Windows
Analysis Report
________.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- ________.exe (PID: 2916 cmdline:
"C:\Users\ user\Deskt op\_______ _.exe" MD5: 89B3B4723EA3983FC0F103EAF3093EDC) - ________.exe (PID: 5916 cmdline:
"C:\Users\ user\Deskt op\_______ _.exe" MD5: 89B3B4723EA3983FC0F103EAF3093EDC)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Username": "wajahat@foodex.com.pk", "Password": "wajahat1975", "Host": "mail.foodex.com.pk", "Port": "587", "Version": "4.4"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_3 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 1 entries |
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: frack113: |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-11-12T07:36:32.879752+0100 | 2022930 | 1 | A Network Trojan was detected | 52.149.20.212 | 443 | 192.168.2.8 | 49706 | TCP |
2024-11-12T07:37:12.770892+0100 | 2022930 | 1 | A Network Trojan was detected | 52.149.20.212 | 443 | 192.168.2.8 | 49732 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-11-12T07:36:50.311923+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.8 | 49717 | 188.114.96.3 | 443 | TCP |
2024-11-12T07:36:52.391719+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.8 | 49719 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-11-12T07:36:47.682495+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49715 | 193.122.130.0 | 80 | TCP |
2024-11-12T07:36:48.280641+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49715 | 193.122.130.0 | 80 | TCP |
2024-11-12T07:36:49.593155+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49715 | 193.122.130.0 | 80 | TCP |
2024-11-12T07:36:51.686922+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49718 | 193.122.130.0 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Location Tracking |
---|
Source: | DNS query: |
Source: | Code function: | 3_2_35E986C4 | |
Source: | Code function: | 3_2_35E98EF1 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 1_2_00405772 | |
Source: | Code function: | 1_2_0040622D | |
Source: | Code function: | 1_2_00402770 | |
Source: | Code function: | 3_2_00402770 | |
Source: | Code function: | 3_2_00405772 | |
Source: | Code function: | 3_2_0040622D |
Source: | Code function: | 3_2_0015F150 | |
Source: | Code function: | 3_2_0015F33C | |
Source: | Code function: | 3_2_0015F3B8 | |
Source: | Code function: | 3_2_0015F804 | |
Source: | Code function: | 3_2_32D4E068 | |
Source: | Code function: | 3_2_32D42DD0 | |
Source: | Code function: | 3_2_32D42970 | |
Source: | Code function: | 3_2_32D4FA78 | |
Source: | Code function: | 3_2_32D4F620 | |
Source: | Code function: | 3_2_32D4D7B8 | |
Source: | Code function: | 3_2_32D4D360 | |
Source: | Code function: | 3_2_32D4CF08 | |
Source: | Code function: | 3_2_32D40B30 | |
Source: | Code function: | 3_2_32D40B30 | |
Source: | Code function: | 3_2_32D4E4C0 | |
Source: | Code function: | 3_2_32D40040 | |
Source: | Code function: | 3_2_32D4DC10 | |
Source: | Code function: | 3_2_32D42DC3 | |
Source: | Code function: | 3_2_32D4F1C8 | |
Source: | Code function: | 3_2_32D4ED70 | |
Source: | Code function: | 3_2_32D43116 | |
Source: | Code function: | 3_2_32D4E918 | |
Source: | Code function: | 3_2_35E98FB0 | |
Source: | Code function: | 3_2_35E97B78 | |
Source: | Code function: | 3_2_35E90040 | |
Source: | Code function: | 3_2_35E9C5E8 | |
Source: | Code function: | 3_2_35E915F8 | |
Source: | Code function: | 3_2_35E95BD8 | |
Source: | Code function: | 3_2_35E9E5D8 | |
Source: | Code function: | 3_2_35E9B3A8 | |
Source: | Code function: | 3_2_35E911A0 | |
Source: | Code function: | 3_2_35E92BB0 | |
Source: | Code function: | 3_2_35E9F388 | |
Source: | Code function: | 3_2_35E95780 | |
Source: | Code function: | 3_2_35E9D398 | |
Source: | Code function: | 3_2_35E9E148 | |
Source: | Code function: | 3_2_35E90D48 | |
Source: | Code function: | 3_2_35E9C158 | |
Source: | Code function: | 3_2_35E92758 | |
Source: | Code function: | 3_2_35E95328 | |
Source: | Code function: | 3_2_35E97720 | |
Source: | Code function: | 3_2_35E9CF08 | |
Source: | Code function: | 3_2_35E92300 | |
Source: | Code function: | 3_2_35E9AF18 | |
Source: | Code function: | 3_2_35E9EEF8 | |
Source: | Code function: | 3_2_35E908F0 | |
Source: | Code function: | 3_2_35E9BCC8 | |
Source: | Code function: | 3_2_35E972C8 | |
Source: | Code function: | 3_2_35E94ED0 | |
Source: | Code function: | 3_2_35E91EA8 | |
Source: | Code function: | 3_2_35E9DCB8 | |
Source: | Code function: | 3_2_35E9ACBC | |
Source: | Code function: | 3_2_35E96488 | |
Source: | Code function: | 3_2_35E9308D | |
Source: | Code function: | 3_2_35E90498 | |
Source: | Code function: | 3_2_35E9EA68 | |
Source: | Code function: | 3_2_35E93460 | |
Source: | Code function: | 3_2_35E9CA78 | |
Source: | Code function: | 3_2_35E94A78 | |
Source: | Code function: | 3_2_35E96E70 | |
Source: | Code function: | 3_2_35E91A50 | |
Source: | Code function: | 3_2_35E9D828 | |
Source: | Code function: | 3_2_35E94620 | |
Source: | Code function: | 3_2_35E9B838 | |
Source: | Code function: | 3_2_35E96030 | |
Source: | Code function: | 3_2_35E96A18 | |
Source: | Code function: | 3_2_35E9F818 | |
Source: | Code function: | 3_2_35F061E8 | |
Source: | Code function: | 3_2_35F05B48 | |
Source: | Code function: | 3_2_35F03238 | |
Source: | Code function: | 3_2_35F00DF0 | |
Source: | Code function: | 3_2_35F08CF0 | |
Source: | Code function: | 3_2_35F01FF8 | |
Source: | Code function: | 3_2_35F0B7F8 | |
Source: | Code function: | 3_2_35F0CFE0 | |
Source: | Code function: | 3_2_35F03FE8 | |
Source: | Code function: | 3_2_35F0FAE8 | |
Source: | Code function: | 3_2_35F004D0 | |
Source: | Code function: | 3_2_35F079D0 | |
Source: | Code function: | 3_2_35F0A4D8 | |
Source: | Code function: | 3_2_35F0BCC0 | |
Source: | Code function: | 3_2_35F036C8 | |
Source: | Code function: | 3_2_35F0E7C8 | |
Source: | Code function: | 3_2_35F066B0 | |
Source: | Code function: | 3_2_35F056B8 | |
Source: | Code function: | 3_2_35F091B8 | |
Source: | Code function: | 3_2_35F0A9A0 | |
Source: | Code function: | 3_2_35F02DA8 | |
Source: | Code function: | 3_2_35F0D4A8 | |
Source: | Code function: | 3_2_35F0EC90 | |
Source: | Code function: | 3_2_35F04D98 | |
Source: | Code function: | 3_2_35F07E98 | |
Source: | Code function: | 3_2_35F01280 | |
Source: | Code function: | 3_2_35F09680 | |
Source: | Code function: | 3_2_35F02488 | |
Source: | Code function: | 3_2_35F0C188 | |
Source: | Code function: | 3_2_35F0D970 | |
Source: | Code function: | 3_2_35F04478 | |
Source: | Code function: | 3_2_35F06B78 | |
Source: | Code function: | 3_2_35F00960 | |
Source: | Code function: | 3_2_35F08360 | |
Source: | Code function: | 3_2_35F01B68 | |
Source: | Code function: | 3_2_35F0AE68 | |
Source: | Code function: | 3_2_35F0C650 | |
Source: | Code function: | 3_2_35F03B58 | |
Source: | Code function: | 3_2_35F0F158 | |
Source: | Code function: | 3_2_35F00040 | |
Source: | Code function: | 3_2_35F07040 | |
Source: | Code function: | 3_2_35F09B48 | |
Source: | Code function: | 3_2_35F0B330 | |
Source: | Code function: | 3_2_35F0DE38 | |
Source: | Code function: | 3_2_35F0F620 | |
Source: | Code function: | 3_2_35F05228 | |
Source: | Code function: | 3_2_35F08828 | |
Source: | Code function: | 3_2_35F01710 | |
Source: | Code function: | 3_2_35F0A010 | |
Source: | Code function: | 3_2_35F02918 | |
Source: | Code function: | 3_2_35F0CB18 | |
Source: | Code function: | 3_2_35F0E300 | |
Source: | Code function: | 3_2_35F04908 | |
Source: | Code function: | 3_2_35F07508 | |
Source: | Code function: | 3_2_35F31828 | |
Source: | Code function: | 3_2_35F309D0 | |
Source: | Code function: | 3_2_35F31360 | |
Source: | Code function: | 3_2_35F30508 | |
Source: | Code function: | 3_2_35F30E98 | |
Source: | Code function: | 3_2_35F30040 | |
Source: | Code function: | 3_2_360B3E70 | |
Source: | Code function: | 3_2_360B3E60 | |
Source: | Code function: | 3_2_360B0D26 | |
Source: | Code function: | 3_2_360B0A10 | |
Source: | Code function: | 3_2_360B09E1 |
Networking |
---|
Source: | DNS query: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 1_2_004052D3 |
Source: | Code function: | 1_2_0040335A | |
Source: | Code function: | 3_2_0040335A |
Source: | File created: | Jump to behavior |
Source: | Code function: | 1_2_00404B10 | |
Source: | Code function: | 1_2_0040653F | |
Source: | Code function: | 3_2_00404B10 | |
Source: | Code function: | 3_2_0040653F | |
Source: | Code function: | 3_2_0015D2CD | |
Source: | Code function: | 3_2_00155370 | |
Source: | Code function: | 3_2_0015D599 | |
Source: | Code function: | 3_2_0015C5C0 | |
Source: | Code function: | 3_2_001577A0 | |
Source: | Code function: | 3_2_00155968 | |
Source: | Code function: | 3_2_001529E0 | |
Source: | Code function: | 3_2_0015CA58 | |
Source: | Code function: | 3_2_0015AA78 | |
Source: | Code function: | 3_2_0015EC18 | |
Source: | Code function: | 3_2_0015CD28 | |
Source: | Code function: | 3_2_00157F18 | |
Source: | Code function: | 3_2_0015CFF7 | |
Source: | Code function: | 3_2_0015C788 | |
Source: | Code function: | 3_2_0015F804 | |
Source: | Code function: | 3_2_0015EC0C | |
Source: | Code function: | 3_2_0015FC48 | |
Source: | Code function: | 3_2_00153E09 | |
Source: | Code function: | 3_2_32D45290 | |
Source: | Code function: | 3_2_32D42288 | |
Source: | Code function: | 3_2_32D41BA8 | |
Source: | Code function: | 3_2_32D4E068 | |
Source: | Code function: | 3_2_32D49590 | |
Source: | Code function: | 3_2_32D42970 | |
Source: | Code function: | 3_2_32D49E80 | |
Source: | Code function: | 3_2_32D45283 | |
Source: | Code function: | 3_2_32D4FA78 | |
Source: | Code function: | 3_2_32D42278 | |
Source: | Code function: | 3_2_32D4FA69 | |
Source: | Code function: | 3_2_32D4F610 | |
Source: | Code function: | 3_2_32D48E08 | |
Source: | Code function: | 3_2_32D4F620 | |
Source: | Code function: | 3_2_32D41B97 | |
Source: | Code function: | 3_2_32D497B0 | |
Source: | Code function: | 3_2_32D4D7B8 | |
Source: | Code function: | 3_2_32D4D351 | |
Source: | Code function: | 3_2_32D4D360 | |
Source: | Code function: | 3_2_32D4CF08 | |
Source: | Code function: | 3_2_32D4C737 | |
Source: | Code function: | 3_2_32D40B30 | |
Source: | Code function: | 3_2_32D40B20 | |
Source: | Code function: | 3_2_32D4E4C0 | |
Source: | Code function: | 3_2_32D4E4B1 | |
Source: | Code function: | 3_2_32D4E4BF | |
Source: | Code function: | 3_2_32D4E059 | |
Source: | Code function: | 3_2_32D40040 | |
Source: | Code function: | 3_2_32D4DC10 | |
Source: | Code function: | 3_2_32D40006 | |
Source: | Code function: | 3_2_32D4DC01 | |
Source: | Code function: | 3_2_32D4F1C8 | |
Source: | Code function: | 3_2_32D48DF9 | |
Source: | Code function: | 3_2_32D4F1B9 | |
Source: | Code function: | 3_2_32D4ED70 | |
Source: | Code function: | 3_2_32D4ED60 | |
Source: | Code function: | 3_2_32D4C961 | |
Source: | Code function: | 3_2_32D4E918 | |
Source: | Code function: | 3_2_32D4E908 | |
Source: | Code function: | 3_2_35E981D0 | |
Source: | Code function: | 3_2_35E98FB0 | |
Source: | Code function: | 3_2_35E97B78 | |
Source: | Code function: | 3_2_35E90040 | |
Source: | Code function: | 3_2_35E9C5E8 | |
Source: | Code function: | 3_2_35E915E8 | |
Source: | Code function: | 3_2_35E915F8 | |
Source: | Code function: | 3_2_35E9E5C8 | |
Source: | Code function: | 3_2_35E95BD8 | |
Source: | Code function: | 3_2_35E9E5D8 | |
Source: | Code function: | 3_2_35E9C5D8 | |
Source: | Code function: | 3_2_35E9B3A8 | |
Source: | Code function: | 3_2_35E92BAF | |
Source: | Code function: | 3_2_35E98FA1 | |
Source: | Code function: | 3_2_35E911A0 | |
Source: | Code function: | 3_2_35E92BA0 | |
Source: | Code function: | 3_2_35E92BB0 | |
Source: | Code function: | 3_2_35E9F388 | |
Source: | Code function: | 3_2_35E95780 | |
Source: | Code function: | 3_2_35E9D387 | |
Source: | Code function: | 3_2_35E9D398 | |
Source: | Code function: | 3_2_35E9B398 | |
Source: | Code function: | 3_2_35E9119F | |
Source: | Code function: | 3_2_35E91190 | |
Source: | Code function: | 3_2_35E97B69 | |
Source: | Code function: | 3_2_35E9F378 | |
Source: | Code function: | 3_2_35E97B77 | |
Source: | Code function: | 3_2_35E92749 | |
Source: | Code function: | 3_2_35E9E148 | |
Source: | Code function: | 3_2_35E90D48 | |
Source: | Code function: | 3_2_35E9C148 | |
Source: | Code function: | 3_2_35E9C158 | |
Source: | Code function: | 3_2_35E92758 | |
Source: | Code function: | 3_2_35E92757 | |
Source: | Code function: | 3_2_35E95328 | |
Source: | Code function: | 3_2_35E9A528 | |
Source: | Code function: | 3_2_35E97720 | |
Source: | Code function: | 3_2_35E97722 | |
Source: | Code function: | 3_2_35E9A538 | |
Source: | Code function: | 3_2_35E9E138 | |
Source: | Code function: | 3_2_35E9CF08 | |
Source: | Code function: | 3_2_35E92300 | |
Source: | Code function: | 3_2_35E9AF07 | |
Source: | Code function: | 3_2_35E9AF18 | |
Source: | Code function: | 3_2_35E994E2 | |
Source: | Code function: | 3_2_35E9EEE7 | |
Source: | Code function: | 3_2_35E9EEF8 | |
Source: | Code function: | 3_2_35E908F0 | |
Source: | Code function: | 3_2_35E922F0 | |
Source: | Code function: | 3_2_35E9CEF7 | |
Source: | Code function: | 3_2_35E9BCC8 | |
Source: | Code function: | 3_2_35E972C8 | |
Source: | Code function: | 3_2_35E980C8 | |
Source: | Code function: | 3_2_35E94ED0 | |
Source: | Code function: | 3_2_35E91EA8 | |
Source: | Code function: | 3_2_35E9FCA8 | |
Source: | Code function: | 3_2_35E938A8 | |
Source: | Code function: | 3_2_35E9DCA7 | |
Source: | Code function: | 3_2_35E938B8 | |
Source: | Code function: | 3_2_35E9DCB8 | |
Source: | Code function: | 3_2_35E972B8 | |
Source: | Code function: | 3_2_35E9BCB7 | |
Source: | Code function: | 3_2_35E96488 | |
Source: | Code function: | 3_2_35E90498 | |
Source: | Code function: | 3_2_35E91E98 | |
Source: | Code function: | 3_2_35E9FC98 | |
Source: | Code function: | 3_2_35E9EA68 | |
Source: | Code function: | 3_2_35E93460 | |
Source: | Code function: | 3_2_35E9CA67 | |
Source: | Code function: | 3_2_35E9CA78 | |
Source: | Code function: | 3_2_35E94A78 | |
Source: | Code function: | 3_2_35E96E70 | |
Source: | Code function: | 3_2_35E91A41 | |
Source: | Code function: | 3_2_35E91A50 | |
Source: | Code function: | 3_2_35E93450 | |
Source: | Code function: | 3_2_35E9EA57 | |
Source: | Code function: | 3_2_35E9B829 | |
Source: | Code function: | 3_2_35E9D828 | |
Source: | Code function: | 3_2_35E96021 | |
Source: | Code function: | 3_2_35E94620 | |
Source: | Code function: | 3_2_35E90027 | |
Source: | Code function: | 3_2_35E9B838 | |
Source: | Code function: | 3_2_35E96030 | |
Source: | Code function: | 3_2_35E9F809 | |
Source: | Code function: | 3_2_35E96A07 | |
Source: | Code function: | 3_2_35E9D819 | |
Source: | Code function: | 3_2_35E96A18 | |
Source: | Code function: | 3_2_35E9F818 | |
Source: | Code function: | 3_2_35E94610 | |
Source: | Code function: | 3_2_35F061E8 | |
Source: | Code function: | 3_2_35F05B48 | |
Source: | Code function: | 3_2_35F03238 | |
Source: | Code function: | 3_2_35F00DF0 | |
Source: | Code function: | 3_2_35F08CF0 | |
Source: | Code function: | 3_2_35F01FF8 | |
Source: | Code function: | 3_2_35F0B7F8 | |
Source: | Code function: | 3_2_35F074F8 | |
Source: | Code function: | 3_2_35F048F9 | |
Source: | Code function: | 3_2_35F09FFF | |
Source: | Code function: | 3_2_35F0CFE0 | |
Source: | Code function: | 3_2_35F00DE0 | |
Source: | Code function: | 3_2_35F08CE1 | |
Source: | Code function: | 3_2_35F03FE8 | |
Source: | Code function: | 3_2_35F0FAE8 | |
Source: | Code function: | 3_2_35F01FE8 | |
Source: | Code function: | 3_2_35F0B7E8 | |
Source: | Code function: | 3_2_35F0E2EF | |
Source: | Code function: | 3_2_35F004D0 | |
Source: | Code function: | 3_2_35F079D0 | |
Source: | Code function: | 3_2_35F0CFD0 | |
Source: | Code function: | 3_2_35F0FAD7 | |
Source: | Code function: | 3_2_35F0A4D8 | |
Source: | Code function: | 3_2_35F03FD8 | |
Source: | Code function: | 3_2_35F061D8 | |
Source: | Code function: | 3_2_35F0BCC0 | |
Source: | Code function: | 3_2_35F004C0 | |
Source: | Code function: | 3_2_35F079C0 | |
Source: | Code function: | 3_2_35F036C8 | |
Source: | Code function: | 3_2_35F0E7C8 | |
Source: | Code function: | 3_2_35F0A4C8 | |
Source: | Code function: | 3_2_35F066B0 | |
Source: | Code function: | 3_2_35F0BCB2 | |
Source: | Code function: | 3_2_35F056B8 | |
Source: | Code function: | 3_2_35F091B8 | |
Source: | Code function: | 3_2_35F036B9 | |
Source: | Code function: | 3_2_35F0E7B9 | |
Source: | Code function: | 3_2_35F0A9A0 | |
Source: | Code function: | 3_2_35F066A0 | |
Source: | Code function: | 3_2_35F091A7 | |
Source: | Code function: | 3_2_35F02DA8 | |
Source: | Code function: | 3_2_35F0D4A8 | |
Source: | Code function: | 3_2_35F056A9 | |
Source: | Code function: | 3_2_35F061A9 | |
Source: | Code function: | 3_2_35F0EC90 | |
Source: | Code function: | 3_2_35F0D497 | |
Source: | Code function: | 3_2_35F04D98 | |
Source: | Code function: | 3_2_35F07E98 | |
Source: | Code function: | 3_2_35F02D9A | |
Source: | Code function: | 3_2_35F01280 | |
Source: | Code function: | 3_2_35F09680 | |
Source: | Code function: | 3_2_35F0EC81 | |
Source: | Code function: | 3_2_35F02488 | |
Source: | Code function: | 3_2_35F0C188 | |
Source: | Code function: | 3_2_35F04D89 | |
Source: | Code function: | 3_2_35F07E89 | |
Source: | Code function: | 3_2_35F0A98F | |
Source: | Code function: | 3_2_35F0D970 | |
Source: | Code function: | 3_2_35F02477 | |
Source: | Code function: | 3_2_35F04478 | |
Source: | Code function: | 3_2_35F06B78 | |
Source: | Code function: | 3_2_35F0C178 | |
Source: | Code function: | 3_2_35F00960 | |
Source: | Code function: | 3_2_35F08360 | |
Source: | Code function: | 3_2_35F0D960 | |
Source: | Code function: | 3_2_35F04467 | |
Source: | Code function: | 3_2_35F01B68 | |
Source: | Code function: | 3_2_35F0AE68 | |
Source: | Code function: | 3_2_35F06B6A | |
Source: | Code function: | 3_2_35F0126F | |
Source: | Code function: | 3_2_35F0966F | |
Source: | Code function: | 3_2_35F0C650 | |
Source: | Code function: | 3_2_35F00950 | |
Source: | Code function: | 3_2_35F08350 | |
Source: | Code function: | 3_2_35F03B58 | |
Source: | Code function: | 3_2_35F0F158 | |
Source: | Code function: | 3_2_35F01B58 | |
Source: | Code function: | 3_2_35F0AE58 | |
Source: | Code function: | 3_2_35F00040 | |
Source: | Code function: | 3_2_35F07040 | |
Source: | Code function: | 3_2_35F0C641 | |
Source: | Code function: | 3_2_35F0F147 | |
Source: | Code function: | 3_2_35F09B48 | |
Source: | Code function: | 3_2_35F03B48 | |
Source: | Code function: | 3_2_35F0B330 | |
Source: | Code function: | 3_2_35F05B37 | |
Source: | Code function: | 3_2_35F0DE38 | |
Source: | Code function: | 3_2_35F09B38 | |
Source: | Code function: | 3_2_35F0F620 | |
Source: | Code function: | 3_2_35F03227 | |
Source: | Code function: | 3_2_35F05228 | |
Source: | Code function: | 3_2_35F08828 | |
Source: | Code function: | 3_2_35F0DE28 | |
Source: | Code function: | 3_2_35F0702F | |
Source: | Code function: | 3_2_35F01710 | |
Source: | Code function: | 3_2_35F0A010 | |
Source: | Code function: | 3_2_35F0F610 | |
Source: | Code function: | 3_2_35F0CB16 | |
Source: | Code function: | 3_2_35F02918 | |
Source: | Code function: | 3_2_35F0CB18 | |
Source: | Code function: | 3_2_35F05218 | |
Source: | Code function: | 3_2_35F08819 | |
Source: | Code function: | 3_2_35F0B31F | |
Source: | Code function: | 3_2_35F0E300 | |
Source: | Code function: | 3_2_35F01701 | |
Source: | Code function: | 3_2_35F00006 | |
Source: | Code function: | 3_2_35F04908 | |
Source: | Code function: | 3_2_35F07508 | |
Source: | Code function: | 3_2_35F0290A | |
Source: | Code function: | 3_2_35F2D0D0 | |
Source: | Code function: | 3_2_35F26A80 | |
Source: | Code function: | 3_2_35F2E808 | |
Source: | Code function: | 3_2_35F28BF3 | |
Source: | Code function: | 3_2_35F25DF0 | |
Source: | Code function: | 3_2_35F2E7FB | |
Source: | Code function: | 3_2_35F22BF8 | |
Source: | Code function: | 3_2_35F241E0 | |
Source: | Code function: | 3_2_35F20FE0 | |
Source: | Code function: | 3_2_35F241D1 | |
Source: | Code function: | 3_2_35F257C0 | |
Source: | Code function: | 3_2_35F225C0 | |
Source: | Code function: | 3_2_35F2CDC1 | |
Source: | Code function: | 3_2_35F20FCF | |
Source: | Code function: | 3_2_35F225B0 | |
Source: | Code function: | 3_2_35F257B0 | |
Source: | Code function: | 3_2_35F277B0 | |
Source: | Code function: | 3_2_35F23BA0 | |
Source: | Code function: | 3_2_35F209A0 | |
Source: | Code function: | 3_2_35F29DA9 | |
Source: | Code function: | 3_2_35F20990 | |
Source: | Code function: | 3_2_35F23B90 | |
Source: | Code function: | 3_2_35F26D90 | |
Source: | Code function: | 3_2_35F25180 | |
Source: | Code function: | 3_2_35F21F80 | |
Source: | Code function: | 3_2_35F2B981 | |
Source: | Code function: | 3_2_35F29388 | |
Source: | Code function: | 3_2_35F25170 | |
Source: | Code function: | 3_2_35F26760 | |
Source: | Code function: | 3_2_35F23560 | |
Source: | Code function: | 3_2_35F20360 | |
Source: | Code function: | 3_2_35F21F6F | |
Source: | Code function: | 3_2_35F20350 | |
Source: | Code function: | 3_2_35F26751 | |
Source: | Code function: | 3_2_35F24B40 | |
Source: | Code function: | 3_2_35F21940 | |
Source: | Code function: | 3_2_35F2A540 | |
Source: | Code function: | 3_2_35F24B31 | |
Source: | Code function: | 3_2_35F2CB39 | |
Source: | Code function: | 3_2_35F26120 | |
Source: | Code function: | 3_2_35F22F20 | |
Source: | Code function: | 3_2_35F29B20 | |
Source: | Code function: | 3_2_35F2192F | |
Source: | Code function: | 3_2_35F26110 | |
Source: | Code function: | 3_2_35F2C119 | |
Source: | Code function: | 3_2_35F24500 | |
Source: | Code function: | 3_2_35F21300 | |
Source: | Code function: | 3_2_35F29100 | |
Source: | Code function: | 3_2_35F22F0F | |
Source: | Code function: | 3_2_35F212F0 | |
Source: | Code function: | 3_2_35F244F1 | |
Source: | Code function: | 3_2_35F2B6F8 | |
Source: | Code function: | 3_2_35F25AE0 | |
Source: | Code function: | 3_2_35F228E0 | |
Source: | Code function: | 3_2_35F228D0 | |
Source: | Code function: | 3_2_35F2ACD8 | |
Source: | Code function: | 3_2_35F23EC0 | |
Source: | Code function: | 3_2_35F20CC0 | |
Source: | Code function: | 3_2_35F2D0C0 | |
Source: | Code function: | 3_2_35F27CC1 | |
Source: | Code function: | 3_2_35F25ACF | |
Source: | Code function: | 3_2_35F23EB0 | |
Source: | Code function: | 3_2_35F2C8B0 | |
Source: | Code function: | 3_2_35F2A2B8 | |
Source: | Code function: | 3_2_35F254A0 | |
Source: | Code function: | 3_2_35F222A0 | |
Source: | Code function: | 3_2_35F272A1 | |
Source: | Code function: | 3_2_35F20CAF | |
Source: | Code function: | 3_2_35F2BE90 | |
Source: | Code function: | 3_2_35F25491 | |
Source: | Code function: | 3_2_35F29899 | |
Source: | Code function: | 3_2_35F23880 | |
Source: | Code function: | 3_2_35F20680 | |
Source: | Code function: | 3_2_35F2228F | |
Source: | Code function: | 3_2_35F23870 | |
Source: | Code function: | 3_2_35F20670 | |
Source: | Code function: | 3_2_35F2B470 | |
Source: | Code function: | 3_2_35F28E79 | |
Source: | Code function: | 3_2_35F24E60 | |
Source: | Code function: | 3_2_35F21C60 | |
Source: | Code function: | 3_2_35F26A6F | |
Source: | Code function: | 3_2_35F21C50 | |
Source: | Code function: | 3_2_35F24E51 | |
Source: | Code function: | 3_2_35F28459 | |
Source: | Code function: | 3_2_35F23240 | |
Source: | Code function: | 3_2_35F20040 | |
Source: | Code function: | 3_2_35F26440 | |
Source: | Code function: | 3_2_35F23230 | |
Source: | Code function: | 3_2_35F26430 | |
Source: | Code function: | 3_2_35F2003A | |
Source: | Code function: | 3_2_35F27A39 | |
Source: | Code function: | 3_2_35F24820 | |
Source: | Code function: | 3_2_35F21620 | |
Source: | Code function: | 3_2_35F2C628 | |
Source: | Code function: | 3_2_35F29613 | |
Source: | Code function: | 3_2_35F21610 | |
Source: | Code function: | 3_2_35F27019 | |
Source: | Code function: | 3_2_35F25E00 | |
Source: | Code function: | 3_2_35F22C00 | |
Source: | Code function: | 3_2_35F2BC09 | |
Source: | Code function: | 3_2_35F2480F | |
Source: | Code function: | 3_2_35F37FA8 | |
Source: | Code function: | 3_2_35F3F988 | |
Source: | Code function: | 3_2_35F3F668 | |
Source: | Code function: | 3_2_35F31828 | |
Source: | Code function: | 3_2_35F321F1 | |
Source: | Code function: | 3_2_35F3A1F9 | |
Source: | Code function: | 3_2_35F3D3F8 | |
Source: | Code function: | 3_2_35F36DE0 | |
Source: | Code function: | 3_2_35F3B7E8 | |
Source: | Code function: | 3_2_35F385E8 | |
Source: | Code function: | 3_2_35F3E9E8 | |
Source: | Code function: | 3_2_35F347E8 | |
Source: | Code function: | 3_2_35F309D0 | |
Source: | Code function: | 3_2_35F385D7 | |
Source: | Code function: | 3_2_35F3E9D7 | |
Source: | Code function: | 3_2_35F3B7D8 | |
Source: | Code function: | 3_2_35F309C1 | |
Source: | Code function: | 3_2_35F363C0 | |
Source: | Code function: | 3_2_35F39BC8 | |
Source: | Code function: | 3_2_35F3CDC8 | |
Source: | Code function: | 3_2_35F3CDB8 | |
Source: | Code function: | 3_2_35F333A8 | |
Source: | Code function: | 3_2_35F3E3A8 | |
Source: | Code function: | 3_2_35F3B1A8 | |
Source: | Code function: | 3_2_35F3B197 | |
Source: | Code function: | 3_2_35F37F99 | |
Source: | Code function: | 3_2_35F3E399 | |
Source: | Code function: | 3_2_35F34F80 | |
Source: | Code function: | 3_2_35F3C788 | |
Source: | Code function: | 3_2_35F39588 | |
Source: | Code function: | 3_2_35F3957A | |
Source: | Code function: | 3_2_35F3F97A | |
Source: | Code function: | 3_2_35F3C779 | |
Source: | Code function: | 3_2_35F37578 | |
Source: | Code function: | 3_2_35F34561 | |
Source: | Code function: | 3_2_35F31360 | |
Source: | Code function: | 3_2_35F31F68 | |
Source: | Code function: | 3_2_35F3AB68 | |
Source: | Code function: | 3_2_35F3DD68 | |
Source: | Code function: | 3_2_35F3DD59 | |
Source: | Code function: | 3_2_35F36B58 | |
Source: | Code function: | 3_2_35F3AB58 | |
Source: | Code function: | 3_2_35F33B41 | |
Source: | Code function: | 3_2_35F3C148 | |
Source: | Code function: | 3_2_35F38F48 | |
Source: | Code function: | 3_2_35F3F348 | |
Source: | Code function: | 3_2_35F3134F | |
Source: | Code function: | 3_2_35F3C137 | |
Source: | Code function: | 3_2_35F38F38 | |
Source: | Code function: | 3_2_35F3F338 | |
Source: | Code function: | 3_2_35F33120 | |
Source: | Code function: | 3_2_35F3D728 | |
Source: | Code function: | 3_2_35F3A528 | |
Source: | Code function: | 3_2_35F37D12 | |
Source: | Code function: | 3_2_35F3D717 | |
Source: | Code function: | 3_2_35F3A518 | |
Source: | Code function: | 3_2_35F32700 | |
Source: | Code function: | 3_2_35F3ED08 | |
Source: | Code function: | 3_2_35F30508 | |
Source: | Code function: | 3_2_35F38908 | |
Source: | Code function: | 3_2_35F3BB08 | |
Source: | Code function: | 3_2_35F372F1 | |
Source: | Code function: | 3_2_35F304F7 | |
Source: | Code function: | 3_2_35F388F7 | |
Source: | Code function: | 3_2_35F3ECF7 | |
Source: | Code function: | 3_2_35F3BAF9 | |
Source: | Code function: | 3_2_35F34CF8 | |
Source: | Code function: | 3_2_35F3D0E8 | |
Source: | Code function: | 3_2_35F39EE8 | |
Source: | Code function: | 3_2_35F368D0 | |
Source: | Code function: | 3_2_35F3D0DA | |
Source: | Code function: | 3_2_35F342D8 | |
Source: | Code function: | 3_2_35F39ED8 | |
Source: | Code function: | 3_2_35F31CDF | |
Source: | Code function: | 3_2_35F3B4C8 | |
Source: | Code function: | 3_2_35F382C8 | |
Source: | Code function: | 3_2_35F3E6C8 | |
Source: | Code function: | 3_2_35F35EB1 | |
Source: | Code function: | 3_2_35F338B9 | |
Source: | Code function: | 3_2_35F3B4B9 | |
Source: | Code function: | 3_2_35F3E6B9 | |
Source: | Code function: | 3_2_35F382B8 | |
Source: | Code function: | 3_2_35F3FCA8 | |
Source: | Code function: | 3_2_35F3CAA8 | |
Source: | Code function: | 3_2_35F398A8 | |
Source: | Code function: | 3_2_35F35490 | |
Source: | Code function: | 3_2_35F3FC97 | |
Source: | Code function: | 3_2_35F3CA9A | |
Source: | Code function: | 3_2_35F30E98 | |
Source: | Code function: | 3_2_35F32E98 | |
Source: | Code function: | 3_2_35F39898 | |
Source: | Code function: | 3_2_35F30E89 | |
Source: | Code function: | 3_2_35F3E088 | |
Source: | Code function: | 3_2_35F3AE88 | |
Source: | Code function: | 3_2_35F34A70 | |
Source: | Code function: | 3_2_35F3AE7A | |
Source: | Code function: | 3_2_35F32478 | |
Source: | Code function: | 3_2_35F3E07C | |
Source: | Code function: | 3_2_35F3C468 | |
Source: | Code function: | 3_2_35F39268 | |
Source: | Code function: | 3_2_35F37068 | |
Source: | Code function: | 3_2_35F34050 | |
Source: | Code function: | 3_2_35F3C457 | |
Source: | Code function: | 3_2_35F3F659 | |
Source: | Code function: | 3_2_35F39258 | |
Source: | Code function: | 3_2_35F30040 | |
Source: | Code function: | 3_2_35F3A848 | |
Source: | Code function: | 3_2_35F3DA48 | |
Source: | Code function: | 3_2_35F36648 | |
Source: | Code function: | 3_2_35F33630 | |
Source: | Code function: | 3_2_35F3A839 | |
Source: | Code function: | 3_2_35F3DA39 | |
Source: | Code function: | 3_2_35F35C29 | |
Source: | Code function: | 3_2_35F3F028 | |
Source: | Code function: | 3_2_35F38C28 | |
Source: | Code function: | 3_2_35F3BE28 | |
Source: | Code function: | 3_2_35F32C11 | |
Source: | Code function: | 3_2_35F38C1A | |
Source: | Code function: | 3_2_35F31818 | |
Source: | Code function: | 3_2_35F3F018 | |
Source: | Code function: | 3_2_35F30006 | |
Source: | Code function: | 3_2_35F35208 | |
Source: | Code function: | 3_2_35F3D408 | |
Source: | Code function: | 3_2_35F3A208 | |
Source: | Code function: | 3_2_360B36F0 | |
Source: | Code function: | 3_2_360B1470 | |
Source: | Code function: | 3_2_360B3008 | |
Source: | Code function: | 3_2_360B1B50 | |
Source: | Code function: | 3_2_360B2238 | |
Source: | Code function: | 3_2_360B0D88 | |
Source: | Code function: | 3_2_360B4BC7 | |
Source: | Code function: | 3_2_360B2920 | |
Source: | Code function: | 3_2_360B36E1 | |
Source: | Code function: | 3_2_360B1467 | |
Source: | Code function: | 3_2_360B1B3F | |
Source: | Code function: | 3_2_360B2229 | |
Source: | Code function: | 3_2_360B0006 | |
Source: | Code function: | 3_2_360B0040 | |
Source: | Code function: | 3_2_360B2FF8 | |
Source: | Code function: | 3_2_360B0D78 |
Source: | Code function: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 1_2_004045CA |
Source: | Code function: | 1_2_0040206A |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 1_2_00406254 |
Source: | Code function: | 1_2_10002DCE | |
Source: | Code function: | 3_3_0019CA99 | |
Source: | Code function: | 3_3_0019EE65 | |
Source: | Code function: | 3_3_0019EEA9 | |
Source: | Code function: | 3_3_0019CF4D | |
Source: | Code function: | 3_2_00157362 | |
Source: | Code function: | 3_2_32D4942E |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 1_2_00405772 | |
Source: | Code function: | 1_2_0040622D | |
Source: | Code function: | 1_2_00402770 | |
Source: | Code function: | 3_2_00402770 | |
Source: | Code function: | 3_2_00405772 | |
Source: | Code function: | 3_2_0040622D |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_1-4789 | ||
Source: | API call chain: | graph_1-4791 |
Source: | Code function: | 1_2_00406254 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 1_2_00405F0C |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 11 Process Injection | 11 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 3 Non-Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 3 Obfuscated Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | 24 Application Layer Protocol | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1331786 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
reallyfreegeoip.org | 188.114.96.3 | true | false | high | |
foodex.com.pk | 37.27.123.72 | true | true |
| unknown |
api.telegram.org | 149.154.167.220 | true | false | high | |
checkip.dyndns.com | 193.122.130.0 | true | false | high | |
fa2ytg.dm.files.1drv.com | unknown | unknown | true | unknown | |
mail.foodex.com.pk | unknown | unknown | true | unknown | |
api.onedrive.com | unknown | unknown | false | high | |
checkip.dyndns.org | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
188.114.97.3 | unknown | European Union | 13335 | CLOUDFLARENETUS | false | |
188.114.96.3 | reallyfreegeoip.org | European Union | 13335 | CLOUDFLARENETUS | false | |
193.122.130.0 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
37.27.123.72 | foodex.com.pk | Iran (ISLAMIC Republic Of) | 39232 | UNINETAZ | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1554160 |
Start date and time: | 2024-11-12 07:35:12 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 9m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | ________.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/9@7/5 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 13.107.42.12
- Excluded domains from analysis (whitelisted): odc-dm-files-geo.onedrive.akadns.net, odc-dm-files-brs.onedrive.akadns.net, l-0003.l-msedge.net, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, common.be.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, dm-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, ctldl.windowsupdate.com, odc-commonafdrk-geo.onedrive.akadns.net, odc-commonafdrk-brs.onedrive.akadns.net, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
01:36:49 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | GuLoader, Snake Keylogger | Browse | ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | Outlook Phishing, HTMLPhisher | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
188.114.97.3 | Get hash | malicious | Simda Stealer | Browse |
| |
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
reallyfreegeoip.org | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
api.telegram.org | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
Get hash | malicious | Outlook Phishing, HTMLPhisher | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Outlook Phishing, HTMLPhisher | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
ORACLE-BMC-31898US | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nshD4CB.tmp\System.dll | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | ||
Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | Azorult, GuLoader | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | FormBook, GuLoader | Browse |
Process: | C:\Users\user\Desktop\________.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2218188 |
Entropy (8bit): | 2.986726085961109 |
Encrypted: | false |
SSDEEP: | 12288:8W6Gb40pbjQAl/O9uVl3T+lo65mFvCb/fSQd8rRd:8W6GsAjQ2mYV905evY/6Rf |
MD5: | 96D283A2382E1FB51AFB38BA1E81E26C |
SHA1: | FA0CDB7DE06897D81D6DF6463883E72FD73F63F7 |
SHA-256: | 4AB5BD9941534EC0F4EB155FF57002632A69C75D5BB602C13132A3D23D5BA07B |
SHA-512: | 4157227C87ABBABAB23A68F6DE472FDAC1A582BD96E7A7604520F1B7C70A994B586324EFD41F2AE83E087E5D667A9035042CCEA40F500F0AB1CA8F83FCAD1A9E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\________.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11264 |
Entropy (8bit): | 5.801108840712148 |
Encrypted: | false |
SSDEEP: | 192:e/b2HS5ih/7i00eWz9T7PH6yeFcQMI5+Vw+EXWZ77dslFZk:ewSUmWw9T7MmnI5+/F7Kdk |
MD5: | FC90DFB694D0E17B013D6F818BCE41B0 |
SHA1: | 3243969886D640AF3BFA442728B9F0DFF9D5F5B0 |
SHA-256: | 7FE77CA13121A113C59630A3DBA0C8AAA6372E8082393274DA8F8608C4CE4528 |
SHA-512: | 324F13AA7A33C6408E2A57C3484D1691ECEE7C3C1366DE2BB8978C8DC66B18425D8CAB5A32D1702C13C43703E36148A022263DE7166AFDCE141DA2B01169F1C6 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\________.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243457 |
Entropy (8bit): | 1.2556862555304324 |
Encrypted: | false |
SSDEEP: | 768:BObeQfxNU+OmdH9zR+FY73WLYZLbReg24pPjHp5IIHLP96H7ub2g9zEQyhOrqjUC:EfpiYZgCO4zTJJEQ56XsZ3W |
MD5: | 2C2AECA05F67661A0A6798FD3DA68257 |
SHA1: | 43140C33EE2A2C3B729CFDE53AD2A7E4D2436BBB |
SHA-256: | 568B8DEE1985CEAFE404B08549F7363DD53A667C7A2BDF80CA8C57BA7ED9FDA0 |
SHA-512: | F833EF465CFDB410BE15E2D647DFFA91C3787D19E6155B7F33F2A3127368A20C35B15442AA9C5FE5953E85DCA80DB843E530705AC22E5A19ABDB604EF85EC81C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\________.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 370481 |
Entropy (8bit): | 1.2536250775230349 |
Encrypted: | false |
SSDEEP: | 1536:KsTb+NlXRBRrADr1ILH0FvruLfYOL3u4cF:rCNRRsY0FDSQaQ |
MD5: | 0D9A1AE53B3662ECA9655EF20BB4E0CE |
SHA1: | CA647617571F73E4FF815AC7DB91F3FF4BF170A6 |
SHA-256: | 033C22A52C94A106582A33B0C267681B6A4EE7D668E4AA7DA9BD9D0DF05DEA1F |
SHA-512: | CF89E8EE9AFB4491890D8AF3FE2F7B855C41B68DEE9746155E1E05CC0B91B390D69C0DF905FDE22E9F3580241A57B1A5050903AC32F2695AB5F6485ACB5161E8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\________.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.236334007211441 |
Encrypted: | false |
SSDEEP: | 12:NRkE9FLJJzKZl6O8oMOvusjy7TVLt09BQiux:N7nLjG8oM6jMp093ux |
MD5: | F9E44960FAD1DE9A72E38ED010895F2E |
SHA1: | 56742A285F6AF1D49A3C57941D7562B58601E072 |
SHA-256: | 73F4D5E40CB4BBF5C59C41C8CDDB8F9F7D320470538716B66AA7796EDDB7C6C8 |
SHA-512: | A7642172F96CFA0C3BFDB34FA575C40BD7ECD88C43DD4DF3354AAC3A0F7C6C8709B42AC88838CD5CBB4B3AF32BB48B6A9D1D2EB77C5F55295A88876B271EF1FA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\________.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 456900 |
Entropy (8bit): | 6.95283114468952 |
Encrypted: | false |
SSDEEP: | 6144:lBahjMqcVGbP4t0p20jQAdX/O9u3zZERyl3BOg16nXVo65mB:DW6Gb40pbjQAl/O9uVl3T+lo65mB |
MD5: | 12C496943A29DCF170BDE98D58822B0E |
SHA1: | CEF5BAF827A17A114C4B7F40F648B8F32DDF38FD |
SHA-256: | 8974424451EF540534850E0EFE2D71E8E40A4669E43337E8FB1DBEDEAB46C7AE |
SHA-512: | 29F9428F5F50E665070474715F6E7ACD9DA5267B459779AFDA0F4B8FF3E72EB9604E49C9B47F076E5F69DD8BAC75D398180F38AE0824F4EA863F4A73EB9E6B2D |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\________.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 424812 |
Entropy (8bit): | 1.2532745203430722 |
Encrypted: | false |
SSDEEP: | 768:zQN1zNkWceUPEvf5mtuQTyT0Vupr6jgDTslr7WSn3Dpbvj33BIUaE6SKCBLnSOXQ:6GkbAmorbpf6nP6e6RlY8R2KNsyB |
MD5: | A8D5999B820E9BA7EC8AE02AC64BD740 |
SHA1: | 162064D1816D6723954401E5FF406FB815B1FF01 |
SHA-256: | F3F32F4EE9A9CF103B9E6876518F46801AA187864024B28DE7F36AB7A1A00B7F |
SHA-512: | 6D4DC54EA8653AF4D088E8B058ED07F25F8E2B92571C688BDEBF32759DA813C34A3D5B9BCB1095619C67B5797B2881B2F227B8EA592BDCCB3870B1E8A40E1312 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\________.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 486557 |
Entropy (8bit): | 1.2517544244225545 |
Encrypted: | false |
SSDEEP: | 1536:uRoqTXoly8kLiqpTbJDQAw9WGCEHBg2Ed5:2IkLfpTlDQAOL |
MD5: | 4F7A0E04C31521449860638552DDC981 |
SHA1: | D6FF38322926347DED812C57690D26DD6BB167A0 |
SHA-256: | 37B7F63261C13F15D9889F297B29273A7B81EB306009F466A0A4383C954F7F49 |
SHA-512: | B5620E786B307EBF3259AE6B5AACD8E2A9B75427DAA88C6CDEBD0D0E62A5ACE6983A131F2B70E35703BEA0E3CEFD4A9B26B7706AEFBECB87F7AFAE0B38740CC9 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\________.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 207254 |
Entropy (8bit): | 1.2604686518033184 |
Encrypted: | false |
SSDEEP: | 768:od51waTQFApCdHNsdUp09xiXes7NAnAC+qFvVdhVMtdubYN/UIC6mTtRzcScEfQt:hA6C9AG+alAKUcyZ9oE |
MD5: | 43A8D782AD3A56D7ECD14E52CAEA0F41 |
SHA1: | FCDFF92EC42BEDC2297AE1ECB3C8A009E9A900BF |
SHA-256: | 06AB90D835D1CCFF3CFD1AE37956891918190037D989B4072B4E7ABD5B5418C6 |
SHA-512: | 6EEBAC37056096ED7C0C97EA44A4FEDB7DD54DF826171F5733FF72AE0943C6D156F66CCD8239866180AF8FC7793480EDCCACE317BE58F37BEFB12CA43A390871 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.6649956695668875 |
TrID: |
|
File name: | ________.exe |
File size: | 847'584 bytes |
MD5: | 89b3b4723ea3983fc0f103eaf3093edc |
SHA1: | bb6fb38b57fd6694e0803d1de469f0a326e231f4 |
SHA256: | 69a0042174fbffed7ac840081ec1d5618f2a70fe4d56078b98a1db06627f9eab |
SHA512: | 74befa13a84be96af3d7209113b11511dde96835c1a8a7a3453649cddf383d356a034632c58cc4778389495625fef0da894c03a75e5e04afdcf6eadc3dc947fa |
SSDEEP: | 24576:UvYV0HT73uFztJXcrBbO3j8xa93BPapMMjC+eN3o67:POzaRcBbO3j193SLjC+ko |
TLSH: | C4051242F6D4816AF82A013291575F726F6364317F1C5A9B37F73B5E5830286AB3823E |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L.....oS.................`...*......Z3.......p....@ |
Icon Hash: | 4975784d4f49613b |
Entrypoint: | 0x40335a |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x536FD79B [Sun May 11 20:03:39 2014 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | e221f4f7d36469d53810a4b5f9fc8966 |
Signature Valid: | false |
Signature Issuer: | CN=Bedyrelserne, O=Bedyrelserne, L=Digne-les-Bains, C=FR |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 85F3BBB62036402FF36E1128FB3D8107 |
Thumbprint SHA-1: | 8701ACC0AA00C95218234E53568933E79BEDFECE |
Thumbprint SHA-256: | A551FF79E19AF7881A8BBD33B3ED54C0D737B5DADACD1E5B7BE771B27C739712 |
Serial: | 590ECF4911EDE00D44E5D1250CB96FC4C625C4B8 |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push ebp |
push esi |
push edi |
push 00000020h |
xor ebp, ebp |
pop esi |
mov dword ptr [esp+14h], ebp |
mov dword ptr [esp+10h], 00409230h |
mov dword ptr [esp+1Ch], ebp |
call dword ptr [00407034h] |
push 00008001h |
call dword ptr [004070BCh] |
push ebp |
call dword ptr [004072ACh] |
push 00000008h |
mov dword ptr [00429298h], eax |
call 00007F40ACD59B1Ch |
mov dword ptr [004291E4h], eax |
push ebp |
lea eax, dword ptr [esp+34h] |
push 000002B4h |
push eax |
push ebp |
push 00420690h |
call dword ptr [0040717Ch] |
push 0040937Ch |
push 004281E0h |
call 00007F40ACD59787h |
call dword ptr [00407134h] |
mov ebx, 00434000h |
push eax |
push ebx |
call 00007F40ACD59775h |
push ebp |
call dword ptr [0040710Ch] |
cmp word ptr [00434000h], 0022h |
mov dword ptr [004291E0h], eax |
mov eax, ebx |
jne 00007F40ACD56C6Ah |
push 00000022h |
mov eax, 00434002h |
pop esi |
push esi |
push eax |
call 00007F40ACD591C6h |
push eax |
call dword ptr [00407240h] |
mov dword ptr [esp+18h], eax |
jmp 00007F40ACD56D2Eh |
push 00000020h |
pop edx |
cmp cx, dx |
jne 00007F40ACD56C69h |
inc eax |
inc eax |
cmp word ptr [eax], dx |
je 00007F40ACD56C5Bh |
add word ptr [eax], 0000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7494 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x53000 | 0x28c48 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xccce8 | 0x21f8 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x2b8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5e68 | 0x6000 | 2f6554958e1a5093777de617d6e0bffc | False | 0.6566162109375 | data | 6.419811957742583 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x1354 | 0x1400 | 2222fe44ebbadbc32af32dfc9c88e48e | False | 0.4306640625 | data | 5.037511188789184 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x202d8 | 0x600 | 9587277f9a9b39e2caf86eae07909d87 | False | 0.4733072916666667 | data | 3.757932017065988 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x2a000 | 0x29000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x53000 | 0x28c48 | 0x28e00 | 59d6061d9f9f5498351e74e1e9b8c526 | False | 0.4770761659021407 | data | 5.198121069162778 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_BITMAP | 0x53400 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
RT_ICON | 0x53768 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536 | English | United States | 0.4562433455577901 |
RT_ICON | 0x63f90 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 36864 | English | United States | 0.4870191297035947 |
RT_ICON | 0x6d438 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 20736 | English | United States | 0.5106746765249538 |
RT_ICON | 0x728c0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384 | English | United States | 0.5217879074161549 |
RT_ICON | 0x76ae8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | English | United States | 0.5518672199170125 |
RT_ICON | 0x79090 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | English | United States | 0.6116322701688556 |
RT_ICON | 0x7a138 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | English | United States | 0.6635245901639344 |
RT_ICON | 0x7aac0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | English | United States | 0.7340425531914894 |
RT_DIALOG | 0x7af28 | 0x144 | data | English | United States | 0.5216049382716049 |
RT_DIALOG | 0x7b070 | 0x13c | data | English | United States | 0.5506329113924051 |
RT_DIALOG | 0x7b1b0 | 0x120 | data | English | United States | 0.5173611111111112 |
RT_DIALOG | 0x7b2d0 | 0x11c | data | English | United States | 0.6056338028169014 |
RT_DIALOG | 0x7b3f0 | 0xc4 | data | English | United States | 0.5918367346938775 |
RT_DIALOG | 0x7b4b8 | 0x60 | data | English | United States | 0.7291666666666666 |
RT_GROUP_ICON | 0x7b518 | 0x76 | data | English | United States | 0.7542372881355932 |
RT_VERSION | 0x7b590 | 0x3ac | data | English | United States | 0.4521276595744681 |
RT_MANIFEST | 0x7b940 | 0x305 | XML 1.0 document, ASCII text, with very long lines (773), with no line terminators | English | United States | 0.5614489003880984 |
DLL | Import |
---|---|
KERNEL32.dll | CompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte |
USER32.dll | EndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
ADVAPI32.dll | RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize |
VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-11-12T07:36:32.879752+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 52.149.20.212 | 443 | 192.168.2.8 | 49706 | TCP |
2024-11-12T07:36:47.682495+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49715 | 193.122.130.0 | 80 | TCP |
2024-11-12T07:36:48.280641+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49715 | 193.122.130.0 | 80 | TCP |
2024-11-12T07:36:49.593155+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49715 | 193.122.130.0 | 80 | TCP |
2024-11-12T07:36:50.311923+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.8 | 49717 | 188.114.96.3 | 443 | TCP |
2024-11-12T07:36:51.686922+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49718 | 193.122.130.0 | 80 | TCP |
2024-11-12T07:36:52.391719+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.8 | 49719 | 188.114.96.3 | 443 | TCP |
2024-11-12T07:37:12.770892+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 52.149.20.212 | 443 | 192.168.2.8 | 49732 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 12, 2024 07:36:44.717053890 CET | 49715 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:44.722009897 CET | 80 | 49715 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:44.722080946 CET | 49715 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:44.722284079 CET | 49715 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:44.727091074 CET | 80 | 49715 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:45.402075052 CET | 80 | 49715 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:45.417691946 CET | 49715 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:45.422462940 CET | 80 | 49715 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:47.658318043 CET | 80 | 49715 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:47.682495117 CET | 49715 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:47.687263966 CET | 80 | 49715 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:48.225405931 CET | 80 | 49715 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:48.280641079 CET | 49715 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:48.553524971 CET | 49716 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:48.553554058 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:48.553627968 CET | 49716 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:48.556220055 CET | 49716 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:48.556241035 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:49.159504890 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:49.159663916 CET | 49716 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:49.163140059 CET | 49716 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:49.163151979 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:49.163546085 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:49.168298960 CET | 49716 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:49.211333990 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:49.372411966 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:49.372477055 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:49.372725010 CET | 49716 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:49.376367092 CET | 49716 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:49.381944895 CET | 49715 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:49.386667013 CET | 80 | 49715 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:49.542319059 CET | 80 | 49715 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:49.544523001 CET | 49717 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:49.544550896 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:49.544629097 CET | 49717 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:49.544976950 CET | 49717 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:49.544986963 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:49.593154907 CET | 49715 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:49.772830009 CET | 80 | 49715 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:49.772902012 CET | 49715 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:50.166886091 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:50.169265985 CET | 49717 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:50.169285059 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:50.311671972 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:50.311779976 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:50.311834097 CET | 49717 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:50.312345028 CET | 49717 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:50.315977097 CET | 49715 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:50.317079067 CET | 49718 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:50.321166039 CET | 80 | 49715 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:50.321254969 CET | 49715 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:50.321928978 CET | 80 | 49718 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:50.322000027 CET | 49718 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:50.322083950 CET | 49718 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:50.326889038 CET | 80 | 49718 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:51.645483017 CET | 80 | 49718 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:51.646617889 CET | 49719 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:51.646661997 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:51.646737099 CET | 49719 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:51.646949053 CET | 49719 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:51.646960974 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:51.686922073 CET | 49718 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:52.251847982 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:52.253742933 CET | 49719 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:52.253762007 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:52.391729116 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:52.391799927 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:52.391866922 CET | 49719 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:52.392374992 CET | 49719 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:52.397572041 CET | 49720 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:52.402369976 CET | 80 | 49720 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:52.402575016 CET | 49720 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:52.402673006 CET | 49720 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:52.407494068 CET | 80 | 49720 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:53.094225883 CET | 80 | 49720 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:53.095655918 CET | 49721 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:53.095702887 CET | 443 | 49721 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:53.095827103 CET | 49721 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:53.096111059 CET | 49721 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:53.096118927 CET | 443 | 49721 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:53.140062094 CET | 49720 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:53.703167915 CET | 443 | 49721 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:53.704869986 CET | 49721 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:53.704895020 CET | 443 | 49721 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:53.848361969 CET | 443 | 49721 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:53.848434925 CET | 443 | 49721 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:53.848485947 CET | 49721 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:53.848997116 CET | 49721 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:53.852669001 CET | 49720 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:53.853851080 CET | 49722 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:53.857697964 CET | 80 | 49720 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:53.857781887 CET | 49720 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:53.858782053 CET | 80 | 49722 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:53.858850002 CET | 49722 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:53.858944893 CET | 49722 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:53.863661051 CET | 80 | 49722 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:54.510622978 CET | 80 | 49722 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:54.512037039 CET | 49723 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:54.512092113 CET | 443 | 49723 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:54.512190104 CET | 49723 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:54.512447119 CET | 49723 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:54.512454987 CET | 443 | 49723 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:54.561873913 CET | 49722 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:55.115391970 CET | 443 | 49723 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:55.117129087 CET | 49723 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:55.117147923 CET | 443 | 49723 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:55.255525112 CET | 443 | 49723 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:55.255582094 CET | 443 | 49723 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:55.255637884 CET | 49723 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:55.256084919 CET | 49723 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:55.259562016 CET | 49722 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:55.260620117 CET | 49724 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:55.264617920 CET | 80 | 49722 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:55.264691114 CET | 49722 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:55.265510082 CET | 80 | 49724 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:55.265571117 CET | 49724 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:55.265676975 CET | 49724 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:55.270432949 CET | 80 | 49724 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:56.994812012 CET | 80 | 49724 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:56.996154070 CET | 49725 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:56.996191025 CET | 443 | 49725 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:56.996279001 CET | 49725 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:56.996551991 CET | 49725 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:56.996562958 CET | 443 | 49725 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:57.046325922 CET | 49724 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:57.612670898 CET | 443 | 49725 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:57.614273071 CET | 49725 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:57.614295959 CET | 443 | 49725 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:57.756067991 CET | 443 | 49725 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:57.756124020 CET | 443 | 49725 | 188.114.96.3 | 192.168.2.8 |
Nov 12, 2024 07:36:57.756176949 CET | 49725 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:57.756611109 CET | 49725 | 443 | 192.168.2.8 | 188.114.96.3 |
Nov 12, 2024 07:36:57.764748096 CET | 49726 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:57.764807940 CET | 49724 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:57.769526958 CET | 80 | 49726 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:57.769620895 CET | 49726 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:57.769855022 CET | 80 | 49724 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:36:57.769925117 CET | 49724 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:57.775499105 CET | 49726 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:36:57.780468941 CET | 80 | 49726 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:37:00.246047974 CET | 80 | 49726 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:37:00.254535913 CET | 49727 | 443 | 192.168.2.8 | 188.114.97.3 |
Nov 12, 2024 07:37:00.254576921 CET | 443 | 49727 | 188.114.97.3 | 192.168.2.8 |
Nov 12, 2024 07:37:00.254645109 CET | 49727 | 443 | 192.168.2.8 | 188.114.97.3 |
Nov 12, 2024 07:37:00.255064011 CET | 49727 | 443 | 192.168.2.8 | 188.114.97.3 |
Nov 12, 2024 07:37:00.255078077 CET | 443 | 49727 | 188.114.97.3 | 192.168.2.8 |
Nov 12, 2024 07:37:00.296282053 CET | 49726 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:37:00.858588934 CET | 443 | 49727 | 188.114.97.3 | 192.168.2.8 |
Nov 12, 2024 07:37:00.860300064 CET | 49727 | 443 | 192.168.2.8 | 188.114.97.3 |
Nov 12, 2024 07:37:00.860327959 CET | 443 | 49727 | 188.114.97.3 | 192.168.2.8 |
Nov 12, 2024 07:37:01.003581047 CET | 443 | 49727 | 188.114.97.3 | 192.168.2.8 |
Nov 12, 2024 07:37:01.003653049 CET | 443 | 49727 | 188.114.97.3 | 192.168.2.8 |
Nov 12, 2024 07:37:01.003726959 CET | 49727 | 443 | 192.168.2.8 | 188.114.97.3 |
Nov 12, 2024 07:37:01.004162073 CET | 49727 | 443 | 192.168.2.8 | 188.114.97.3 |
Nov 12, 2024 07:37:01.007788897 CET | 49726 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:37:01.009002924 CET | 49728 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:37:01.012801886 CET | 80 | 49726 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:37:01.012877941 CET | 49726 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:37:01.013813019 CET | 80 | 49728 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:37:01.013878107 CET | 49728 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:37:01.014020920 CET | 49728 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:37:01.018755913 CET | 80 | 49728 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:37:02.744673014 CET | 80 | 49728 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:37:02.746474981 CET | 49729 | 443 | 192.168.2.8 | 188.114.97.3 |
Nov 12, 2024 07:37:02.746507883 CET | 443 | 49729 | 188.114.97.3 | 192.168.2.8 |
Nov 12, 2024 07:37:02.746613979 CET | 49729 | 443 | 192.168.2.8 | 188.114.97.3 |
Nov 12, 2024 07:37:02.746942997 CET | 49729 | 443 | 192.168.2.8 | 188.114.97.3 |
Nov 12, 2024 07:37:02.746961117 CET | 443 | 49729 | 188.114.97.3 | 192.168.2.8 |
Nov 12, 2024 07:37:02.796297073 CET | 49728 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:37:03.346960068 CET | 443 | 49729 | 188.114.97.3 | 192.168.2.8 |
Nov 12, 2024 07:37:03.348629951 CET | 49729 | 443 | 192.168.2.8 | 188.114.97.3 |
Nov 12, 2024 07:37:03.348649979 CET | 443 | 49729 | 188.114.97.3 | 192.168.2.8 |
Nov 12, 2024 07:37:03.489451885 CET | 443 | 49729 | 188.114.97.3 | 192.168.2.8 |
Nov 12, 2024 07:37:03.489527941 CET | 443 | 49729 | 188.114.97.3 | 192.168.2.8 |
Nov 12, 2024 07:37:03.489578009 CET | 49729 | 443 | 192.168.2.8 | 188.114.97.3 |
Nov 12, 2024 07:37:03.489996910 CET | 49729 | 443 | 192.168.2.8 | 188.114.97.3 |
Nov 12, 2024 07:37:03.508493900 CET | 49728 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:37:03.513523102 CET | 80 | 49728 | 193.122.130.0 | 192.168.2.8 |
Nov 12, 2024 07:37:03.513575077 CET | 49728 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:37:03.519639969 CET | 49730 | 443 | 192.168.2.8 | 149.154.167.220 |
Nov 12, 2024 07:37:03.519681931 CET | 443 | 49730 | 149.154.167.220 | 192.168.2.8 |
Nov 12, 2024 07:37:03.519764900 CET | 49730 | 443 | 192.168.2.8 | 149.154.167.220 |
Nov 12, 2024 07:37:03.520170927 CET | 49730 | 443 | 192.168.2.8 | 149.154.167.220 |
Nov 12, 2024 07:37:03.520184994 CET | 443 | 49730 | 149.154.167.220 | 192.168.2.8 |
Nov 12, 2024 07:37:04.366983891 CET | 443 | 49730 | 149.154.167.220 | 192.168.2.8 |
Nov 12, 2024 07:37:04.367146015 CET | 49730 | 443 | 192.168.2.8 | 149.154.167.220 |
Nov 12, 2024 07:37:04.369152069 CET | 49730 | 443 | 192.168.2.8 | 149.154.167.220 |
Nov 12, 2024 07:37:04.369178057 CET | 443 | 49730 | 149.154.167.220 | 192.168.2.8 |
Nov 12, 2024 07:37:04.369440079 CET | 443 | 49730 | 149.154.167.220 | 192.168.2.8 |
Nov 12, 2024 07:37:04.370928049 CET | 49730 | 443 | 192.168.2.8 | 149.154.167.220 |
Nov 12, 2024 07:37:04.415342093 CET | 443 | 49730 | 149.154.167.220 | 192.168.2.8 |
Nov 12, 2024 07:37:04.603197098 CET | 443 | 49730 | 149.154.167.220 | 192.168.2.8 |
Nov 12, 2024 07:37:04.603272915 CET | 443 | 49730 | 149.154.167.220 | 192.168.2.8 |
Nov 12, 2024 07:37:04.603337049 CET | 49730 | 443 | 192.168.2.8 | 149.154.167.220 |
Nov 12, 2024 07:37:04.603852034 CET | 49730 | 443 | 192.168.2.8 | 149.154.167.220 |
Nov 12, 2024 07:37:10.236033916 CET | 49718 | 80 | 192.168.2.8 | 193.122.130.0 |
Nov 12, 2024 07:37:10.559000015 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:37:10.563882113 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:10.564011097 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:37:11.544866085 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:11.545109987 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:37:11.549978971 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:11.808736086 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:11.809822083 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:37:11.814698935 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:12.073113918 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:12.073576927 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:37:12.078522921 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:12.386077881 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:12.386405945 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:37:12.392594099 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:12.651034117 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:12.651307106 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:37:12.656174898 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:12.938110113 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:12.938277006 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:37:12.943171024 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:13.201390982 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:13.202212095 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:37:13.202358007 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:37:13.202430010 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:37:13.202430010 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:37:13.207062006 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:13.207108021 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:13.207223892 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:13.207384109 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:13.207395077 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:13.806675911 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:37:13.858788967 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:38:50.484103918 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:38:50.488924026 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:38:50.947993040 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:38:50.948240042 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Nov 12, 2024 07:38:50.953289986 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 |
Nov 12, 2024 07:38:50.953533888 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 12, 2024 07:36:39.546437025 CET | 63284 | 53 | 192.168.2.8 | 1.1.1.1 |
Nov 12, 2024 07:36:40.738440990 CET | 51494 | 53 | 192.168.2.8 | 1.1.1.1 |
Nov 12, 2024 07:36:44.697698116 CET | 53694 | 53 | 192.168.2.8 | 1.1.1.1 |
Nov 12, 2024 07:36:44.704377890 CET | 53 | 53694 | 1.1.1.1 | 192.168.2.8 |
Nov 12, 2024 07:36:48.542031050 CET | 50867 | 53 | 192.168.2.8 | 1.1.1.1 |
Nov 12, 2024 07:36:48.549071074 CET | 53 | 50867 | 1.1.1.1 | 192.168.2.8 |
Nov 12, 2024 07:37:00.247168064 CET | 65429 | 53 | 192.168.2.8 | 1.1.1.1 |
Nov 12, 2024 07:37:00.253770113 CET | 53 | 65429 | 1.1.1.1 | 192.168.2.8 |
Nov 12, 2024 07:37:03.509319067 CET | 58379 | 53 | 192.168.2.8 | 1.1.1.1 |
Nov 12, 2024 07:37:03.518946886 CET | 53 | 58379 | 1.1.1.1 | 192.168.2.8 |
Nov 12, 2024 07:37:10.467545033 CET | 62907 | 53 | 192.168.2.8 | 1.1.1.1 |
Nov 12, 2024 07:37:10.557713032 CET | 53 | 62907 | 1.1.1.1 | 192.168.2.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 12, 2024 07:36:39.546437025 CET | 192.168.2.8 | 1.1.1.1 | 0x47fd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 12, 2024 07:36:40.738440990 CET | 192.168.2.8 | 1.1.1.1 | 0x2133 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 12, 2024 07:36:44.697698116 CET | 192.168.2.8 | 1.1.1.1 | 0x976b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 12, 2024 07:36:48.542031050 CET | 192.168.2.8 | 1.1.1.1 | 0xb076 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 12, 2024 07:37:00.247168064 CET | 192.168.2.8 | 1.1.1.1 | 0xb7e9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 12, 2024 07:37:03.509319067 CET | 192.168.2.8 | 1.1.1.1 | 0x42a1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 12, 2024 07:37:10.467545033 CET | 192.168.2.8 | 1.1.1.1 | 0xe450 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 12, 2024 07:36:39.553090096 CET | 1.1.1.1 | 192.168.2.8 | 0x47fd | No error (0) | common-afdrk.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 12, 2024 07:36:39.553090096 CET | 1.1.1.1 | 192.168.2.8 | 0x47fd | No error (0) | odc-commonafdrk-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 12, 2024 07:36:40.788109064 CET | 1.1.1.1 | 192.168.2.8 | 0x2133 | No error (0) | dm-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 12, 2024 07:36:40.788109064 CET | 1.1.1.1 | 192.168.2.8 | 0x2133 | No error (0) | odc-dm-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 12, 2024 07:36:44.704377890 CET | 1.1.1.1 | 192.168.2.8 | 0x976b | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 12, 2024 07:36:44.704377890 CET | 1.1.1.1 | 192.168.2.8 | 0x976b | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Nov 12, 2024 07:36:44.704377890 CET | 1.1.1.1 | 192.168.2.8 | 0x976b | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Nov 12, 2024 07:36:44.704377890 CET | 1.1.1.1 | 192.168.2.8 | 0x976b | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Nov 12, 2024 07:36:44.704377890 CET | 1.1.1.1 | 192.168.2.8 | 0x976b | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Nov 12, 2024 07:36:44.704377890 CET | 1.1.1.1 | 192.168.2.8 | 0x976b | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Nov 12, 2024 07:36:48.549071074 CET | 1.1.1.1 | 192.168.2.8 | 0xb076 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Nov 12, 2024 07:36:48.549071074 CET | 1.1.1.1 | 192.168.2.8 | 0xb076 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Nov 12, 2024 07:37:00.253770113 CET | 1.1.1.1 | 192.168.2.8 | 0xb7e9 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Nov 12, 2024 07:37:00.253770113 CET | 1.1.1.1 | 192.168.2.8 | 0xb7e9 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Nov 12, 2024 07:37:03.518946886 CET | 1.1.1.1 | 192.168.2.8 | 0x42a1 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
Nov 12, 2024 07:37:10.557713032 CET | 1.1.1.1 | 192.168.2.8 | 0xe450 | No error (0) | foodex.com.pk | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 12, 2024 07:37:10.557713032 CET | 1.1.1.1 | 192.168.2.8 | 0xe450 | No error (0) | 37.27.123.72 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.8 | 49715 | 193.122.130.0 | 80 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 12, 2024 07:36:44.722284079 CET | 151 | OUT | |
Nov 12, 2024 07:36:45.402075052 CET | 323 | IN | |
Nov 12, 2024 07:36:45.417691946 CET | 127 | OUT | |
Nov 12, 2024 07:36:47.658318043 CET | 730 | IN | |
Nov 12, 2024 07:36:47.682495117 CET | 127 | OUT | |
Nov 12, 2024 07:36:48.225405931 CET | 323 | IN | |
Nov 12, 2024 07:36:49.381944895 CET | 127 | OUT | |
Nov 12, 2024 07:36:49.542319059 CET | 323 | IN | |
Nov 12, 2024 07:36:49.772830009 CET | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.8 | 49718 | 193.122.130.0 | 80 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 12, 2024 07:36:50.322083950 CET | 127 | OUT | |
Nov 12, 2024 07:36:51.645483017 CET | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.8 | 49720 | 193.122.130.0 | 80 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 12, 2024 07:36:52.402673006 CET | 151 | OUT | |
Nov 12, 2024 07:36:53.094225883 CET | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.8 | 49722 | 193.122.130.0 | 80 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 12, 2024 07:36:53.858944893 CET | 151 | OUT | |
Nov 12, 2024 07:36:54.510622978 CET | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.8 | 49724 | 193.122.130.0 | 80 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 12, 2024 07:36:55.265676975 CET | 151 | OUT | |
Nov 12, 2024 07:36:56.994812012 CET | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.8 | 49726 | 193.122.130.0 | 80 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 12, 2024 07:36:57.775499105 CET | 151 | OUT | |
Nov 12, 2024 07:37:00.246047974 CET | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.8 | 49728 | 193.122.130.0 | 80 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 12, 2024 07:37:01.014020920 CET | 151 | OUT | |
Nov 12, 2024 07:37:02.744673014 CET | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.8 | 49716 | 188.114.96.3 | 443 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-12 06:36:49 UTC | 87 | OUT | |
2024-11-12 06:36:49 UTC | 854 | IN | |
2024-11-12 06:36:49 UTC | 359 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.8 | 49717 | 188.114.96.3 | 443 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-12 06:36:50 UTC | 63 | OUT | |
2024-11-12 06:36:50 UTC | 846 | IN | |
2024-11-12 06:36:50 UTC | 359 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.8 | 49719 | 188.114.96.3 | 443 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-12 06:36:52 UTC | 63 | OUT | |
2024-11-12 06:36:52 UTC | 852 | IN | |
2024-11-12 06:36:52 UTC | 359 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.8 | 49721 | 188.114.96.3 | 443 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-12 06:36:53 UTC | 87 | OUT | |
2024-11-12 06:36:53 UTC | 856 | IN | |
2024-11-12 06:36:53 UTC | 359 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.8 | 49723 | 188.114.96.3 | 443 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-12 06:36:55 UTC | 87 | OUT | |
2024-11-12 06:36:55 UTC | 856 | IN | |
2024-11-12 06:36:55 UTC | 359 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.8 | 49725 | 188.114.96.3 | 443 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-12 06:36:57 UTC | 87 | OUT | |
2024-11-12 06:36:57 UTC | 852 | IN | |
2024-11-12 06:36:57 UTC | 359 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.8 | 49727 | 188.114.97.3 | 443 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-12 06:37:00 UTC | 87 | OUT | |
2024-11-12 06:37:01 UTC | 856 | IN | |
2024-11-12 06:37:01 UTC | 359 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.8 | 49729 | 188.114.97.3 | 443 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-12 06:37:03 UTC | 87 | OUT | |
2024-11-12 06:37:03 UTC | 864 | IN | |
2024-11-12 06:37:03 UTC | 359 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.8 | 49730 | 149.154.167.220 | 443 | 5916 | C:\Users\user\Desktop\________.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-12 06:37:04 UTC | 349 | OUT | |
2024-11-12 06:37:04 UTC | 344 | IN | |
2024-11-12 06:37:04 UTC | 55 | IN |
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Nov 12, 2024 07:37:11.544866085 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 | 220-server42.hndservers.net ESMTP Exim 4.98 #2 Tue, 12 Nov 2024 11:37:11 +0500 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Nov 12, 2024 07:37:11.545109987 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 | EHLO 141700 |
Nov 12, 2024 07:37:11.808736086 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 | 250-server42.hndservers.net Hello 141700 [173.254.250.68] 250-SIZE 104857600 250-LIMITS MAILMAX=1000 RCPTMAX=50000 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP |
Nov 12, 2024 07:37:11.809822083 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 | AUTH login d2FqYWhhdEBmb29kZXguY29tLnBr |
Nov 12, 2024 07:37:12.073113918 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 | 334 UGFzc3dvcmQ6 |
Nov 12, 2024 07:37:12.386077881 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 | 235 Authentication succeeded |
Nov 12, 2024 07:37:12.386405945 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 | MAIL FROM:<wajahat@foodex.com.pk> |
Nov 12, 2024 07:37:12.651034117 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 | 250 OK |
Nov 12, 2024 07:37:12.651307106 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 | RCPT TO:<millions1000@proton.me> |
Nov 12, 2024 07:37:12.938110113 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 | 250 Accepted |
Nov 12, 2024 07:37:12.938277006 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 | DATA |
Nov 12, 2024 07:37:13.201390982 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 | 354 Enter message, ending with "." on a line by itself |
Nov 12, 2024 07:37:13.202430010 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 | . |
Nov 12, 2024 07:37:13.806675911 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 | 250 OK id=1tAkWX-0000000EDpY-12X2 |
Nov 12, 2024 07:38:50.484103918 CET | 49731 | 587 | 192.168.2.8 | 37.27.123.72 | QUIT |
Nov 12, 2024 07:38:50.947993040 CET | 587 | 49731 | 37.27.123.72 | 192.168.2.8 | 221 server42.hndservers.net closing connection |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 01:36:16 |
Start date: | 12/11/2024 |
Path: | C:\Users\user\Desktop\________.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 847'584 bytes |
MD5 hash: | 89B3B4723EA3983FC0F103EAF3093EDC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 01:36:30 |
Start date: | 12/11/2024 |
Path: | C:\Users\user\Desktop\________.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 847'584 bytes |
MD5 hash: | 89B3B4723EA3983FC0F103EAF3093EDC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 19.5% |
Dynamic/Decrypted Code Coverage: | 15.2% |
Signature Coverage: | 19% |
Total number of Nodes: | 1504 |
Total number of Limit Nodes: | 46 |
Graph
Function 0040335A Relevance: 75.6, APIs: 27, Strings: 16, Instructions: 335stringfilecomCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404B10 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405F0C Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207stringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405772 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040653F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004038B4 Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 216stringregistrylibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402DBC Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401752 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040317D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402331 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405DB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405108 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405665 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406974 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406B75 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040688B Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406390 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004067DE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004068FC Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406848 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401F98 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401B22 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10002868 Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405B56 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405B31 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402253 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405BD9 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000278D Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402295 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404164 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040330F Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004052D3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004045CA Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 269stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402770 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004042CC Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405C08 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 136stringmemoryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004024EE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404196 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402573 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404A5E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000248D Relevance: 9.1, APIs: 6, Instructions: 108COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100018C1 Relevance: 7.7, APIs: 5, Instructions: 190COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10001617 Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404978 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405935 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405981 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405ABB Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 8.5% |
Total number of Nodes: | 130 |
Total number of Limit Nodes: | 14 |
Graph
Function 32D45290 Relevance: 4.3, Strings: 1, Instructions: 3069COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F05B48 Relevance: 1.6, Strings: 1, Instructions: 300COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E98FB0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F03238 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F03227 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015AA78 Relevance: .9, Instructions: 862COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F2D0D0 Relevance: .7, Instructions: 745COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001529E0 Relevance: .7, Instructions: 685COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F2E808 Relevance: .7, Instructions: 677COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D49590 Relevance: .5, Instructions: 531COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001577A0 Relevance: .5, Instructions: 514COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015C5C0 Relevance: .3, Instructions: 347COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00157F18 Relevance: .3, Instructions: 328COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E97B78 Relevance: .3, Instructions: 296COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F31828 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F061E8 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E90040 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4E068 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D42970 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 360B3E60 Relevance: .3, Instructions: 251COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 360B3E70 Relevance: .2, Instructions: 247COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D42288 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D42DD0 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D42DC3 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D41BA8 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D43116 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F26A80 Relevance: .2, Instructions: 200COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F37FA8 Relevance: .2, Instructions: 200COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F3F988 Relevance: .2, Instructions: 200COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F3F668 Relevance: .2, Instructions: 200COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00155968 Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015CA58 Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015CD28 Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015D2CD Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00155370 Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015D599 Relevance: .2, Instructions: 185COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015CFF7 Relevance: .2, Instructions: 185COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F2D0C0 Relevance: .2, Instructions: 181COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D41B97 Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015C788 Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F2E7FB Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015EC18 Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015EC0C Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F05B37 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D42278 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F3F659 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F31818 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4E059 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F061D8 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F37F99 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F26A6F Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F2CDC1 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F3F97A Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F26D90 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F31CDF Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F37D12 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F061A9 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 360BB812 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 360BB820 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3672B9D8 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 367268A4 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 367268B0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 36725D14 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 360BBA60 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 360BBA68 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3672B3B0 Relevance: 1.6, APIs: 1, Instructions: 50comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 3672A550 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D43CC0 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F2F4F7 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F2F508 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00152790 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00158E88 Relevance: .7, Instructions: 670COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015E2A8 Relevance: .6, Instructions: 647COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00150CA0 Relevance: .5, Instructions: 539COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015BAA8 Relevance: .4, Instructions: 407COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D44258 Relevance: .4, Instructions: 396COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015871D Relevance: .3, Instructions: 330COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00156930 Relevance: .3, Instructions: 329COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00156E90 Relevance: .2, Instructions: 230COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015BBB0 Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D44CD0 Relevance: .2, Instructions: 212COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00158AD0 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F2CDD0 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F26DA0 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F37D20 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F31CF0 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F5AF Relevance: .2, Instructions: 154COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015D869 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001541A0 Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015ACF3 Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00155FF0 Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001598F0 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015B8E8 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00157DC8 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D449F8 Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F2DF48 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D445C1 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00156050 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D445F5 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D44B38 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015BA97 Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00158D78 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015BE98 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00156CE8 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001528F0 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0009D554 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0009D468 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000AD044 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00154285 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4489B Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D49B94 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F4D0 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00156CF8 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015ADD8 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D44E68 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001527F0 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0009D54F Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0009D463 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F4E0 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000AD03F Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D44C48 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015688F Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F2E5A3 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D43250 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015ABA1 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D43260 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D448A8 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015EB79 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D44F00 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F2E518 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F2E050 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F2E060 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D44BF8 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4474B Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001528B0 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001528AB Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D44CA8 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015712F Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015B99D Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00157140 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9C5E8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9E5D8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9B3A8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9F388 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9D398 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9E148 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9C158 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9CF08 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9AF18 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9EEF8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9BCC8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9DCB8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9EA68 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9CA78 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9D828 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9B838 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9F818 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F00DF0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F01FF8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F03FE8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F004D0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F036C8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F056B8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F02DA8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F04D98 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F01280 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F02488 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F04478 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D40B30 Relevance: .7, Instructions: 709COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D40040 Relevance: .6, Instructions: 596COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F309D0 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F31360 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F30508 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F30E98 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F30040 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F08CF0 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F0B7F8 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F0CFE0 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F0FAE8 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F079D0 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F0A4D8 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F0BCC0 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F0E7C8 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F066B0 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F091B8 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F0A9A0 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F0D4A8 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F0EC90 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F07E98 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F09680 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F0C188 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35F0D970 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E915F8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E95BD8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E911A0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E92BB0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E95780 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E90D48 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E92758 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E95328 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E97720 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E92300 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E908F0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E972C8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E94ED0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E91EA8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E96488 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E90498 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E93460 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E94A78 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E96E70 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E91A50 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E94620 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E96030 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E96A18 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4FA78 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4F620 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4D7B8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4D360 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4CF08 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4E4C0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4DC10 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4F1C8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4ED70 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 32D4E918 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F804 Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9308D Relevance: .2, Instructions: 230COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 360B0A10 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F3B8 Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F150 Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 360B09E1 Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0015F33C Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 35E9ACBC Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 360B0D26 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00151A18 Relevance: 5.1, Strings: 4, Instructions: 119COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|