Windows
Analysis Report
eFatura_HSY2024000004086_Ekleri.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
eFatura_HSY2024000004086_Ekleri.exe (PID: 6624 cmdline:
"C:\Users\ user\Deskt op\eFatura _HSY202400 0004086_Ek leri.exe" MD5: 3D265723FFA9EE20E76CD4EB2B628771) temp.exe (PID: 6580 cmdline:
"C:\Users\ user\Deskt op\eFatura _HSY202400 0004086_Ek leri.exe" MD5: 3D265723FFA9EE20E76CD4EB2B628771) RegSvcs.exe (PID: 5004 cmdline:
"C:\Users\ user\Deskt op\eFatura _HSY202400 0004086_Ek leri.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
wscript.exe (PID: 6644 cmdline:
"C:\Window s\System32 \WScript.e xe" "C:\Us ers\user\A ppData\Roa ming\Micro soft\Windo ws\Start M enu\Progra ms\Startup \temp.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80) temp.exe (PID: 280 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\t emp.exe" MD5: 3D265723FFA9EE20E76CD4EB2B628771) RegSvcs.exe (PID: 6064 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\t emp.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"Exfil Mode": "SMTP", "Port": "587", "Host": "zqamcx.com", "Username": "sender@zqamcx.com", "Password": "Methodman991"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 23 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
Click to see the 47 entries |
System Summary |
---|
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: frack113: |
Source: | Author: Michael Haag: |
Data Obfuscation |
---|
Source: | Author: Joe Security: |
Timestamp: | 2024-07-26T11:57:35.750000+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 62345 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-26T11:57:34.714091+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 62344 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-26T11:57:15.072194+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49732 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00FADBBE | |
Source: | Code function: | 0_2_00FB68EE | |
Source: | Code function: | 0_2_00FB698F | |
Source: | Code function: | 0_2_00FAD076 | |
Source: | Code function: | 0_2_00FAD3A9 | |
Source: | Code function: | 0_2_00FB9642 | |
Source: | Code function: | 0_2_00FB979D | |
Source: | Code function: | 0_2_00FB9B2B | |
Source: | Code function: | 0_2_00FB5C97 | |
Source: | Code function: | 1_2_0046DBBE | |
Source: | Code function: | 1_2_004768EE | |
Source: | Code function: | 1_2_0047698F | |
Source: | Code function: | 1_2_0046D076 | |
Source: | Code function: | 1_2_0046D3A9 | |
Source: | Code function: | 1_2_00479642 | |
Source: | Code function: | 1_2_0047979D | |
Source: | Code function: | 1_2_00479B2B | |
Source: | Code function: | 1_2_00475C97 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00FBCE44 |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: |
Source: | Code function: | 2_2_06A5E608 |
Source: | Windows user hook set: | Jump to behavior | ||
Source: | Windows user hook set: | Jump to behavior |
Source: | Code function: | 0_2_00FBEAFF |
Source: | Code function: | 0_2_00FBED6A | |
Source: | Code function: | 1_2_0047ED6A |
Source: | Code function: | 0_2_00FBEAFF |
Source: | Code function: | 0_2_00FAAA57 |
Source: | Code function: | 0_2_00FD9576 | |
Source: | Code function: | 1_2_00499576 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_59d793ba-3 | |
Source: | String found in binary or memory: | memstr_80df3361-9 | |
Source: | String found in binary or memory: | memstr_6550ceda-5 | |
Source: | String found in binary or memory: | memstr_598d182a-d | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_34ae4009-6 | |
Source: | String found in binary or memory: | memstr_a9cf97d8-f | |
Source: | String found in binary or memory: | memstr_d824567c-7 | |
Source: | String found in binary or memory: | memstr_acdbcd99-2 | |
Source: | String found in binary or memory: | memstr_905594e2-6 | |
Source: | String found in binary or memory: | memstr_888ba20b-8 | |
Source: | String found in binary or memory: | memstr_e4bd8fbb-f | |
Source: | String found in binary or memory: | memstr_7c0edcef-3 |
Source: | COM Object queried: | Jump to behavior |
Source: | Code function: | 0_2_00FAD5EB |
Source: | Code function: | 0_2_00FA1201 |
Source: | Code function: | 0_2_00FAE8F6 | |
Source: | Code function: | 1_2_0046E8F6 |
Source: | Code function: | 0_2_00F48060 | |
Source: | Code function: | 0_2_00FB2046 | |
Source: | Code function: | 0_2_00FA8298 | |
Source: | Code function: | 0_2_00F7E4FF | |
Source: | Code function: | 0_2_00F7676B | |
Source: | Code function: | 0_2_00FD4873 | |
Source: | Code function: | 0_2_00F4CAF0 | |
Source: | Code function: | 0_2_00F6CAA0 | |
Source: | Code function: | 0_2_00F5CC39 | |
Source: | Code function: | 0_2_00F76DD9 | |
Source: | Code function: | 0_2_00F491C0 | |
Source: | Code function: | 0_2_00F5B119 | |
Source: | Code function: | 0_2_00F61394 | |
Source: | Code function: | 0_2_00F61706 | |
Source: | Code function: | 0_2_00F6781B | |
Source: | Code function: | 0_2_00F619B0 | |
Source: | Code function: | 0_2_00F5997D | |
Source: | Code function: | 0_2_00F47920 | |
Source: | Code function: | 0_2_00F67A4A | |
Source: | Code function: | 0_2_00F67CA7 | |
Source: | Code function: | 0_2_00F61C77 | |
Source: | Code function: | 0_2_00F79EEE | |
Source: | Code function: | 0_2_00FCBE44 | |
Source: | Code function: | 0_2_00F61F32 | |
Source: | Code function: | 0_2_015D3610 | |
Source: | Code function: | 1_2_0040BF40 | |
Source: | Code function: | 1_2_00472046 | |
Source: | Code function: | 1_2_00408060 | |
Source: | Code function: | 1_2_00468298 | |
Source: | Code function: | 1_2_0043E4FF | |
Source: | Code function: | 1_2_0043676B | |
Source: | Code function: | 1_2_00494873 | |
Source: | Code function: | 1_2_0040CAF0 | |
Source: | Code function: | 1_2_0042CAA0 | |
Source: | Code function: | 1_2_0041CC39 | |
Source: | Code function: | 1_2_00436DD9 | |
Source: | Code function: | 1_2_0041B119 | |
Source: | Code function: | 1_2_004091C0 | |
Source: | Code function: | 1_2_00421394 | |
Source: | Code function: | 1_2_00421706 | |
Source: | Code function: | 1_2_0042781B | |
Source: | Code function: | 1_2_0041997D | |
Source: | Code function: | 1_2_00407920 | |
Source: | Code function: | 1_2_004219B0 | |
Source: | Code function: | 1_2_00427A4A | |
Source: | Code function: | 1_2_00421C77 | |
Source: | Code function: | 1_2_00427CA7 | |
Source: | Code function: | 1_2_0048BE44 | |
Source: | Code function: | 1_2_00439EEE | |
Source: | Code function: | 1_2_00421F32 | |
Source: | Code function: | 1_2_010D3610 | |
Source: | Code function: | 2_2_00408C60 | |
Source: | Code function: | 2_2_0040DC11 | |
Source: | Code function: | 2_2_00407C3F | |
Source: | Code function: | 2_2_00418CCC | |
Source: | Code function: | 2_2_00406CA0 | |
Source: | Code function: | 2_2_004028B0 | |
Source: | Code function: | 2_2_0041A4BE | |
Source: | Code function: | 2_2_00408C60 | |
Source: | Code function: | 2_2_00418244 | |
Source: | Code function: | 2_2_00401650 | |
Source: | Code function: | 2_2_00402F20 | |
Source: | Code function: | 2_2_004193C4 | |
Source: | Code function: | 2_2_00418788 | |
Source: | Code function: | 2_2_00402F89 | |
Source: | Code function: | 2_2_00402B90 | |
Source: | Code function: | 2_2_004073A0 | |
Source: | Code function: | 2_2_0318CBF8 | |
Source: | Code function: | 2_2_0318D810 | |
Source: | Code function: | 2_2_0318CF40 | |
Source: | Code function: | 2_2_03181030 | |
Source: | Code function: | 2_2_03181021 | |
Source: | Code function: | 2_2_06A1AE18 | |
Source: | Code function: | 2_2_06A1E660 | |
Source: | Code function: | 2_2_06A1DF20 | |
Source: | Code function: | 2_2_06A182C8 | |
Source: | Code function: | 2_2_06A15048 | |
Source: | Code function: | 2_2_06A10006 | |
Source: | Code function: | 2_2_06A10040 | |
Source: | Code function: | 2_2_06A543C8 | |
Source: | Code function: | 2_2_06A506B8 | |
Source: | Code function: | 2_2_06A5D2A8 | |
Source: | Code function: | 2_2_06A50040 | |
Source: | Code function: | 2_2_07189F3C | |
Source: | Code function: | 2_2_0718C7B0 | |
Source: | Code function: | 2_2_071887E0 | |
Source: | Code function: | 4_2_01393610 | |
Source: | Code function: | 5_2_028CCE88 | |
Source: | Code function: | 5_2_028CDAA0 | |
Source: | Code function: | 5_2_028C0FD0 | |
Source: | Code function: | 5_2_028C1030 | |
Source: | Code function: | 5_2_028CD1D0 | |
Source: | Code function: | 5_2_053BBC28 | |
Source: | Code function: | 5_2_053B5448 | |
Source: | Code function: | 5_2_053BF4E0 | |
Source: | Code function: | 5_2_053BDF20 | |
Source: | Code function: | 5_2_053B8790 | |
Source: | Code function: | 5_2_053BE64F | |
Source: | Code function: | 5_2_053BAEBD | |
Source: | Code function: | 5_2_053B0006 | |
Source: | Code function: | 5_2_053B0040 | |
Source: | Code function: | 5_2_062A43B8 | |
Source: | Code function: | 5_2_062A0DB8 | |
Source: | Code function: | 5_2_062A06B8 | |
Source: | Code function: | 5_2_062A7570 | |
Source: | Code function: | 5_2_062AD2B8 | |
Source: | Code function: | 5_2_062A0040 | |
Source: | Code function: | 5_2_069D8A30 |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | 0_2_00FB37B5 |
Source: | Code function: | 0_2_00FA10BF | |
Source: | Code function: | 0_2_00FA16C3 | |
Source: | Code function: | 1_2_004610BF | |
Source: | Code function: | 1_2_004616C3 |
Source: | Code function: | 0_2_00FB51CD |
Source: | Code function: | 0_2_00FCA67C |
Source: | Code function: | 0_2_00FB648E |
Source: | Code function: | 0_2_00F442A2 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Static PE information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_00F442DE |
Source: | Code function: | 0_2_00F60A89 | |
Source: | Code function: | 1_2_00420A89 | |
Source: | Code function: | 2_2_0041C4E2 | |
Source: | Code function: | 2_2_00423179 | |
Source: | Code function: | 2_2_0041C4E2 | |
Source: | Code function: | 2_2_00423179 | |
Source: | Code function: | 2_2_0040E230 | |
Source: | Code function: | 2_2_0041C6BF | |
Source: | Code function: | 2_2_0040BBA3 | |
Source: | Code function: | 2_2_0318574F | |
Source: | Code function: | 2_2_03184F5F | |
Source: | Code function: | 2_2_06A14335 | |
Source: | Code function: | 2_2_06A14335 | |
Source: | Code function: | 2_2_06A5D449 | |
Source: | Code function: | 5_2_028C4F5F | |
Source: | Code function: | 5_2_028C574F | |
Source: | Code function: | 5_2_053B4735 | |
Source: | Code function: | 5_2_053B4735 | |
Source: | Code function: | 5_2_062AD459 |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00F5F98E | |
Source: | Code function: | 0_2_00FD1C41 | |
Source: | Code function: | 1_2_0041F98E | |
Source: | Code function: | 1_2_00491C41 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Sandbox detection routine: | graph_0-98386 | ||
Source: | Sandbox detection routine: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: |
Source: | Code function: | 2_2_004019F0 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_00FADBBE | |
Source: | Code function: | 0_2_00FB68EE | |
Source: | Code function: | 0_2_00FB698F | |
Source: | Code function: | 0_2_00FAD076 | |
Source: | Code function: | 0_2_00FAD3A9 | |
Source: | Code function: | 0_2_00FB9642 | |
Source: | Code function: | 0_2_00FB979D | |
Source: | Code function: | 0_2_00FB9B2B | |
Source: | Code function: | 0_2_00FB5C97 | |
Source: | Code function: | 1_2_0046DBBE | |
Source: | Code function: | 1_2_004768EE | |
Source: | Code function: | 1_2_0047698F | |
Source: | Code function: | 1_2_0046D076 | |
Source: | Code function: | 1_2_0046D3A9 | |
Source: | Code function: | 1_2_00479642 | |
Source: | Code function: | 1_2_0047979D | |
Source: | Code function: | 1_2_00479B2B | |
Source: | Code function: | 1_2_00475C97 |
Source: | Code function: | 0_2_00F442DE |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: |
Source: | Code function: | 0_2_00FBEAA2 |
Source: | Code function: | 0_2_00F72622 |
Source: | Code function: | 2_2_004019F0 |
Source: | Code function: | 0_2_00F442DE |
Source: | Code function: | 0_2_00F64CE8 | |
Source: | Code function: | 0_2_015D3500 | |
Source: | Code function: | 0_2_015D34A0 | |
Source: | Code function: | 0_2_015D1E70 | |
Source: | Code function: | 1_2_00424CE8 | |
Source: | Code function: | 1_2_010D3500 | |
Source: | Code function: | 1_2_010D34A0 | |
Source: | Code function: | 1_2_010D1E70 | |
Source: | Code function: | 4_2_013934A0 | |
Source: | Code function: | 4_2_01393500 | |
Source: | Code function: | 4_2_01391E70 |
Source: | Code function: | 0_2_00FA0B62 |
Source: | Code function: | 0_2_00F72622 | |
Source: | Code function: | 0_2_00F6083F | |
Source: | Code function: | 0_2_00F609D5 | |
Source: | Code function: | 0_2_00F60C21 | |
Source: | Code function: | 1_2_00432622 | |
Source: | Code function: | 1_2_0042083F | |
Source: | Code function: | 1_2_004209D5 | |
Source: | Code function: | 1_2_00420C21 | |
Source: | Code function: | 2_2_0040CE09 | |
Source: | Code function: | 2_2_0040E61C | |
Source: | Code function: | 2_2_00416F6A | |
Source: | Code function: | 2_2_004123F1 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 0_2_00FA1201 |
Source: | Code function: | 0_2_00F82BA5 |
Source: | Code function: | 0_2_00FAB226 |
Source: | Code function: | 0_2_00FC22DA |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00FA0B62 |
Source: | Code function: | 0_2_00FA1663 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00F60698 |
Source: | Code function: | 2_2_00417A20 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00FB8195 |
Source: | Code function: | 0_2_00F9D27A |
Source: | Code function: | 0_2_00F7BB6F |
Source: | Code function: | 0_2_00F442DE |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00FC1204 | |
Source: | Code function: | 0_2_00FC1806 | |
Source: | Code function: | 1_2_00481204 | |
Source: | Code function: | 1_2_00481806 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 111 Scripting | 2 Valid Accounts | 121 Windows Management Instrumentation | 111 Scripting | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 2 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 321 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 2 Valid Accounts | 2 Valid Accounts | 2 Obfuscated Files or Information | 1 Credentials in Registry | 3 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | 2 Registry Run Keys / Startup Folder | 21 Access Token Manipulation | 1 Software Packing | NTDS | 148 System Information Discovery | Distributed Component Object Model | 321 Input Capture | 1 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 1 DLL Side-Loading | LSA Secrets | 441 Security Software Discovery | SSH | 3 Clipboard Data | 11 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 2 Registry Run Keys / Startup Folder | 1 Masquerading | Cached Domain Credentials | 221 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Valid Accounts | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 221 Virtualization/Sandbox Evasion | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 21 Access Token Manipulation | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 212 Process Injection | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
68% | ReversingLabs | Win32.Spyware.Redline | ||
65% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
68% | ReversingLabs | Win32.Spyware.Redline | ||
65% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
9% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
9% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
zqamcx.com | 78.110.166.82 | true | true |
| unknown |
18.31.95.13.in-addr.arpa | unknown | unknown | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
78.110.166.82 | zqamcx.com | United Kingdom | 42831 | UKSERVERS-ASUKDedicatedServersHostingandCo-Location | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1482932 |
Start date and time: | 2024-07-26 11:56:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 10m 13s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | eFatura_HSY2024000004086_Ekleri.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winEXE@10/10@2/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
05:56:58 | API Interceptor | |
10:57:00 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
78.110.166.82 | Get hash | malicious | CobaltStrike | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
zqamcx.com | Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, Clipboard Hijacker, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
UKSERVERS-ASUKDedicatedServersHostingandCo-Location | Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| |
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | AgentTesla, Clipboard Hijacker, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Process: | C:\Users\user\Desktop\eFatura_HSY2024000004086_Ekleri.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 264814 |
Entropy (8bit): | 7.975503217606326 |
Encrypted: | false |
SSDEEP: | 6144:TdmjX7XC5hbUs6iRThMzwqnKmKer1K292Tw9gN/3oaZaH5s:5uXC5hbt6ivMzWmKq1K292Two/ods |
MD5: | 1FBF5D98268DB9157D8BBAA194E681D0 |
SHA1: | 91FA671E61E8391AEA443D4AD8C7234EC8A99FF6 |
SHA-256: | F0CABABE51208AB31D5659ACC717371C6011B2F25D7041BF2B21570B14902C2C |
SHA-512: | 3418D3116B604F20085FBA3F4A3AD10C6EC4B83EADD729A10BB99DBCB624D54EFFFC08256B8EC99E3C78D7B086EECACE7807E21E8DECDB1DA362FA48ECE01C74 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\eFatura_HSY2024000004086_Ekleri.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9726 |
Entropy (8bit): | 7.6381238619372205 |
Encrypted: | false |
SSDEEP: | 192:ZueSuy+g40wWlmvN3tKRGKPCDo92vRdOrz1weU5VYaGIEe:ZwbLwWls3yGiP2ZdAzdkpGI/ |
MD5: | BF4E57B93D5AE23DED949F65E594B76E |
SHA1: | 007179288C79D5698EA77416C718A0D7847177ED |
SHA-256: | CD740426E65E480DC76C680E75AA8B49CA2515E63D92270A2F510263E9FB6D35 |
SHA-512: | 25A614D27E5186C68DE5124FCD942A2168BCD7D25D18CD351E942C1D449246F603C38C2FD184834691FB18EAB4A7F3C732AAE63547CA5B1E86D83DB90DEE3BE3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\temp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 264814 |
Entropy (8bit): | 7.975503217606326 |
Encrypted: | false |
SSDEEP: | 6144:TdmjX7XC5hbUs6iRThMzwqnKmKer1K292Tw9gN/3oaZaH5s:5uXC5hbt6ivMzWmKq1K292Two/ods |
MD5: | 1FBF5D98268DB9157D8BBAA194E681D0 |
SHA1: | 91FA671E61E8391AEA443D4AD8C7234EC8A99FF6 |
SHA-256: | F0CABABE51208AB31D5659ACC717371C6011B2F25D7041BF2B21570B14902C2C |
SHA-512: | 3418D3116B604F20085FBA3F4A3AD10C6EC4B83EADD729A10BB99DBCB624D54EFFFC08256B8EC99E3C78D7B086EECACE7807E21E8DECDB1DA362FA48ECE01C74 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\temp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9726 |
Entropy (8bit): | 7.6381238619372205 |
Encrypted: | false |
SSDEEP: | 192:ZueSuy+g40wWlmvN3tKRGKPCDo92vRdOrz1weU5VYaGIEe:ZwbLwWls3yGiP2ZdAzdkpGI/ |
MD5: | BF4E57B93D5AE23DED949F65E594B76E |
SHA1: | 007179288C79D5698EA77416C718A0D7847177ED |
SHA-256: | CD740426E65E480DC76C680E75AA8B49CA2515E63D92270A2F510263E9FB6D35 |
SHA-512: | 25A614D27E5186C68DE5124FCD942A2168BCD7D25D18CD351E942C1D449246F603C38C2FD184834691FB18EAB4A7F3C732AAE63547CA5B1E86D83DB90DEE3BE3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\temp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 264814 |
Entropy (8bit): | 7.975503217606326 |
Encrypted: | false |
SSDEEP: | 6144:TdmjX7XC5hbUs6iRThMzwqnKmKer1K292Tw9gN/3oaZaH5s:5uXC5hbt6ivMzWmKq1K292Two/ods |
MD5: | 1FBF5D98268DB9157D8BBAA194E681D0 |
SHA1: | 91FA671E61E8391AEA443D4AD8C7234EC8A99FF6 |
SHA-256: | F0CABABE51208AB31D5659ACC717371C6011B2F25D7041BF2B21570B14902C2C |
SHA-512: | 3418D3116B604F20085FBA3F4A3AD10C6EC4B83EADD729A10BB99DBCB624D54EFFFC08256B8EC99E3C78D7B086EECACE7807E21E8DECDB1DA362FA48ECE01C74 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\temp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9726 |
Entropy (8bit): | 7.6381238619372205 |
Encrypted: | false |
SSDEEP: | 192:ZueSuy+g40wWlmvN3tKRGKPCDo92vRdOrz1weU5VYaGIEe:ZwbLwWls3yGiP2ZdAzdkpGI/ |
MD5: | BF4E57B93D5AE23DED949F65E594B76E |
SHA1: | 007179288C79D5698EA77416C718A0D7847177ED |
SHA-256: | CD740426E65E480DC76C680E75AA8B49CA2515E63D92270A2F510263E9FB6D35 |
SHA-512: | 25A614D27E5186C68DE5124FCD942A2168BCD7D25D18CD351E942C1D449246F603C38C2FD184834691FB18EAB4A7F3C732AAE63547CA5B1E86D83DB90DEE3BE3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\eFatura_HSY2024000004086_Ekleri.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 7.860452766197305 |
Encrypted: | false |
SSDEEP: | 6144:mwxDZi3zdQRsUfNgukFa9jXO+SHwSQRIrAuDz+Bgu9H:mwy3J1Ufqng9gH7/+BgY |
MD5: | 825DBE7E3135430FD7A98D108D54724D |
SHA1: | 3B565708CBBBB21B87788AB64FD58469AF5A7B3F |
SHA-256: | 0685F98A927474AC8DD3DA0D773A54625774EA8A8EF3810B5F5C413AFBB4CA58 |
SHA-512: | 6E2E649D53D9D62D9AA8319F25240F57C31154E45005AA797A75B7D1B3D7062627977B90C31B277A08CA96C7D724F5C0A703AB5A42AAC6D2DE02D5E227062BB5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\eFatura_HSY2024000004086_Ekleri.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28674 |
Entropy (8bit): | 3.579675876429132 |
Encrypted: | false |
SSDEEP: | 768:Jx6TBScFCo3T3iCev73mntQUA+n++nmkE/8s62HzimL5sCWC:yTBScFCo3T3iPv73mntQUA+n++nmkE/L |
MD5: | 4270FD4C6618EF505DAC04C5B0780556 |
SHA1: | 051B8BB4BD2D1EC2992CC4D70FF3DB001F6F4B26 |
SHA-256: | A34F32566AF0446C12801750A78637DE9B873BA8C008294958D4B942DF5BC8AB |
SHA-512: | DC45019F805B238985B7F935B245EC49FB440F2A4E2B9250227BAA5E8F4ADB39AF85186D83F2E2D6566DA802E4BF9573658230F008DA39AA232EE8A38331CC66 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\eFatura_HSY2024000004086_Ekleri.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1389568 |
Entropy (8bit): | 6.781172110653669 |
Encrypted: | false |
SSDEEP: | 24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8a4AppoT+kc78Imj+PJ:rTvC/MTQYxsWR7a4AfkfIS+P |
MD5: | 3D265723FFA9EE20E76CD4EB2B628771 |
SHA1: | 206BC32E4BF59574CA23B85F8D88EBDAFFF07307 |
SHA-256: | 4D649A9C22C200AE71DC6B4FB2F7840DFA2ED78E607F4CE78F5C1AD73073F34F |
SHA-512: | C71ADF07DF2EB29DB2A3A172F7F2B6708D1727E2682B8605FE7A0AE64588E72E8A5F67321E2D45D8CD60FAC95CD0B1177CA4121FDC91D77AAD126C4D2A3D3612 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\temp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 268 |
Entropy (8bit): | 3.417513871698152 |
Encrypted: | false |
SSDEEP: | 6:DMM8lfm3OOQdUfcloRKUEZ+lX1Al1AynriIM8lfQVn:DsO+vNloRKQ1A1NmA2n |
MD5: | 54904861C14FAFEF5B588F86FE97735D |
SHA1: | 5308FC92E8A37925694FDDDCC4B7144F01936BE4 |
SHA-256: | 0A7F21D4BA90BF9678D1072FC8C7BB75822E0DB382199F0D15710AE0A8BC6A2F |
SHA-512: | C87ED7970DAE8179BAC3FFA87126ECF1EA507F2736B116EDC24EBD928E8C30D04D7D541AA6BA931A3A92A0A6B41494597F27225F6D778FDEA2FB5D879653539A |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 6.781172110653669 |
TrID: |
|
File name: | eFatura_HSY2024000004086_Ekleri.exe |
File size: | 1'389'568 bytes |
MD5: | 3d265723ffa9ee20e76cd4eb2b628771 |
SHA1: | 206bc32e4bf59574ca23b85f8d88ebdafff07307 |
SHA256: | 4d649a9c22c200ae71dc6b4fb2f7840dfa2ed78e607f4ce78f5c1ad73073f34f |
SHA512: | c71adf07df2eb29db2a3a172f7f2b6708d1727e2682b8605fe7a0ae64588e72e8a5f67321e2d45d8cd60fac95cd0b1177ca4121fdc91d77aad126c4d2a3d3612 |
SSDEEP: | 24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8a4AppoT+kc78Imj+PJ:rTvC/MTQYxsWR7a4AfkfIS+P |
TLSH: | E155B00373818067FF5B92334B6AE655477D6E2A4133A91F139C397ABE701B2123E663 |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z.... |
Icon Hash: | 98e2a3b29b9ba181 |
Entrypoint: | 0x420577 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66A061F0 [Wed Jul 24 02:07:44 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 948cc502fe9226992dce9417f952fce3 |
Instruction |
---|
call 00007F324081FF63h |
jmp 00007F324081F86Fh |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F324081FA4Dh |
mov dword ptr [esi], 0049FDF0h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FDF8h |
mov dword ptr [ecx], 0049FDF0h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F324081FA1Ah |
mov dword ptr [esi], 0049FE0Ch |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FE14h |
mov dword ptr [ecx], 0049FE0Ch |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
and dword ptr [eax], 00000000h |
and dword ptr [eax+04h], 00000000h |
push eax |
mov eax, dword ptr [ebp+08h] |
add eax, 04h |
push eax |
call 00007F324082260Dh |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
lea eax, dword ptr [ecx+04h] |
mov dword ptr [ecx], 0049FDD0h |
push eax |
call 00007F3240822658h |
pop ecx |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
push eax |
call 00007F3240822641h |
test byte ptr [ebp+08h], 00000001h |
pop ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc8e64 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd4000 | 0x7c908 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x151000 | 0x7594 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb0ff0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xc3400 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xb1010 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9c000 | 0x894 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x9ab1d | 0x9ac00 | 0a1473f3064dcbc32ef93c5c8a90f3a6 | False | 0.565500681542811 | data | 6.668273581389308 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x9c000 | 0x2fb82 | 0x2fc00 | c9cf2468b60bf4f80f136ed54b3989fb | False | 0.35289185209424084 | data | 5.691811547483722 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xcc000 | 0x706c | 0x4800 | 53b9025d545d65e23295e30afdbd16d9 | False | 0.04356553819444445 | DOS executable (block device driver @\273\) | 0.5846666986982398 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xd4000 | 0x7c908 | 0x7ca00 | 24bc755d9bcfb623cf31842d15ab1143 | False | 0.6282166812938816 | data | 6.4884041588176435 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x151000 | 0x7594 | 0x7600 | c68ee8931a32d45eb82dc450ee40efc3 | False | 0.7628111758474576 | data | 6.7972128181359786 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xd4458 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xd4580 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xd46a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xd47d0 | 0x33428 | Device independent bitmap graphic, 198 x 512 x 32, image size 202752, resolution 7874 x 7874 px/m | English | Great Britain | 0.13495903981710802 |
RT_MENU | 0x107bf8 | 0x50 | data | English | Great Britain | 0.9 |
RT_STRING | 0x107c48 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
RT_STRING | 0x1081dc | 0x68a | data | English | Great Britain | 0.2735961768219833 |
RT_STRING | 0x108868 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
RT_STRING | 0x108cf8 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0x1092f4 | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0x109950 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
RT_STRING | 0x109db8 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
RT_RCDATA | 0x109f10 | 0x464dc | data | 1.000333375005209 | ||
RT_GROUP_ICON | 0x1503ec | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0x150400 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0x150414 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0x150428 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0x15043c | 0xdc | data | English | Great Britain | 0.6181818181818182 |
RT_MANIFEST | 0x150518 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
DLL | Import |
---|---|
WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
PSAPI.DLL | GetProcessMemoryInfo |
IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
UxTheme.dll | IsThemeActive |
KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW |
USER32.dll | GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient |
GDI32.dll | EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW |
SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
OLEAUT32.dll | CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Timestamp | Protocol | SID | Signature | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
2024-07-26T11:57:35.750000+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 62345 | 20.12.23.50 | 192.168.2.4 |
2024-07-26T11:57:34.714091+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 62344 | 20.12.23.50 | 192.168.2.4 |
2024-07-26T11:57:15.072194+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49732 | 13.85.23.86 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 26, 2024 11:56:59.626600027 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:56:59.631606102 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:56:59.631690025 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:00.331404924 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:00.332640886 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:00.337582111 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:00.505664110 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:00.505856991 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:00.510804892 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:00.683774948 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:00.692467928 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:00.697422028 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:00.875744104 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:00.875796080 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:00.875833988 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:00.875941038 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:00.908598900 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:00.913676977 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:01.082901001 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:01.097642899 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:01.102773905 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:01.270997047 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:01.274280071 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:01.281250000 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:01.449570894 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:01.449932098 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:01.456547976 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:01.639619112 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:01.640146017 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:01.645534992 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:01.813263893 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:01.813702106 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:01.818907022 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:01.989777088 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:01.990088940 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:01.995598078 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:02.164124966 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:02.165112019 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:02.165112972 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:02.165112972 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:02.165112972 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:02.180367947 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:02.180399895 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:02.180552959 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:02.379723072 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:02.434962034 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:02.513071060 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:02.518647909 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:02.687602043 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:02.692636013 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:02.693655968 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:02.699150085 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:02.699404001 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:03.261642933 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:03.261862993 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:03.266976118 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:03.428940058 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:03.429157972 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:03.434365034 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:03.596851110 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:03.597460032 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:03.603904963 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:03.776783943 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:03.776849031 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:03.776887894 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:03.776926041 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:03.782865047 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:03.788222075 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:03.951579094 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:03.953449011 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:03.959084988 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:04.120444059 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:04.121010065 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:04.126789093 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:04.288206100 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:04.288589001 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:04.293865919 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:04.470527887 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:04.471100092 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:04.476825953 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:04.637722015 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:04.638149023 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:04.643459082 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:04.816303968 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:04.816870928 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:04.822424889 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:04.985634089 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.028722048 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:05.051089048 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:05.051187038 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:05.051233053 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:05.051282883 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:05.051444054 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:05.051538944 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:05.051603079 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:05.051637888 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:05.051671028 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:05.056586981 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.056623936 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.056653023 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.056679964 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.056708097 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.056772947 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.056828022 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.056857109 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.056885004 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.056935072 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.056962013 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.056988955 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.242963076 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:05.294209003 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:13.786746025 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:13.792421103 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:13.792540073 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:14.058707952 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:14.364183903 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:14.364562988 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:14.369616032 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:14.533400059 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:14.533819914 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:14.538805008 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:14.704030991 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:14.707496881 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:14.712531090 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:14.883119106 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:14.883169889 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:14.883207083 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:14.883269072 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:14.885435104 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:14.890417099 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:15.055490971 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:15.078429937 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:15.083349943 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:15.246516943 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:15.246969938 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:15.251914978 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:15.417510986 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:15.417901993 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:15.422841072 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:15.589529037 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:15.589812040 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:15.594954014 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:15.758904934 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:15.759318113 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:15.764394999 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:15.931408882 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:15.931775093 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:15.936935902 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:16.100148916 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:16.100980997 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:16.101063013 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:16.101102114 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:16.101133108 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:16.106586933 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:16.107958078 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:16.302135944 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:16.356724024 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:16.365571022 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:16.370714903 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:16.534111977 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:16.538850069 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:16.539932013 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:16.545296907 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:16.545392990 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:17.125840902 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:17.126044989 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:17.131133080 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:17.296452045 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:17.296607018 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:17.301546097 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:17.472472906 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:17.473380089 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:17.478542089 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:17.650721073 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:17.650777102 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:17.650818110 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:17.650839090 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:17.696938992 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:17.742587090 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:17.744636059 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:17.749633074 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:17.916331053 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:17.919676065 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:17.924860001 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.091173887 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.091422081 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.097070932 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.262465954 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.262705088 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.268076897 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.446811914 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.447027922 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.451983929 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.618110895 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.618360996 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.623327971 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.794143915 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.794430971 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.799379110 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.964709044 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.965239048 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.965390921 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.965439081 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.965439081 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.965552092 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.965552092 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.965552092 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.965590954 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.965590954 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:57:18.970144987 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.970287085 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.970316887 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.970350981 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.970452070 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.970593929 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:18.970622063 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:19.227555990 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:57:19.278604984 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:58:53.810353994 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Jul 26, 2024 11:58:53.815608025 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:58:53.982748032 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 |
Jul 26, 2024 11:58:53.984532118 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 26, 2024 11:56:59.563147068 CEST | 58252 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 26, 2024 11:56:59.620613098 CEST | 53 | 58252 | 1.1.1.1 | 192.168.2.4 |
Jul 26, 2024 11:57:30.020786047 CEST | 53 | 63822 | 162.159.36.2 | 192.168.2.4 |
Jul 26, 2024 11:57:30.547246933 CEST | 54491 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 26, 2024 11:57:30.560698986 CEST | 53 | 54491 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 26, 2024 11:56:59.563147068 CEST | 192.168.2.4 | 1.1.1.1 | 0x42c1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 26, 2024 11:57:30.547246933 CEST | 192.168.2.4 | 1.1.1.1 | 0xdcab | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 26, 2024 11:56:59.620613098 CEST | 1.1.1.1 | 192.168.2.4 | 0x42c1 | No error (0) | 78.110.166.82 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 11:57:30.560698986 CEST | 1.1.1.1 | 192.168.2.4 | 0xdcab | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Jul 26, 2024 11:57:00.331404924 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 | 220-cphost14.qhoster.net ESMTP Exim 4.96.2 #2 Fri, 26 Jul 2024 10:57:00 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Jul 26, 2024 11:57:00.332640886 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 | EHLO 473627 |
Jul 26, 2024 11:57:00.505664110 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 | 250-cphost14.qhoster.net Hello 473627 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP |
Jul 26, 2024 11:57:00.505856991 CEST | 49730 | 587 | 192.168.2.4 | 78.110.166.82 | STARTTLS |
Jul 26, 2024 11:57:00.683774948 CEST | 587 | 49730 | 78.110.166.82 | 192.168.2.4 | 220 TLS go ahead |
Jul 26, 2024 11:57:03.261642933 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 | 220-cphost14.qhoster.net ESMTP Exim 4.96.2 #2 Fri, 26 Jul 2024 10:57:03 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Jul 26, 2024 11:57:03.261862993 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 | EHLO 473627 |
Jul 26, 2024 11:57:03.428940058 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 | 250-cphost14.qhoster.net Hello 473627 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP |
Jul 26, 2024 11:57:03.429157972 CEST | 49731 | 587 | 192.168.2.4 | 78.110.166.82 | STARTTLS |
Jul 26, 2024 11:57:03.596851110 CEST | 587 | 49731 | 78.110.166.82 | 192.168.2.4 | 220 TLS go ahead |
Jul 26, 2024 11:57:14.364183903 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 | 220-cphost14.qhoster.net ESMTP Exim 4.96.2 #2 Fri, 26 Jul 2024 10:57:14 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Jul 26, 2024 11:57:14.364562988 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 | EHLO 473627 |
Jul 26, 2024 11:57:14.533400059 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 | 250-cphost14.qhoster.net Hello 473627 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP |
Jul 26, 2024 11:57:14.533819914 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 | STARTTLS |
Jul 26, 2024 11:57:14.704030991 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 | 220 TLS go ahead |
Jul 26, 2024 11:57:17.125840902 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 | 220-cphost14.qhoster.net ESMTP Exim 4.96.2 #2 Fri, 26 Jul 2024 10:57:16 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Jul 26, 2024 11:57:17.126044989 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 | EHLO 473627 |
Jul 26, 2024 11:57:17.296452045 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 | 250-cphost14.qhoster.net Hello 473627 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP |
Jul 26, 2024 11:57:17.296607018 CEST | 49738 | 587 | 192.168.2.4 | 78.110.166.82 | STARTTLS |
Jul 26, 2024 11:57:17.472472906 CEST | 587 | 49738 | 78.110.166.82 | 192.168.2.4 | 220 TLS go ahead |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:56:54 |
Start date: | 26/07/2024 |
Path: | C:\Users\user\Desktop\eFatura_HSY2024000004086_Ekleri.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf40000 |
File size: | 1'389'568 bytes |
MD5 hash: | 3D265723FFA9EE20E76CD4EB2B628771 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 05:56:55 |
Start date: | 26/07/2024 |
Path: | C:\Users\user\AppData\Local\directory\temp.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'389'568 bytes |
MD5 hash: | 3D265723FFA9EE20E76CD4EB2B628771 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 05:56:57 |
Start date: | 26/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf30000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 05:57:09 |
Start date: | 26/07/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff718f40000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 05:57:09 |
Start date: | 26/07/2024 |
Path: | C:\Users\user\AppData\Local\directory\temp.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'389'568 bytes |
MD5 hash: | 3D265723FFA9EE20E76CD4EB2B628771 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 5 |
Start time: | 05:57:10 |
Start date: | 26/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8c0000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 3% |
Dynamic/Decrypted Code Coverage: | 0.4% |
Signature Coverage: | 3% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 50 |
Graph
Function 00F442DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F4D730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F42CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F8065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F4344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F42B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F43170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015D0920 Relevance: 10.7, APIs: 7, Instructions: 151fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015D23B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 148fileCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F43B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F43923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015D1000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC7F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F410F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F454C6 Relevance: 4.6, APIs: 3, Instructions: 103COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F43837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F45745 Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F4B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015D1070 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F44ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F78402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F49A40 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F6E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F74C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F73820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F44F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F42DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB2693 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F42B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015D08E0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015D08B0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F41CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB744A Relevance: 1.5, APIs: 1, Instructions: 220COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F5FC70 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015D229C Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015D22A0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F5F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FBED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAAA57 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107keyboardwindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F48060 Relevance: 8.7, Strings: 6, Instructions: 1151COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F5997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F7BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F6CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F4CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F5B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F609D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F6781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F76DD9 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F5CC39 Relevance: .6, Instructions: 635COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F47920 Relevance: .6, Instructions: 563COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F491C0 Relevance: .5, Instructions: 475COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F79EEE Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F61C77 Relevance: .3, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F619B0 Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F67A4A Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F67CA7 Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F61706 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015D3610 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB2046 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015D3500 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015D34A0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015D1E70 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F58D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F58891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FCC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F4326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FBC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FCB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FCCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F58BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F59838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F72C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F41410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F45BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FBC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F7CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FABC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F5F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F81522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F5948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F7542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F5912D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121keyboardCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FACF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FADA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F45D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F701B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F761FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F9F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F5920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F97439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F64D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F44E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F44E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FCA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F7CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F59639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F722A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F595C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F70F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F9D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F7B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F7D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F71D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F6D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F4600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F73073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F598B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F9D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F9D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00F5F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FBD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FBCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|