevance: .2, Instructions: 212COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F0CD8 Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00165FC1 Relevance: .2, Instructions: 154COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F1B1A Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00168BD0 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F1C90 Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0016E6C0 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00162154 Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0016E6D0 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00162160 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00168749 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00168648 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F01A9 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00168758 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F01B8 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00161520 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0016624C Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00164E02 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001616F8 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F2DB0 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000AD01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00168658 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00161708 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00161530 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00164E10 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F2DC0 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00160839 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00160848 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00161480 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00161640 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F02C8 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00165C79 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375FB268 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F0500 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00166C4C Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0016FEB8 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00161490 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000AD017 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F02B7 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F0510 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375FB278 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001653E1 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F8CB0 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040320C Relevance: 75.6, APIs: 32, Strings: 11, Instructions: 366stringcomfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404A44 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405768 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 159filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F3750 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405205 Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004037CE Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004041AA Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405C0F Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004044D1 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 274stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405FC2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 199stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004040A6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404992 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C7C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062CA Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F6E10 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F3148 Relevance: 7.9, Strings: 6, Instructions: 405COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401D9B Relevance: 7.5, APIs: 5, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C0A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404888 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040558D Relevance: 6.0, APIs: 4, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402CFF Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040503B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F4898 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040563F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F4CB0 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 375F7198 Relevance: 5.2, Strings: 4, Instructions: 166COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A9E Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|