Windows
Analysis Report
z84TTREMITTANCEUSD347_432_63.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- z84TTREMITTANCEUSD347_432_63.exe (PID: 612 cmdline:
"C:\Users\ user\Deskt op\z84TTRE MITTANCEUS D347_432_6 3.exe" MD5: 34280E3A145D8D865EFEDF422B568E46) - name.exe (PID: 3228 cmdline:
"C:\Users\ user\Deskt op\z84TTRE MITTANCEUS D347_432_6 3.exe" MD5: 34280E3A145D8D865EFEDF422B568E46) - RegSvcs.exe (PID: 6004 cmdline:
"C:\Users\ user\Deskt op\z84TTRE MITTANCEUS D347_432_6 3.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- wscript.exe (PID: 6444 cmdline:
"C:\Window s\System32 \WScript.e xe" "C:\Us ers\user\A ppData\Roa ming\Micro soft\Windo ws\Start M enu\Progra ms\Startup \name.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80) - name.exe (PID: 5744 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\n ame.exe" MD5: 34280E3A145D8D865EFEDF422B568E46) - RegSvcs.exe (PID: 6488 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\n ame.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Email ID": "wethem@aklaneah-sa.com", "Password": "Password: )NYyffR0 ", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}
{"Exfil Mode": "SMTP", "Username": "wethem@aklaneah-sa.com", "Password": "Password: )NYyffR0 ", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_VIPKeylogger | Yara detected VIP Keylogger | Joe Security | ||
Click to see the 33 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_VIPKeylogger | Yara detected VIP Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 25 entries |
System Summary |
---|
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: frack113: |
Source: | Author: Michael Haag: |
Data Obfuscation |
---|
Source: | Author: Joe Security: |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-25T15:34:14.669336+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.5 | 49706 | 188.114.97.3 | 443 | TCP |
2024-09-25T15:34:20.252908+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.5 | 49716 | 188.114.97.3 | 443 | TCP |
2024-09-25T15:34:33.024873+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.5 | 49730 | 188.114.97.3 | 443 | TCP |
2024-09-25T15:34:36.632789+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.5 | 49736 | 188.114.97.3 | 443 | TCP |
2024-09-25T15:34:40.422975+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.5 | 49742 | 188.114.97.3 | 443 | TCP |
2024-09-25T15:34:41.510510+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.5 | 49744 | 188.114.97.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-25T15:34:13.196430+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49704 | 193.122.130.0 | 80 | TCP |
2024-09-25T15:34:14.071432+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49704 | 193.122.130.0 | 80 | TCP |
2024-09-25T15:34:15.196577+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49707 | 193.122.130.0 | 80 | TCP |
2024-09-25T15:34:31.649538+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49728 | 193.122.130.0 | 80 | TCP |
2024-09-25T15:34:32.446433+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49728 | 193.122.130.0 | 80 | TCP |
2024-09-25T15:34:33.540191+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49731 | 193.122.130.0 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | URL Reputation: | ||
Source: | URL Reputation: |
Source: | Avira: |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Location Tracking |
---|
Source: | DNS query: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00452492 | |
Source: | Code function: | 0_2_00442886 | |
Source: | Code function: | 0_2_004788BD | |
Source: | Code function: | 0_2_004339B6 | |
Source: | Code function: | 0_2_0045CAFA | |
Source: | Code function: | 0_2_00431A86 | |
Source: | Code function: | 0_2_0044BD27 | |
Source: | Code function: | 0_2_0045DE8F | |
Source: | Code function: | 0_2_0044BF8B | |
Source: | Code function: | 6_2_00452492 | |
Source: | Code function: | 6_2_00442886 | |
Source: | Code function: | 6_2_004788BD | |
Source: | Code function: | 6_2_004339B6 | |
Source: | Code function: | 6_2_0045CAFA | |
Source: | Code function: | 6_2_00431A86 | |
Source: | Code function: | 6_2_0044BD27 | |
Source: | Code function: | 6_2_0045DE8F | |
Source: | Code function: | 6_2_0044BF8B |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 3_2_0246F631 | |
Source: | Code function: | 3_2_0246FA88 | |
Source: | Code function: | 3_2_06162DC8 | |
Source: | Code function: | 3_2_06160B30 | |
Source: | Code function: | 3_2_06160B30 | |
Source: | Code function: | 3_2_06162968 | |
Source: | Code function: | 3_2_0616DE00 | |
Source: | Code function: | 3_2_06160673 | |
Source: | Code function: | 3_2_0616E6B0 | |
Source: | Code function: | 3_2_0616EF60 | |
Source: | Code function: | 3_2_0616CCA0 | |
Source: | Code function: | 3_2_0616D550 | |
Source: | Code function: | 3_2_06162DC2 | |
Source: | Code function: | 3_2_0616E258 | |
Source: | Code function: | 3_2_0616EB08 | |
Source: | Code function: | 3_2_0616F3B8 | |
Source: | Code function: | 3_2_0616F810 | |
Source: | Code function: | 3_2_06160853 | |
Source: | Code function: | 3_2_06160040 | |
Source: | Code function: | 3_2_0616D0F8 | |
Source: | Code function: | 3_2_0616310E | |
Source: | Code function: | 3_2_0616D9A8 | |
Source: | Code function: | 7_2_02BCF631 | |
Source: | Code function: | 7_2_02BCFA88 | |
Source: | Code function: | 7_2_0576E6B0 | |
Source: | Code function: | 7_2_0576D550 | |
Source: | Code function: | 7_2_05762DC8 | |
Source: | Code function: | 7_2_05762DBF | |
Source: | Code function: | 7_2_0576CCA0 | |
Source: | Code function: | 7_2_0576EF60 | |
Source: | Code function: | 7_2_0576DE00 | |
Source: | Code function: | 7_2_05762968 | |
Source: | Code function: | 7_2_0576310E | |
Source: | Code function: | 7_2_0576D9A8 | |
Source: | Code function: | 7_2_05760040 | |
Source: | Code function: | 7_2_0576F810 | |
Source: | Code function: | 7_2_0576D0F8 | |
Source: | Code function: | 7_2_05760B30 | |
Source: | Code function: | 7_2_05760B30 | |
Source: | Code function: | 7_2_0576EB08 | |
Source: | Code function: | 7_2_0576F3B8 | |
Source: | Code function: | 7_2_0576E258 |
Networking |
---|
Source: | DNS query: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_004422FE |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0045A10F |
Source: | Code function: | 0_2_0045A10F | |
Source: | Code function: | 6_2_0045A10F |
Source: | Code function: | 0_2_0046DC80 |
Source: | Code function: | 0_2_0044C37A |
Source: | Code function: | 0_2_0047C81C | |
Source: | Code function: | 6_2_0047C81C |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | COM Object queried: | Jump to behavior |
Source: | Code function: | 0_2_00431BE8 |
Source: | Code function: | 0_2_00446313 |
Source: | Code function: | 0_2_004333BE | |
Source: | Code function: | 6_2_004333BE |
Source: | Code function: | 0_2_004096A0 | |
Source: | Code function: | 0_2_0042200C | |
Source: | Code function: | 0_2_0041A217 | |
Source: | Code function: | 0_2_00412216 | |
Source: | Code function: | 0_2_0042435D | |
Source: | Code function: | 0_2_004033C0 | |
Source: | Code function: | 0_2_0044F430 | |
Source: | Code function: | 0_2_004125E8 | |
Source: | Code function: | 0_2_0044663B | |
Source: | Code function: | 0_2_00413801 | |
Source: | Code function: | 0_2_0042096F | |
Source: | Code function: | 0_2_004129D0 | |
Source: | Code function: | 0_2_004119E3 | |
Source: | Code function: | 0_2_0041C9AE | |
Source: | Code function: | 0_2_0047EA6F | |
Source: | Code function: | 0_2_0040FA10 | |
Source: | Code function: | 0_2_0044EB5F | |
Source: | Code function: | 0_2_00423C81 | |
Source: | Code function: | 0_2_00411E78 | |
Source: | Code function: | 0_2_00442E0C | |
Source: | Code function: | 0_2_00420EC0 | |
Source: | Code function: | 0_2_0044CF17 | |
Source: | Code function: | 0_2_00444FD2 | |
Source: | Code function: | 0_2_03EC5A70 | |
Source: | Code function: | 2_2_03F49A48 | |
Source: | Code function: | 3_2_0246D278 | |
Source: | Code function: | 3_2_02465362 | |
Source: | Code function: | 3_2_0246C146 | |
Source: | Code function: | 3_2_0246C738 | |
Source: | Code function: | 3_2_0246C472 | |
Source: | Code function: | 3_2_0246CA08 | |
Source: | Code function: | 3_2_0246E988 | |
Source: | Code function: | 3_2_024669A0 | |
Source: | Code function: | 3_2_02463E09 | |
Source: | Code function: | 3_2_02466FC8 | |
Source: | Code function: | 3_2_0246CFAA | |
Source: | Code function: | 3_2_0246CCD8 | |
Source: | Code function: | 3_2_02469DE0 | |
Source: | Code function: | 3_2_0246F631 | |
Source: | Code function: | 3_2_0246FA88 | |
Source: | Code function: | 3_2_02463AA1 | |
Source: | Code function: | 3_2_0246E97A | |
Source: | Code function: | 3_2_024629EC | |
Source: | Code function: | 3_2_06161E80 | |
Source: | Code function: | 3_2_061617A0 | |
Source: | Code function: | 3_2_06169C18 | |
Source: | Code function: | 3_2_06169548 | |
Source: | Code function: | 3_2_06160B30 | |
Source: | Code function: | 3_2_06165028 | |
Source: | Code function: | 3_2_06162968 | |
Source: | Code function: | 3_2_0616DE00 | |
Source: | Code function: | 3_2_06161E70 | |
Source: | Code function: | 3_2_0616E6B0 | |
Source: | Code function: | 3_2_0616E6AF | |
Source: | Code function: | 3_2_0616EF51 | |
Source: | Code function: | 3_2_0616EF60 | |
Source: | Code function: | 3_2_0616178F | |
Source: | Code function: | 3_2_0616FC5F | |
Source: | Code function: | 3_2_0616FC68 | |
Source: | Code function: | 3_2_0616CC8F | |
Source: | Code function: | 3_2_0616CCA0 | |
Source: | Code function: | 3_2_0616D550 | |
Source: | Code function: | 3_2_0616D540 | |
Source: | Code function: | 3_2_0616DDFF | |
Source: | Code function: | 3_2_0616E258 | |
Source: | Code function: | 3_2_0616E24A | |
Source: | Code function: | 3_2_0616EAF8 | |
Source: | Code function: | 3_2_0616EB08 | |
Source: | Code function: | 3_2_06160B20 | |
Source: | Code function: | 3_2_06169328 | |
Source: | Code function: | 3_2_06168B90 | |
Source: | Code function: | 3_2_0616F3B8 | |
Source: | Code function: | 3_2_06168BA0 | |
Source: | Code function: | 3_2_0616F810 | |
Source: | Code function: | 3_2_06165018 | |
Source: | Code function: | 3_2_0616F802 | |
Source: | Code function: | 3_2_0616003F | |
Source: | Code function: | 3_2_06160040 | |
Source: | Code function: | 3_2_0616D0F8 | |
Source: | Code function: | 3_2_0616D0E9 | |
Source: | Code function: | 3_2_0616D999 | |
Source: | Code function: | 3_2_0616D9A8 | |
Source: | Code function: | 6_2_004096A0 | |
Source: | Code function: | 6_2_0042200C | |
Source: | Code function: | 6_2_0041A217 | |
Source: | Code function: | 6_2_00412216 | |
Source: | Code function: | 6_2_0042435D | |
Source: | Code function: | 6_2_004033C0 | |
Source: | Code function: | 6_2_0044F430 | |
Source: | Code function: | 6_2_004125E8 | |
Source: | Code function: | 6_2_0044663B | |
Source: | Code function: | 6_2_00413801 | |
Source: | Code function: | 6_2_0042096F | |
Source: | Code function: | 6_2_004129D0 | |
Source: | Code function: | 6_2_004119E3 | |
Source: | Code function: | 6_2_0041C9AE | |
Source: | Code function: | 6_2_0047EA6F | |
Source: | Code function: | 6_2_0040FA10 | |
Source: | Code function: | 6_2_0044EB5F | |
Source: | Code function: | 6_2_00423C81 | |
Source: | Code function: | 6_2_00411E78 | |
Source: | Code function: | 6_2_00442E0C | |
Source: | Code function: | 6_2_00420EC0 | |
Source: | Code function: | 6_2_0044CF17 | |
Source: | Code function: | 6_2_00444FD2 | |
Source: | Code function: | 6_2_03F5A2B0 | |
Source: | Code function: | 7_2_02BCD278 | |
Source: | Code function: | 7_2_02BC5362 | |
Source: | Code function: | 7_2_02BCC146 | |
Source: | Code function: | 7_2_02BCC738 | |
Source: | Code function: | 7_2_02BCC46F | |
Source: | Code function: | 7_2_02BCCA08 | |
Source: | Code function: | 7_2_02BC69A0 | |
Source: | Code function: | 7_2_02BCE988 | |
Source: | Code function: | 7_2_02BCCFA9 | |
Source: | Code function: | 7_2_02BC6FC8 | |
Source: | Code function: | 7_2_02BCCCD8 | |
Source: | Code function: | 7_2_02BC9DE0 | |
Source: | Code function: | 7_2_02BCF631 | |
Source: | Code function: | 7_2_02BCFA88 | |
Source: | Code function: | 7_2_02BC3A5A | |
Source: | Code function: | 7_2_02BC29EC | |
Source: | Code function: | 7_2_02BCE97A | |
Source: | Code function: | 7_2_02BC3E09 | |
Source: | Code function: | 7_2_05769548 | |
Source: | Code function: | 7_2_05769C18 | |
Source: | Code function: | 7_2_0576E6B0 | |
Source: | Code function: | 7_2_05765028 | |
Source: | Code function: | 7_2_0576D550 | |
Source: | Code function: | 7_2_0576D540 | |
Source: | Code function: | 7_2_0576DDF1 | |
Source: | Code function: | 7_2_0576FC68 | |
Source: | Code function: | 7_2_0576CCA0 | |
Source: | Code function: | 7_2_0576CC8F | |
Source: | Code function: | 7_2_0576EF60 | |
Source: | Code function: | 7_2_0576EF51 | |
Source: | Code function: | 7_2_057617A0 | |
Source: | Code function: | 7_2_0576178F | |
Source: | Code function: | 7_2_05761E70 | |
Source: | Code function: | 7_2_0576DE00 | |
Source: | Code function: | 7_2_0576E6AF | |
Source: | Code function: | 7_2_05761E80 | |
Source: | Code function: | 7_2_05762968 | |
Source: | Code function: | 7_2_0576295B | |
Source: | Code function: | 7_2_0576D9A8 | |
Source: | Code function: | 7_2_05760040 | |
Source: | Code function: | 7_2_0576F810 | |
Source: | Code function: | 7_2_05765018 | |
Source: | Code function: | 7_2_05760007 | |
Source: | Code function: | 7_2_0576F801 | |
Source: | Code function: | 7_2_0576D0F8 | |
Source: | Code function: | 7_2_05760B30 | |
Source: | Code function: | 7_2_05760B20 | |
Source: | Code function: | 7_2_05769328 | |
Source: | Code function: | 7_2_0576EB08 | |
Source: | Code function: | 7_2_0576F3B8 | |
Source: | Code function: | 7_2_05768BA0 | |
Source: | Code function: | 7_2_0576F3A8 | |
Source: | Code function: | 7_2_05768B90 | |
Source: | Code function: | 7_2_0576E258 | |
Source: | Code function: | 7_2_0576E249 | |
Source: | Code function: | 7_2_0576EAF8 |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | 0_2_0044AF6C |
Source: | Code function: | 0_2_004333BE | |
Source: | Code function: | 0_2_00464EAE | |
Source: | Code function: | 6_2_004333BE | |
Source: | Code function: | 6_2_00464EAE |
Source: | Code function: | 0_2_0045D619 |
Source: | Code function: | 0_2_004755C4 |
Source: | Code function: | 0_2_0047839D |
Source: | Code function: | 0_2_0043305F |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0040EBD0 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00416CC8 | |
Source: | Code function: | 3_2_02464962 | |
Source: | Code function: | 3_2_02464912 | |
Source: | Code function: | 3_2_02464972 | |
Source: | Code function: | 3_2_02464982 | |
Source: | Code function: | 3_2_0246891F | |
Source: | Code function: | 3_2_02464992 | |
Source: | Code function: | 3_2_02468C30 | |
Source: | Code function: | 3_2_02468DE0 | |
Source: | Code function: | 3_2_06162DC1 | |
Source: | Code function: | 3_2_06169244 | |
Source: | Code function: | 6_2_00416CC8 | |
Source: | Code function: | 7_2_02BC9D55 | |
Source: | Code function: | 7_2_02BC4962 | |
Source: | Code function: | 7_2_02BC4912 | |
Source: | Code function: | 7_2_02BC4992 | |
Source: | Code function: | 7_2_02BC4982 | |
Source: | Code function: | 7_2_02BC4972 |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Icon embedded in binary file: |
Source: | Code function: | 0_2_0047A330 | |
Source: | Code function: | 0_2_00434418 | |
Source: | Code function: | 6_2_0047A330 | |
Source: | Code function: | 6_2_00434418 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Evasive API call chain: | graph_0-87538 | ||
Source: | Evasive API call chain: |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Code function: | 0_2_00452492 | |
Source: | Code function: | 0_2_00442886 | |
Source: | Code function: | 0_2_004788BD | |
Source: | Code function: | 0_2_004339B6 | |
Source: | Code function: | 0_2_0045CAFA | |
Source: | Code function: | 0_2_00431A86 | |
Source: | Code function: | 0_2_0044BD27 | |
Source: | Code function: | 0_2_0045DE8F | |
Source: | Code function: | 0_2_0044BF8B | |
Source: | Code function: | 6_2_00452492 | |
Source: | Code function: | 6_2_00442886 | |
Source: | Code function: | 6_2_004788BD | |
Source: | Code function: | 6_2_004339B6 | |
Source: | Code function: | 6_2_0045CAFA | |
Source: | Code function: | 6_2_00431A86 | |
Source: | Code function: | 6_2_0044BD27 | |
Source: | Code function: | 6_2_0045DE8F | |
Source: | Code function: | 6_2_0044BF8B |
Source: | Code function: | 0_2_0040E500 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-86668 | ||
Source: | API call chain: |
Source: | Code function: | 3_2_06169548 |
Source: | Code function: | 0_2_0045A370 |
Source: | Code function: | 0_2_0040D590 |
Source: | Code function: | 0_2_0040EBD0 |
Source: | Code function: | 0_2_03EC42E0 | |
Source: | Code function: | 0_2_03EC5960 | |
Source: | Code function: | 0_2_03EC5900 | |
Source: | Code function: | 2_2_03F498D8 | |
Source: | Code function: | 2_2_03F49938 | |
Source: | Code function: | 2_2_03F482B8 | |
Source: | Code function: | 6_2_03F5A1A0 | |
Source: | Code function: | 6_2_03F5A140 | |
Source: | Code function: | 6_2_03F58B20 |
Source: | Code function: | 0_2_004238DA |
Source: | Code function: | 0_2_0041F250 | |
Source: | Code function: | 0_2_0041A208 | |
Source: | Code function: | 0_2_00417DAA | |
Source: | Code function: | 6_2_0041F250 | |
Source: | Code function: | 6_2_0041A208 | |
Source: | Code function: | 6_2_00417DAA |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 0_2_00436CD7 |
Source: | Code function: | 0_2_0040D590 |
Source: | Code function: | 0_2_00434418 |
Source: | Code function: | 0_2_0043333C |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00446124 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_004720DB |
Source: | Code function: | 0_2_00472C3F |
Source: | Code function: | 0_2_0041E364 |
Source: | Code function: | 0_2_0040E500 |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_004652BE | |
Source: | Code function: | 0_2_00476619 | |
Source: | Code function: | 0_2_0046CEF3 | |
Source: | Code function: | 6_2_004652BE | |
Source: | Code function: | 6_2_00476619 | |
Source: | Code function: | 6_2_0046CEF3 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 111 Scripting | 2 Valid Accounts | 2 Native API | 111 Scripting | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 21 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | 4 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 2 Valid Accounts | 2 Valid Accounts | 3 Obfuscated Files or Information | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 11 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | 2 Registry Run Keys / Startup Folder | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 117 System Information Discovery | Distributed Component Object Model | 21 Input Capture | 1 Non-Standard Port | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 11 Masquerading | LSA Secrets | 121 Security Software Discovery | SSH | 3 Clipboard Data | 3 Non-Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 2 Registry Run Keys / Startup Folder | 2 Valid Accounts | Cached Domain Credentials | 11 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | 24 Application Layer Protocol | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 11 Virtualization/Sandbox Evasion | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 21 Access Token Manipulation | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 212 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 System Network Configuration Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1321293 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1321293 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
us2.smtp.mailhostbox.com | 208.91.198.143 | true | true | unknown | |
reallyfreegeoip.org | 188.114.97.3 | true | true | unknown | |
api.telegram.org | 149.154.167.220 | true | true | unknown | |
checkip.dyndns.com | 193.122.130.0 | true | false | unknown | |
checkip.dyndns.org | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
208.91.198.143 | us2.smtp.mailhostbox.com | United States | 394695 | PUBLIC-DOMAIN-REGISTRYUS | true | |
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | true | |
188.114.97.3 | reallyfreegeoip.org | European Union | 13335 | CLOUDFLARENETUS | true | |
193.122.130.0 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1518314 |
Start date and time: | 2024-09-25 15:33:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 9m 50s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | z84TTREMITTANCEUSD347_432_63.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winEXE@10/3@4/4 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: z84TTREMITTANCEUSD347_432_63.exe
Time | Type | Description |
---|---|---|
09:34:13 | API Interceptor | |
15:34:13 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
208.91.198.143 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | Cobalt Strike, MassLogger RAT, Snake Keylogger | Browse | |||
Get hash | malicious | Cobalt Strike, AgentTesla | Browse | |||
149.154.167.220 | Get hash | malicious | VIP Keylogger | Browse | ||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | MicroClip | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | VIP Keylogger | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | XWorm | Browse | |||
188.114.97.3 | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
reallyfreegeoip.org | Get hash | malicious | VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | DarkTortilla, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
us2.smtp.mailhostbox.com | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | DarkTortilla, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
api.telegram.org | Get hash | malicious | VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | MicroClip | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | XWorm | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | MicroClip | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | NetSupport RAT, HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
PUBLIC-DOMAIN-REGISTRYUS | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
ORACLE-BMC-31898US | Get hash | malicious | DarkTortilla, Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | DarkTortilla, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
| ||
Get hash | malicious | S400 RAT | Browse |
| ||
Get hash | malicious | S400 RAT | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | VIP Keylogger | Browse |
| |
Get hash | malicious | NetSupport RAT, HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | MicroClip | Browse |
|
Process: | C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 274432 |
Entropy (8bit): | 6.978000929733236 |
Encrypted: | false |
SSDEEP: | 3072:uMT+kXbpbSzLSYiA5mFpd6Z/0ztcSP9dSPb4xRBOPlrY1iH1M86g:FT+kXbpbSzLSYi7FPK/UZ4b4xR8vHiTg |
MD5: | E94A651905DDD299B4A1E8AB298BC126 |
SHA1: | B8102BBEBE368473200BB4DA2247C9FC50FB8D13 |
SHA-256: | 1ACA42643DC434AFF3BCABC504FC45CE3ABA0BF560D34156C929F847B858A397 |
SHA-512: | FDE41734FD4F3500633CE4A07A337DB5FE4AAB8693D96B986D66CD7E3B4BA0E6D92130347EEE30338CA6DAFA22F35CCDD4D1B889C5BDE9DF54A8093FF71988CC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1275767 |
Entropy (8bit): | 7.397264637586639 |
Encrypted: | false |
SSDEEP: | 24576:pRmJkcoQricOIQxiZY1iaJ+QdSbdZwy1mynIMrNdUtl85Pf:mJZoQrbTFZY1iaJB0zDIME6 |
MD5: | 34280E3A145D8D865EFEDF422B568E46 |
SHA1: | D5E2B2072A08A672D87446DF36E513095945D151 |
SHA-256: | 4FFAD08E9B831394159944B7C719BD9A80EFCDE000EBFA788DE1A23F64007B91 |
SHA-512: | 20C33FC3B8AB2F6988BB8B149E625BAAD6D442B6E278AB0AF1F4FE793272CCDF2803AF503CF1E1E3CCD1DA8503EDFCF8D26745E685518D4B40023FB9C1DFA284 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\name.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 270 |
Entropy (8bit): | 3.4297698362729916 |
Encrypted: | false |
SSDEEP: | 6:DMM8lfm3OOQdUfclo5ZsUEZ+lX1Al1AE6nriIM8lfQVn:DsO+vNlzQ1A1z4mA2n |
MD5: | 3DA73F5D6073C0D8F7B9CEE8DF5035A7 |
SHA1: | D4B44315FD7C6171A9CC03899A00E593AE78CDE7 |
SHA-256: | 1F2D7E91D96B7DA16BC230D9C519E5E0A6A78FCD6B3468E590D5A97239BB420B |
SHA-512: | CE2041AA9AAFE863C44296E4ED58BA207E4849584AB057B93354F10679DC1BFAE50241EEDAD74DCC4D7AF6C8ADC3A97E4581F56E5E71955651D52BA866ED763B |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.397264637586639 |
TrID: |
|
File name: | z84TTREMITTANCEUSD347_432_63.exe |
File size: | 1'275'767 bytes |
MD5: | 34280e3a145d8d865efedf422b568e46 |
SHA1: | d5e2b2072a08a672d87446df36e513095945d151 |
SHA256: | 4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91 |
SHA512: | 20c33fc3b8ab2f6988bb8b149e625baad6d442b6e278ab0af1f4fe793272ccdf2803af503cf1e1e3ccd1da8503edfcf8d26745e685518d4b40023fb9c1dfa284 |
SSDEEP: | 24576:pRmJkcoQricOIQxiZY1iaJ+QdSbdZwy1mynIMrNdUtl85Pf:mJZoQrbTFZY1iaJB0zDIME6 |
TLSH: | 8645DF21B5D240E5D1E22EB25D79F355BA6A6D260222819FE3C839F10E73380D7297F7 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L.. |
Icon Hash: | cf818c848c8a814f |
Entrypoint: | 0x4165c1 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | d3bf8a7746a8d1ee8f6e5960c3f69378 |
Instruction |
---|
call 00007F59186F28FBh |
jmp 00007F59186E976Eh |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
push edi |
push esi |
mov esi, dword ptr [ebp+0Ch] |
mov ecx, dword ptr [ebp+10h] |
mov edi, dword ptr [ebp+08h] |
mov eax, ecx |
mov edx, ecx |
add eax, esi |
cmp edi, esi |
jbe 00007F59186E98EAh |
cmp edi, eax |
jc 00007F59186E9A86h |
cmp ecx, 00000080h |
jc 00007F59186E98FEh |
cmp dword ptr [004A9724h], 00000000h |
je 00007F59186E98F5h |
push edi |
push esi |
and edi, 0Fh |
and esi, 0Fh |
cmp edi, esi |
pop esi |
pop edi |
jne 00007F59186E98E7h |
jmp 00007F59186E9CC2h |
test edi, 00000003h |
jne 00007F59186E98F6h |
shr ecx, 02h |
and edx, 03h |
cmp ecx, 08h |
jc 00007F59186E990Bh |
rep movsd |
jmp dword ptr [00416740h+edx*4] |
mov eax, edi |
mov edx, 00000003h |
sub ecx, 04h |
jc 00007F59186E98EEh |
and eax, 03h |
add ecx, eax |
jmp dword ptr [00416654h+eax*4] |
jmp dword ptr [00416750h+ecx*4] |
nop |
jmp dword ptr [004166D4h+ecx*4] |
nop |
inc cx |
add byte ptr [eax-4BFFBE9Ah], dl |
inc cx |
add byte ptr [ebx], ah |
ror dword ptr [edx-75F877FAh], 1 |
inc esi |
add dword ptr [eax+468A0147h], ecx |
add al, cl |
jmp 00007F591AB620E7h |
add esi, 03h |
add edi, 03h |
cmp ecx, 08h |
jc 00007F59186E98AEh |
rep movsd |
jmp dword ptr [00000000h+edx*4] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8d41c | 0x154 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xab000 | 0x13778 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x82000 | 0x844 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x8061c | 0x80800 | 61ffce4768976fa0dd2a8f6a97b1417a | False | 0.5583182605787937 | data | 6.684690148171278 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x82000 | 0xdfc0 | 0xe000 | 0354bc5f2376b5e9a4a3ba38b682dff1 | False | 0.36085728236607145 | data | 4.799741132252136 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x90000 | 0x1a758 | 0x6800 | 8033f5a38941b4685bc2299e78f31221 | False | 0.15324519230769232 | data | 2.1500715391677487 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xab000 | 0x13778 | 0x13800 | deaf8cf0ab1ab56c5b616d6567464a39 | False | 0.08774038461538461 | data | 3.8891256142087705 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xab448 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xab570 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xab698 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xab7c0 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | Great Britain | 0.05220040222406246 |
RT_MENU | 0xbbfe8 | 0x50 | data | English | Great Britain | 0.9 |
RT_DIALOG | 0xbc038 | 0xfc | data | English | Great Britain | 0.6507936507936508 |
RT_STRING | 0xbc138 | 0x530 | data | English | Great Britain | 0.33960843373493976 |
RT_STRING | 0xbc668 | 0x690 | data | English | Great Britain | 0.26964285714285713 |
RT_STRING | 0xbccf8 | 0x4d0 | data | English | Great Britain | 0.36363636363636365 |
RT_STRING | 0xbd1c8 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0xbd7c8 | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0xbde28 | 0x388 | data | English | Great Britain | 0.377212389380531 |
RT_STRING | 0xbe1b0 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | United States | 0.502906976744186 |
RT_GROUP_ICON | 0xbe308 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0xbe320 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0xbe338 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0xbe350 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0xbe368 | 0x19c | data | English | Great Britain | 0.5339805825242718 |
RT_MANIFEST | 0xbe508 | 0x26c | ASCII text, with CRLF line terminators | English | United States | 0.5145161290322581 |
DLL | Import |
---|---|
WSOCK32.dll | __WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv |
VERSION.dll | VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy |
MPR.dll | WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW |
WININET.dll | InternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable |
PSAPI.DLL | EnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules |
USERENV.dll | CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW |
KERNEL32.dll | HeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA |
USER32.dll | GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId |
GDI32.dll | DeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey |
SHELL32.dll | DragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish |
ole32.dll | OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString |
OLEAUT32.dll | VariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain | |
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-25T15:34:13.196430+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49704 | 193.122.130.0 | 80 | TCP |
2024-09-25T15:34:14.071432+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49704 | 193.122.130.0 | 80 | TCP |
2024-09-25T15:34:14.669336+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.5 | 49706 | 188.114.97.3 | 443 | TCP |
2024-09-25T15:34:15.196577+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49707 | 193.122.130.0 | 80 | TCP |
2024-09-25T15:34:20.252908+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.5 | 49716 | 188.114.97.3 | 443 | TCP |
2024-09-25T15:34:31.649538+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49728 | 193.122.130.0 | 80 | TCP |
2024-09-25T15:34:32.446433+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49728 | 193.122.130.0 | 80 | TCP |
2024-09-25T15:34:33.024873+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.5 | 49730 | 188.114.97.3 | 443 | TCP |
2024-09-25T15:34:33.540191+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49731 | 193.122.130.0 | 80 | TCP |
2024-09-25T15:34:36.632789+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.5 | 49736 | 188.114.97.3 | 443 | TCP |
2024-09-25T15:34:40.422975+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.5 | 49742 | 188.114.97.3 | 443 | TCP |
2024-09-25T15:34:41.510510+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.5 | 49744 | 188.114.97.3 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 25, 2024 15:34:12.581237078 CEST | 49704 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:12.586313009 CEST | 80 | 49704 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:12.586431026 CEST | 49704 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:12.586656094 CEST | 49704 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:12.591537952 CEST | 80 | 49704 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:13.043016911 CEST | 80 | 49704 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:13.047588110 CEST | 49704 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:13.052464962 CEST | 80 | 49704 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:13.148109913 CEST | 80 | 49704 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:13.196429968 CEST | 49704 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:13.248842955 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:13.248905897 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:13.248965025 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:13.257680893 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:13.257707119 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:13.725975037 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:13.726097107 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:13.731532097 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:13.731559038 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:13.731873989 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:13.774548054 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:13.786104918 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:13.827410936 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:13.905750036 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:13.905848026 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:13.905916929 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:13.911629915 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:13.919938087 CEST | 49704 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:13.925615072 CEST | 80 | 49704 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:14.020360947 CEST | 80 | 49704 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:14.024252892 CEST | 49706 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:14.024302959 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:14.024363041 CEST | 49706 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:14.024894953 CEST | 49706 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:14.024905920 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:14.071432114 CEST | 49704 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:14.484841108 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:14.510226965 CEST | 49706 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:14.510253906 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:14.669363022 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:14.669465065 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:14.669543982 CEST | 49706 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:14.671973944 CEST | 49706 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:14.676212072 CEST | 49704 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:14.677148104 CEST | 49707 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:14.685264111 CEST | 80 | 49704 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:14.685359001 CEST | 49704 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:14.685425997 CEST | 80 | 49707 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:14.685503960 CEST | 49707 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:14.685621977 CEST | 49707 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:14.692595005 CEST | 80 | 49707 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:15.151278973 CEST | 80 | 49707 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:15.152816057 CEST | 49708 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:15.152863979 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:15.152926922 CEST | 49708 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:15.153175116 CEST | 49708 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:15.153192043 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:15.196577072 CEST | 49707 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:15.619410992 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:15.621073008 CEST | 49708 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:15.621103048 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:15.770495892 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:15.770595074 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:15.770657063 CEST | 49708 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:15.771104097 CEST | 49708 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:15.775443077 CEST | 49709 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:15.780755043 CEST | 80 | 49709 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:15.780910015 CEST | 49709 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:15.780987024 CEST | 49709 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:15.785984993 CEST | 80 | 49709 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:16.246324062 CEST | 80 | 49709 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:16.247935057 CEST | 49710 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:16.247989893 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:16.248065948 CEST | 49710 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:16.248370886 CEST | 49710 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:16.248388052 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:16.290218115 CEST | 49709 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:16.707850933 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:16.712722063 CEST | 49710 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:16.712747097 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:16.877177000 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:16.877271891 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:16.877389908 CEST | 49710 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:16.877893925 CEST | 49710 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:16.881756067 CEST | 49709 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:16.882369995 CEST | 49711 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:16.887324095 CEST | 80 | 49711 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:16.887428999 CEST | 49711 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:16.887588978 CEST | 49711 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:16.887751102 CEST | 80 | 49709 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:16.887799025 CEST | 49709 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:16.892692089 CEST | 80 | 49711 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:17.343688965 CEST | 80 | 49711 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:17.344837904 CEST | 49712 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:17.344885111 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:17.344942093 CEST | 49712 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:17.345215082 CEST | 49712 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:17.345231056 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:17.384030104 CEST | 49711 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:17.888473034 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:17.890209913 CEST | 49712 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:17.890243053 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:18.042293072 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:18.042404890 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:18.042465925 CEST | 49712 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:18.043100119 CEST | 49712 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:18.046253920 CEST | 49711 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:18.047427893 CEST | 49713 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:18.051300049 CEST | 80 | 49711 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:18.051373959 CEST | 49711 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:18.052185059 CEST | 80 | 49713 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:18.052261114 CEST | 49713 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:18.052330017 CEST | 49713 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:18.057065010 CEST | 80 | 49713 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:18.525022984 CEST | 80 | 49713 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:18.526212931 CEST | 49714 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:18.526267052 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:18.526343107 CEST | 49714 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:18.526624918 CEST | 49714 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:18.526635885 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:18.571433067 CEST | 49713 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:18.986736059 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:18.988616943 CEST | 49714 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:18.988655090 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:19.124022007 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:19.124141932 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:19.124257088 CEST | 49714 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:19.124639034 CEST | 49714 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:19.129589081 CEST | 49713 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:19.130141973 CEST | 49715 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:19.134855032 CEST | 80 | 49713 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:19.134955883 CEST | 80 | 49715 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:19.134962082 CEST | 49713 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:19.135020971 CEST | 49715 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:19.135159969 CEST | 49715 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:19.139908075 CEST | 80 | 49715 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:19.612426043 CEST | 80 | 49715 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:19.631499052 CEST | 49716 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:19.631545067 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:19.631625891 CEST | 49716 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:19.635328054 CEST | 49716 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:19.635344028 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:19.665178061 CEST | 49715 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:20.109774113 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:20.111756086 CEST | 49716 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:20.111773968 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:20.252928972 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:20.253016949 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:20.253071070 CEST | 49716 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:20.253688097 CEST | 49716 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:20.257005930 CEST | 49715 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:20.258047104 CEST | 49717 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:20.262160063 CEST | 80 | 49715 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:20.262240887 CEST | 49715 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:20.262886047 CEST | 80 | 49717 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:20.262965918 CEST | 49717 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:20.263055086 CEST | 49717 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:20.267787933 CEST | 80 | 49717 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:20.725817919 CEST | 80 | 49717 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:20.727561951 CEST | 49718 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:20.727616072 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:20.727807045 CEST | 49718 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:20.727986097 CEST | 49718 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:20.727993965 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:20.774678946 CEST | 49717 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:21.188690901 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:21.190346003 CEST | 49718 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:21.190373898 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:21.339232922 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:21.339349031 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:21.339409113 CEST | 49718 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:21.339858055 CEST | 49718 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:21.342550039 CEST | 49717 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:21.343561888 CEST | 49719 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:21.348079920 CEST | 80 | 49717 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:21.348149061 CEST | 49717 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:21.348442078 CEST | 80 | 49719 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:21.348500967 CEST | 49719 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:21.348597050 CEST | 49719 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:21.353384972 CEST | 80 | 49719 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:21.814506054 CEST | 80 | 49719 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:21.815855980 CEST | 49720 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:21.815911055 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:21.816018105 CEST | 49720 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:21.816271067 CEST | 49720 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:21.816282988 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:21.868419886 CEST | 49719 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:22.293684006 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:22.325692892 CEST | 49720 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:22.325731039 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:22.436657906 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:22.436748981 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:22.438249111 CEST | 49720 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:22.443674088 CEST | 49720 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:22.668061018 CEST | 49719 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:22.798058033 CEST | 80 | 49719 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:22.798170090 CEST | 49719 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:22.800473928 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:22.800522089 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:22.802602053 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:22.802602053 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:22.802635908 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:23.449409008 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:23.449668884 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:23.451430082 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:23.451452017 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:23.451706886 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:23.453175068 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:23.499394894 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:23.693469048 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:23.693636894 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:23.693742990 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:23.753400087 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:29.243438959 CEST | 49707 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:29.553328037 CEST | 49727 | 587 | 192.168.2.5 | 208.91.198.143 |
Sep 25, 2024 15:34:29.558243036 CEST | 587 | 49727 | 208.91.198.143 | 192.168.2.5 |
Sep 25, 2024 15:34:29.558336020 CEST | 49727 | 587 | 192.168.2.5 | 208.91.198.143 |
Sep 25, 2024 15:34:31.013031960 CEST | 49728 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:31.018217087 CEST | 80 | 49728 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:31.018311977 CEST | 49728 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:31.018636942 CEST | 49728 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:31.023416042 CEST | 80 | 49728 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:31.474561930 CEST | 80 | 49728 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:31.478653908 CEST | 49728 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:31.483485937 CEST | 80 | 49728 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:31.596568108 CEST | 80 | 49728 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:31.638556957 CEST | 49729 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:31.638608932 CEST | 443 | 49729 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:31.638705015 CEST | 49729 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:31.643544912 CEST | 49729 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:31.643562078 CEST | 443 | 49729 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:31.649538040 CEST | 49728 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:32.108644962 CEST | 443 | 49729 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:32.108732939 CEST | 49729 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:32.110960960 CEST | 49729 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:32.110974073 CEST | 443 | 49729 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:32.111248970 CEST | 443 | 49729 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:32.165219069 CEST | 49729 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:32.173873901 CEST | 49729 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:32.215409040 CEST | 443 | 49729 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:32.290801048 CEST | 443 | 49729 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:32.290908098 CEST | 443 | 49729 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:32.291034937 CEST | 49729 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:32.294621944 CEST | 49729 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:32.305228949 CEST | 49728 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:32.310250044 CEST | 80 | 49728 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:32.405152082 CEST | 80 | 49728 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:32.407718897 CEST | 49730 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:32.407785892 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:32.407855034 CEST | 49730 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:32.408134937 CEST | 49730 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:32.408149958 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:32.446433067 CEST | 49728 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:32.865061998 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:32.867124081 CEST | 49730 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:32.867158890 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:33.024976015 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:33.025333881 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:33.025394917 CEST | 49730 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:33.025850058 CEST | 49730 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:33.029983997 CEST | 49728 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:33.031043053 CEST | 49731 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:33.035145998 CEST | 80 | 49728 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:33.035295010 CEST | 49728 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:33.035927057 CEST | 80 | 49731 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:33.036071062 CEST | 49731 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:33.036124945 CEST | 49731 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:33.041173935 CEST | 80 | 49731 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:33.498054981 CEST | 80 | 49731 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:33.499646902 CEST | 49732 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:33.499706984 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:33.499880075 CEST | 49732 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:33.500179052 CEST | 49732 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:33.500193119 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:33.540190935 CEST | 49731 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:34.135346889 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:34.137427092 CEST | 49732 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:34.137464046 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:34.461196899 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:34.461596966 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:34.461764097 CEST | 49732 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:34.462080002 CEST | 49732 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:34.467442036 CEST | 49733 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:34.472245932 CEST | 80 | 49733 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:34.472323895 CEST | 49733 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:34.472502947 CEST | 49733 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:34.477282047 CEST | 80 | 49733 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:34.946387053 CEST | 80 | 49733 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:34.947911024 CEST | 49734 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:34.947972059 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:34.948061943 CEST | 49734 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:34.948424101 CEST | 49734 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:34.948436975 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:34.993401051 CEST | 49733 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:35.408077955 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:35.413256884 CEST | 49734 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:35.413335085 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:35.546947002 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:35.547041893 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:35.547095060 CEST | 49734 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:35.548012018 CEST | 49734 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:35.551122904 CEST | 49733 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:35.552189112 CEST | 49735 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:35.556924105 CEST | 80 | 49733 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:35.557468891 CEST | 49733 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:35.561271906 CEST | 80 | 49735 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:35.561443090 CEST | 49735 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:35.561443090 CEST | 49735 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:35.566270113 CEST | 80 | 49735 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:36.024744987 CEST | 80 | 49735 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:36.026382923 CEST | 49736 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:36.026415110 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:36.026484966 CEST | 49736 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:36.026770115 CEST | 49736 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:36.026783943 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:36.071420908 CEST | 49735 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:36.482688904 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:36.484467030 CEST | 49736 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:36.484492064 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:36.632805109 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:36.632910013 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:36.632971048 CEST | 49736 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:36.633399010 CEST | 49736 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:36.636383057 CEST | 49735 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:36.637316942 CEST | 49737 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:36.641433001 CEST | 80 | 49735 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:36.641508102 CEST | 49735 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:36.642146111 CEST | 80 | 49737 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:36.642218113 CEST | 49737 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:36.642313957 CEST | 49737 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:36.647140980 CEST | 80 | 49737 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:37.116503000 CEST | 80 | 49737 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:37.117826939 CEST | 49738 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:37.117860079 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:37.117949009 CEST | 49738 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:37.118200064 CEST | 49738 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:37.118213892 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:37.165163994 CEST | 49737 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:37.588989019 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:37.590833902 CEST | 49738 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:37.590873003 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:37.736109972 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:37.736200094 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:37.736277103 CEST | 49738 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:37.736737013 CEST | 49738 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:37.739871025 CEST | 49737 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:37.741714001 CEST | 49739 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:37.745209932 CEST | 80 | 49737 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:37.745356083 CEST | 49737 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:37.746985912 CEST | 80 | 49739 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:37.747066975 CEST | 49739 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:37.747138023 CEST | 49739 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:37.751972914 CEST | 80 | 49739 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:38.398482084 CEST | 80 | 49739 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:38.400008917 CEST | 49740 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:38.400063992 CEST | 443 | 49740 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:38.400137901 CEST | 49740 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:38.400412083 CEST | 49740 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:38.400425911 CEST | 443 | 49740 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:38.416734934 CEST | 80 | 49739 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:38.416819096 CEST | 49739 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:38.902406931 CEST | 443 | 49740 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:38.904150009 CEST | 49740 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:38.904187918 CEST | 443 | 49740 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:39.057833910 CEST | 443 | 49740 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:39.057929039 CEST | 443 | 49740 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:39.058060884 CEST | 49740 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:39.058569908 CEST | 49740 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:39.061604023 CEST | 49739 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:39.062612057 CEST | 49741 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:39.068701982 CEST | 80 | 49739 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:39.068800926 CEST | 49739 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:39.069072962 CEST | 80 | 49741 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:39.069147110 CEST | 49741 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:39.069367886 CEST | 49741 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:39.074369907 CEST | 80 | 49741 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:39.526000023 CEST | 80 | 49741 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:39.527417898 CEST | 49742 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:39.527482033 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:39.527616024 CEST | 49742 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:39.528083086 CEST | 49742 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:39.528100967 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:39.571412086 CEST | 49741 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:40.004652977 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:40.006540060 CEST | 49742 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:40.006577969 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:40.423075914 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:40.423368931 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:40.423589945 CEST | 49742 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:40.423827887 CEST | 49742 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:40.426841974 CEST | 49741 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:40.428031921 CEST | 49743 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:40.432586908 CEST | 80 | 49741 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:40.432684898 CEST | 49741 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:40.432857990 CEST | 80 | 49743 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:40.432941914 CEST | 49743 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:40.433010101 CEST | 49743 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:40.438024044 CEST | 80 | 49743 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:40.888156891 CEST | 80 | 49743 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:40.889388084 CEST | 49744 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:40.889442921 CEST | 443 | 49744 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:40.889516115 CEST | 49744 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:40.890233040 CEST | 49744 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:40.890242100 CEST | 443 | 49744 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:40.930819988 CEST | 49743 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:41.362942934 CEST | 443 | 49744 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:41.364790916 CEST | 49744 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:41.364811897 CEST | 443 | 49744 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:41.510667086 CEST | 443 | 49744 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:41.510911942 CEST | 443 | 49744 | 188.114.97.3 | 192.168.2.5 |
Sep 25, 2024 15:34:41.510997057 CEST | 49744 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:41.511363029 CEST | 49744 | 443 | 192.168.2.5 | 188.114.97.3 |
Sep 25, 2024 15:34:41.520195007 CEST | 49743 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:41.521039009 CEST | 49745 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:41.521092892 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:41.521166086 CEST | 49745 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:41.521553040 CEST | 49745 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:41.521565914 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:41.525412083 CEST | 80 | 49743 | 193.122.130.0 | 192.168.2.5 |
Sep 25, 2024 15:34:41.525475025 CEST | 49743 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:42.133115053 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:42.133250952 CEST | 49745 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:42.135411978 CEST | 49745 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:42.135422945 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:42.135680914 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:42.137406111 CEST | 49745 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:42.183448076 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:42.382025003 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:42.382112980 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.5 |
Sep 25, 2024 15:34:42.382245064 CEST | 49745 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:42.385351896 CEST | 49745 | 443 | 192.168.2.5 | 149.154.167.220 |
Sep 25, 2024 15:34:47.572478056 CEST | 49731 | 80 | 192.168.2.5 | 193.122.130.0 |
Sep 25, 2024 15:34:47.697118998 CEST | 49746 | 587 | 192.168.2.5 | 208.91.198.143 |
Sep 25, 2024 15:34:47.702080965 CEST | 587 | 49746 | 208.91.198.143 | 192.168.2.5 |
Sep 25, 2024 15:34:47.702604055 CEST | 49746 | 587 | 192.168.2.5 | 208.91.198.143 |
Sep 25, 2024 15:34:50.920111895 CEST | 587 | 49727 | 208.91.198.143 | 192.168.2.5 |
Sep 25, 2024 15:34:50.920222044 CEST | 49727 | 587 | 192.168.2.5 | 208.91.198.143 |
Sep 25, 2024 15:34:50.923108101 CEST | 49727 | 587 | 192.168.2.5 | 208.91.198.143 |
Sep 25, 2024 15:34:50.928105116 CEST | 587 | 49727 | 208.91.198.143 | 192.168.2.5 |
Sep 25, 2024 15:35:09.075583935 CEST | 587 | 49746 | 208.91.198.143 | 192.168.2.5 |
Sep 25, 2024 15:35:09.075709105 CEST | 49746 | 587 | 192.168.2.5 | 208.91.198.143 |
Sep 25, 2024 15:35:09.077517986 CEST | 49746 | 587 | 192.168.2.5 | 208.91.198.143 |
Sep 25, 2024 15:35:09.082259893 CEST | 587 | 49746 | 208.91.198.143 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 25, 2024 15:34:12.536870003 CEST | 61343 | 53 | 192.168.2.5 | 1.1.1.1 |
Sep 25, 2024 15:34:12.545280933 CEST | 53 | 61343 | 1.1.1.1 | 192.168.2.5 |
Sep 25, 2024 15:34:13.240186930 CEST | 56348 | 53 | 192.168.2.5 | 1.1.1.1 |
Sep 25, 2024 15:34:13.248141050 CEST | 53 | 56348 | 1.1.1.1 | 192.168.2.5 |
Sep 25, 2024 15:34:22.668358088 CEST | 50014 | 53 | 192.168.2.5 | 1.1.1.1 |
Sep 25, 2024 15:34:22.799654007 CEST | 53 | 50014 | 1.1.1.1 | 192.168.2.5 |
Sep 25, 2024 15:34:29.530595064 CEST | 53898 | 53 | 192.168.2.5 | 1.1.1.1 |
Sep 25, 2024 15:34:29.540354013 CEST | 53 | 53898 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 25, 2024 15:34:12.536870003 CEST | 192.168.2.5 | 1.1.1.1 | 0xdb38 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 25, 2024 15:34:13.240186930 CEST | 192.168.2.5 | 1.1.1.1 | 0xcf92 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 25, 2024 15:34:22.668358088 CEST | 192.168.2.5 | 1.1.1.1 | 0x497c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 25, 2024 15:34:29.530595064 CEST | 192.168.2.5 | 1.1.1.1 | 0x6792 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 25, 2024 15:34:12.545280933 CEST | 1.1.1.1 | 192.168.2.5 | 0xdb38 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 25, 2024 15:34:12.545280933 CEST | 1.1.1.1 | 192.168.2.5 | 0xdb38 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Sep 25, 2024 15:34:12.545280933 CEST | 1.1.1.1 | 192.168.2.5 | 0xdb38 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Sep 25, 2024 15:34:12.545280933 CEST | 1.1.1.1 | 192.168.2.5 | 0xdb38 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Sep 25, 2024 15:34:12.545280933 CEST | 1.1.1.1 | 192.168.2.5 | 0xdb38 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Sep 25, 2024 15:34:12.545280933 CEST | 1.1.1.1 | 192.168.2.5 | 0xdb38 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Sep 25, 2024 15:34:13.248141050 CEST | 1.1.1.1 | 192.168.2.5 | 0xcf92 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 25, 2024 15:34:13.248141050 CEST | 1.1.1.1 | 192.168.2.5 | 0xcf92 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 25, 2024 15:34:22.799654007 CEST | 1.1.1.1 | 192.168.2.5 | 0x497c | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
Sep 25, 2024 15:34:29.540354013 CEST | 1.1.1.1 | 192.168.2.5 | 0x6792 | No error (0) | 208.91.198.143 | A (IP address) | IN (0x0001) | false | ||
Sep 25, 2024 15:34:29.540354013 CEST | 1.1.1.1 | 192.168.2.5 | 0x6792 | No error (0) | 208.91.199.224 | A (IP address) | IN (0x0001) | false | ||
Sep 25, 2024 15:34:29.540354013 CEST | 1.1.1.1 | 192.168.2.5 | 0x6792 | No error (0) | 208.91.199.225 | A (IP address) | IN (0x0001) | false | ||
Sep 25, 2024 15:34:29.540354013 CEST | 1.1.1.1 | 192.168.2.5 | 0x6792 | No error (0) | 208.91.199.223 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49704 | 193.122.130.0 | 80 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:12.586656094 CEST | 151 | OUT | |
Sep 25, 2024 15:34:13.043016911 CEST | 320 | IN | |
Sep 25, 2024 15:34:13.047588110 CEST | 127 | OUT | |
Sep 25, 2024 15:34:13.148109913 CEST | 320 | IN | |
Sep 25, 2024 15:34:13.919938087 CEST | 127 | OUT | |
Sep 25, 2024 15:34:14.020360947 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49707 | 193.122.130.0 | 80 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:14.685621977 CEST | 127 | OUT | |
Sep 25, 2024 15:34:15.151278973 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49709 | 193.122.130.0 | 80 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:15.780987024 CEST | 151 | OUT | |
Sep 25, 2024 15:34:16.246324062 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49711 | 193.122.130.0 | 80 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:16.887588978 CEST | 151 | OUT | |
Sep 25, 2024 15:34:17.343688965 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49713 | 193.122.130.0 | 80 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:18.052330017 CEST | 151 | OUT | |
Sep 25, 2024 15:34:18.525022984 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49715 | 193.122.130.0 | 80 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:19.135159969 CEST | 151 | OUT | |
Sep 25, 2024 15:34:19.612426043 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49717 | 193.122.130.0 | 80 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:20.263055086 CEST | 151 | OUT | |
Sep 25, 2024 15:34:20.725817919 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49719 | 193.122.130.0 | 80 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:21.348597050 CEST | 151 | OUT | |
Sep 25, 2024 15:34:21.814506054 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49728 | 193.122.130.0 | 80 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:31.018636942 CEST | 151 | OUT | |
Sep 25, 2024 15:34:31.474561930 CEST | 320 | IN | |
Sep 25, 2024 15:34:31.478653908 CEST | 127 | OUT | |
Sep 25, 2024 15:34:31.596568108 CEST | 320 | IN | |
Sep 25, 2024 15:34:32.305228949 CEST | 127 | OUT | |
Sep 25, 2024 15:34:32.405152082 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 49731 | 193.122.130.0 | 80 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:33.036124945 CEST | 127 | OUT | |
Sep 25, 2024 15:34:33.498054981 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.5 | 49733 | 193.122.130.0 | 80 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:34.472502947 CEST | 151 | OUT | |
Sep 25, 2024 15:34:34.946387053 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.5 | 49735 | 193.122.130.0 | 80 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:35.561443090 CEST | 151 | OUT | |
Sep 25, 2024 15:34:36.024744987 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.5 | 49737 | 193.122.130.0 | 80 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:36.642313957 CEST | 151 | OUT | |
Sep 25, 2024 15:34:37.116503000 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.5 | 49739 | 193.122.130.0 | 80 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:37.747138023 CEST | 151 | OUT | |
Sep 25, 2024 15:34:38.398482084 CEST | 320 | IN | |
Sep 25, 2024 15:34:38.416734934 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.5 | 49741 | 193.122.130.0 | 80 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:39.069367886 CEST | 151 | OUT | |
Sep 25, 2024 15:34:39.526000023 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.5 | 49743 | 193.122.130.0 | 80 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2024 15:34:40.433010101 CEST | 151 | OUT | |
Sep 25, 2024 15:34:40.888156891 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49705 | 188.114.97.3 | 443 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:13 UTC | 84 | OUT | |
2024-09-25 13:34:13 UTC | 678 | IN | |
2024-09-25 13:34:13 UTC | 340 | IN | |
2024-09-25 13:34:13 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49706 | 188.114.97.3 | 443 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:14 UTC | 60 | OUT | |
2024-09-25 13:34:14 UTC | 680 | IN | |
2024-09-25 13:34:14 UTC | 340 | IN | |
2024-09-25 13:34:14 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49708 | 188.114.97.3 | 443 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:15 UTC | 84 | OUT | |
2024-09-25 13:34:15 UTC | 684 | IN | |
2024-09-25 13:34:15 UTC | 340 | IN | |
2024-09-25 13:34:15 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49710 | 188.114.97.3 | 443 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:16 UTC | 84 | OUT | |
2024-09-25 13:34:16 UTC | 670 | IN | |
2024-09-25 13:34:16 UTC | 340 | IN | |
2024-09-25 13:34:16 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49712 | 188.114.97.3 | 443 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:17 UTC | 84 | OUT | |
2024-09-25 13:34:18 UTC | 672 | IN | |
2024-09-25 13:34:18 UTC | 340 | IN | |
2024-09-25 13:34:18 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49714 | 188.114.97.3 | 443 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:18 UTC | 84 | OUT | |
2024-09-25 13:34:19 UTC | 678 | IN | |
2024-09-25 13:34:19 UTC | 340 | IN | |
2024-09-25 13:34:19 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49716 | 188.114.97.3 | 443 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:20 UTC | 60 | OUT | |
2024-09-25 13:34:20 UTC | 676 | IN | |
2024-09-25 13:34:20 UTC | 340 | IN | |
2024-09-25 13:34:20 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49718 | 188.114.97.3 | 443 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:21 UTC | 84 | OUT | |
2024-09-25 13:34:21 UTC | 688 | IN | |
2024-09-25 13:34:21 UTC | 340 | IN | |
2024-09-25 13:34:21 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49720 | 188.114.97.3 | 443 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:22 UTC | 84 | OUT | |
2024-09-25 13:34:22 UTC | 678 | IN | |
2024-09-25 13:34:22 UTC | 340 | IN | |
2024-09-25 13:34:22 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 49722 | 149.154.167.220 | 443 | 6004 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:23 UTC | 349 | OUT | |
2024-09-25 13:34:23 UTC | 344 | IN | |
2024-09-25 13:34:23 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.5 | 49729 | 188.114.97.3 | 443 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:32 UTC | 84 | OUT | |
2024-09-25 13:34:32 UTC | 678 | IN | |
2024-09-25 13:34:32 UTC | 340 | IN | |
2024-09-25 13:34:32 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.5 | 49730 | 188.114.97.3 | 443 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:32 UTC | 60 | OUT | |
2024-09-25 13:34:33 UTC | 680 | IN | |
2024-09-25 13:34:33 UTC | 340 | IN | |
2024-09-25 13:34:33 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.5 | 49732 | 188.114.97.3 | 443 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:34 UTC | 84 | OUT | |
2024-09-25 13:34:34 UTC | 678 | IN | |
2024-09-25 13:34:34 UTC | 340 | IN | |
2024-09-25 13:34:34 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.5 | 49734 | 188.114.97.3 | 443 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:35 UTC | 84 | OUT | |
2024-09-25 13:34:35 UTC | 676 | IN | |
2024-09-25 13:34:35 UTC | 340 | IN | |
2024-09-25 13:34:35 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.5 | 49736 | 188.114.97.3 | 443 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:36 UTC | 60 | OUT | |
2024-09-25 13:34:36 UTC | 680 | IN | |
2024-09-25 13:34:36 UTC | 340 | IN | |
2024-09-25 13:34:36 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.5 | 49738 | 188.114.97.3 | 443 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:37 UTC | 84 | OUT | |
2024-09-25 13:34:37 UTC | 680 | IN | |
2024-09-25 13:34:37 UTC | 340 | IN | |
2024-09-25 13:34:37 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.5 | 49740 | 188.114.97.3 | 443 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:38 UTC | 84 | OUT | |
2024-09-25 13:34:39 UTC | 674 | IN | |
2024-09-25 13:34:39 UTC | 340 | IN | |
2024-09-25 13:34:39 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.5 | 49742 | 188.114.97.3 | 443 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:40 UTC | 60 | OUT | |
2024-09-25 13:34:40 UTC | 680 | IN | |
2024-09-25 13:34:40 UTC | 340 | IN | |
2024-09-25 13:34:40 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.5 | 49744 | 188.114.97.3 | 443 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:41 UTC | 60 | OUT | |
2024-09-25 13:34:41 UTC | 672 | IN | |
2024-09-25 13:34:41 UTC | 340 | IN | |
2024-09-25 13:34:41 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.5 | 49745 | 149.154.167.220 | 443 | 6488 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-25 13:34:42 UTC | 349 | OUT | |
2024-09-25 13:34:42 UTC | 344 | IN | |
2024-09-25 13:34:42 UTC | 55 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:34:03 |
Start date: | 25/09/2024 |
Path: | C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'275'767 bytes |
MD5 hash: | 34280E3A145D8D865EFEDF422B568E46 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 09:34:08 |
Start date: | 25/09/2024 |
Path: | C:\Users\user\AppData\Local\directory\name.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'275'767 bytes |
MD5 hash: | 34280E3A145D8D865EFEDF422B568E46 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 09:34:10 |
Start date: | 25/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x290000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Target ID: | 5 |
Start time: | 09:34:22 |
Start date: | 25/09/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ffbf0000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 09:34:25 |
Start date: | 25/09/2024 |
Path: | C:\Users\user\AppData\Local\directory\name.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'275'767 bytes |
MD5 hash: | 34280E3A145D8D865EFEDF422B568E46 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 09:34:29 |
Start date: | 25/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x990000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 3.1% |
Dynamic/Decrypted Code Coverage: | 0.4% |
Signature Coverage: | 8.8% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 35 |
Graph
Function 004096A0 Relevance: 33.9, APIs: 21, Instructions: 2413COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D590 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EBD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004091E0 Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004528BD Relevance: 19.7, APIs: 13, Instructions: 173COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410490 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 56windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410390 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401100 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowtimeregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03EC2D90 Relevance: 10.7, APIs: 7, Instructions: 151fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E4C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F250 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03EC4820 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 144fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03EC3470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00475077 Relevance: 4.9, APIs: 3, Instructions: 390COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00475300 Relevance: 4.6, APIs: 3, Instructions: 141COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E0C0 Relevance: 4.6, APIs: 3, Instructions: 82windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043213D Relevance: 4.5, APIs: 3, Instructions: 38COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409519 Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AFA0 Relevance: 3.3, APIs: 2, Instructions: 258COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00467897 Relevance: 3.2, APIs: 2, Instructions: 170COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00467AC4 Relevance: 3.1, APIs: 2, Instructions: 130COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F760 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D6B0 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F110 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414FE2 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03EC34E0 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402F00 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410CFC Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408F40 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045E17D Relevance: 1.6, APIs: 1, Instructions: 60COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443E36 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03EC2D50 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03EC2D20 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004149C2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040DA20 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03EC470C Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03EC4710 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047C81C Relevance: 74.2, APIs: 40, Strings: 2, Instructions: 674windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434418 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 133keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00446313 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 234processCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044BD27 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 178filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004788BD Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 217timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00431A86 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004720DB Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 377timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442886 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 135fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004333BE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86shutdownCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00446124 Relevance: 16.7, APIs: 11, Instructions: 182COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043305F Relevance: 16.6, APIs: 11, Instructions: 122COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045A10F Relevance: 16.6, APIs: 11, Instructions: 120clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452492 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 128filesleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A208 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047A330 Relevance: 7.6, APIs: 5, Instructions: 71windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045CAFA Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004339B6 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047EA6F Relevance: 2.0, APIs: 1, Instructions: 502COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436CD7 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472C3F Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F250 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040FA10 Relevance: .6, Instructions: 607COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004129D0 Relevance: .4, Instructions: 355COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004125E8 Relevance: .3, Instructions: 349COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412216 Relevance: .3, Instructions: 332COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03EC5A70 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03EC5960 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03EC5900 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03EC42E0 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004594E9 Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 490filewindowcomCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004417BF Relevance: 49.8, APIs: 33, Instructions: 275COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004590BD Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 291windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430737 Relevance: 43.6, APIs: 29, Instructions: 108COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046B9D7 Relevance: 40.7, APIs: 17, Strings: 6, Instructions: 415registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004565B2 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 291windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00471BC9 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 313windowtimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455A89 Relevance: 31.9, APIs: 21, Instructions: 395COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417C20 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004341E6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046A07E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 253windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00468B0E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 207windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00460879 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045FD57 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 227windowsleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004313CA Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00432A10 Relevance: 21.1, APIs: 14, Instructions: 140timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004551F5 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 115windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433493 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 84networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445BE4 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 77windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443B61 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00454014 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 93windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00467C8E Relevance: 18.3, APIs: 12, Instructions: 310COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004357B7 Relevance: 18.2, APIs: 12, Instructions: 184COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433784 Relevance: 18.1, APIs: 12, Instructions: 119COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046CB5F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 304comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004718BA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 147windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458651 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00470B6C Relevance: 16.6, APIs: 11, Instructions: 125COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004542ED Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 271libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046C5FA Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 208comCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004710F1 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 157windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004505F0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 147windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00469BF3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045DC4C Relevance: 15.2, APIs: 10, Instructions: 190COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004485CB Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434034 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047679F Relevance: 13.8, APIs: 9, Instructions: 307COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004561DA Relevance: 13.7, APIs: 9, Instructions: 164COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441165 Relevance: 13.6, APIs: 9, Instructions: 142COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00432704 Relevance: 13.5, APIs: 9, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045EA0F Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 325timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004091B0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AA86 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045FBAC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044BBD2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 105filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041793C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046822A Relevance: 12.3, APIs: 8, Instructions: 267COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B489 Relevance: 12.1, APIs: 8, Instructions: 102fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00415214 Relevance: 12.1, APIs: 8, Instructions: 66threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044734F Relevance: 10.7, APIs: 7, Instructions: 210COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044982A Relevance: 10.6, APIs: 7, Instructions: 135COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448AB2 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450B7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F6F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413D7F Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436C6E Relevance: 10.5, APIs: 7, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413D1A Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043028B Relevance: 9.3, APIs: 6, Instructions: 255COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004577E9 Relevance: 9.2, APIs: 6, Instructions: 217COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444BFC Relevance: 9.2, APIs: 6, Instructions: 163COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451B42 Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452D3F Relevance: 9.1, APIs: 6, Instructions: 144fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447BA8 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044900D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440A0D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448804 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441078 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00471A38 Relevance: 9.1, APIs: 6, Instructions: 79windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455616 Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044389A Relevance: 9.1, APIs: 6, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455168 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004552FA Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004556C8 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004331A2 Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045559F Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447275 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044CC51 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B63B Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004151BB Relevance: 9.0, APIs: 6, Instructions: 29threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045F790 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 216windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448480 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00469CDB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00461554 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00462A31 Relevance: 7.7, APIs: 5, Instructions: 227COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004757A7 Relevance: 7.7, APIs: 5, Instructions: 220COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047D40F Relevance: 7.6, APIs: 5, Instructions: 120sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045C3C1 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436A0B Relevance: 7.6, APIs: 5, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449555 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004478AC Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004479A0 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447BF1 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004487EA Relevance: 7.6, APIs: 5, Instructions: 89COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004550FC Relevance: 7.6, APIs: 5, Instructions: 78COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445870 Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004653C8 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044719B Relevance: 7.6, APIs: 5, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434582 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004556A0 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004555ED Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455607 Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FD29 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413D0E Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004151AF Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043659E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044A856 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045FA41 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434B02 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450D6B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450ACC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004496E9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004312CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004312FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043129A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430C7F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430DC1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451D2B Relevance: 6.4, APIs: 4, Instructions: 405COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00479500 Relevance: 6.2, APIs: 4, Instructions: 162memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046993E Relevance: 6.1, APIs: 4, Instructions: 149windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004499DB Relevance: 6.1, APIs: 4, Instructions: 145COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041415F Relevance: 6.1, APIs: 4, Instructions: 130COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441672 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D1AF Relevance: 6.1, APIs: 4, Instructions: 103fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045039B Relevance: 6.1, APIs: 4, Instructions: 102COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442A83 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047438B Relevance: 6.1, APIs: 4, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004494A5 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046888B Relevance: 6.1, APIs: 4, Instructions: 80COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047A26A Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434CC9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 75stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046D402 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448C3C Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458A61 Relevance: 6.1, APIs: 4, Instructions: 71networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004368A0 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004301F8 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443C87 Relevance: 6.1, APIs: 4, Instructions: 57synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430B87 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433908 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434963 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F584 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004556BE Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B5E8 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004472F1 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472B63 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472BB2 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041514D Relevance: 6.0, APIs: 4, Instructions: 16threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00467215 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181shareCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004667E1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044835A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451006 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451321 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00476CA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00465225 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044256C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004560F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442651 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441BE8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004370C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|