Windows
Analysis Report
vQu0zndLpi.dll
Overview
General Information
Sample name: | vQu0zndLpi.dll (renamed file extension from exe to dll, renamed because original name is a hash value) |
Original sample name: | bef34611564f850070ab13288c6d52de24fbcfc2ede9323eb675d32a31413f18.dll.exe |
Analysis ID: | 1572522 |
MD5: | 6b0b96b6ec7950943213da4f98fab1c7 |
SHA1: | 502b8b7c5888b476365345d029df4f1d80c381c2 |
SHA256: | bef34611564f850070ab13288c6d52de24fbcfc2ede9323eb675d32a31413f18 |
Tags: | 45-66-248-99exenembo81pruser-JAMESWT_MHT |
Infos: | |
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll64.exe (PID: 6464 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\vQu 0zndLpi.dl l" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52) - conhost.exe (PID: 6460 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6552 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\vQu 0zndLpi.dl l",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - rundll32.exe (PID: 404 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vQu0 zndLpi.dll ",#1 MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 3708 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 4 04 -s 464 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 776 cmdline:
rundll32.e xe C:\User s\user\Des ktop\vQu0z ndLpi.dll, xtart MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 504 cmdline:
rundll32.e xe C:\User s\user\Des ktop\vQu0z ndLpi.dll, start MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 6368 cmdline:
rundll32.e xe C:\User s\user\App Data\Local \Temp/tmpf 193.dll,ru n C:\Users \user\Desk top\vQu0zn dLpi.dll MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 3060 cmdline:
rundll32.e xe C:\User s\user\Des ktop\vQu0z ndLpi.dll, DllWinMain MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 280 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vQu0 zndLpi.dll ",xtart MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 6120 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vQu0 zndLpi.dll ",start MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 5936 cmdline:
rundll32.e xe C:\User s\user\App Data\Local \Temp/tmpf 193.dll,ru n C:\Users \user\Desk top\vQu0zn dLpi.dll MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 6052 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vQu0 zndLpi.dll ",DllWinMa in MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 5764 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vQu0 zndLpi.dll ",UnInstal l MD5: EF3179D498793BF4234F708D3BE28633)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Network Connect: | Jump to behavior |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 9_2_000001F8D4A83C80 |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Code function: | 4_2_00007FFDA36A3AF0 | |
Source: | Code function: | 4_2_00007FFDA363A3C0 | |
Source: | Code function: | 4_2_00007FFDA36AC360 | |
Source: | Code function: | 4_2_00007FFDA36743E0 | |
Source: | Code function: | 4_2_00007FFDA365A320 | |
Source: | Code function: | 4_2_00007FFDA3646310 | |
Source: | Code function: | 4_2_00007FFDA36491D7 | |
Source: | Code function: | 4_2_00007FFDA368C190 | |
Source: | Code function: | 4_2_00007FFDA36C4248 | |
Source: | Code function: | 4_2_00007FFDA367B0B0 | |
Source: | Code function: | 4_2_00007FFDA3688150 | |
Source: | Code function: | 4_2_00007FFDA36830E0 | |
Source: | Code function: | 4_2_00007FFDA36887C0 | |
Source: | Code function: | 4_2_00007FFDA366B7A0 | |
Source: | Code function: | 4_2_00007FFDA367A820 | |
Source: | Code function: | 4_2_00007FFDA36237E0 | |
Source: | Code function: | 4_2_00007FFDA36BE6DC | |
Source: | Code function: | 4_2_00007FFDA36626D0 | |
Source: | Code function: | 4_2_00007FFDA36766C0 | |
Source: | Code function: | 4_2_00007FFDA3639750 | |
Source: | Code function: | 4_2_00007FFDA3687700 | |
Source: | Code function: | 4_2_00007FFDA36AC5C8 | |
Source: | Code function: | 4_2_00007FFDA363F5B0 | |
Source: | Code function: | 4_2_00007FFDA3653590 | |
Source: | Code function: | 4_2_00007FFDA3673600 | |
Source: | Code function: | 4_2_00007FFDA3650530 | |
Source: | Code function: | 4_2_00007FFDA36764F0 | |
Source: | Code function: | 4_2_00007FFDA3665C50 | |
Source: | Code function: | 4_2_00007FFDA36B5C40 | |
Source: | Code function: | 4_2_00007FFDA3688C00 | |
Source: | Code function: | 4_2_00007FFDA3673BE0 | |
Source: | Code function: | 4_2_00007FFDA36A3BE4 | |
Source: | Code function: | 4_2_00007FFDA36B8A84 | |
Source: | Code function: | 4_2_00007FFDA3646B40 | |
Source: | Code function: | 4_2_00007FFDA3638960 | |
Source: | Code function: | 4_2_00007FFDA366DA50 | |
Source: | Code function: | 4_2_00007FFDA36BDA2C | |
Source: | Code function: | 4_2_00007FFDA36859F0 | |
Source: | Code function: | 4_2_00007FFDA366F9F0 | |
Source: | Code function: | 4_2_00007FFDA367F9E0 | |
Source: | Code function: | 4_2_00007FFDA363B890 | |
Source: | Code function: | 4_2_00007FFDA367E890 | |
Source: | Code function: | 4_2_00007FFDA3668880 | |
Source: | Code function: | 4_2_00007FFDA36B7F78 | |
Source: | Code function: | 4_2_00007FFDA3673040 | |
Source: | Code function: | 4_2_00007FFDA36BD020 | |
Source: | Code function: | 4_2_00007FFDA3668010 | |
Source: | Code function: | 4_2_00007FFDA36A2FF0 | |
Source: | Code function: | 4_2_00007FFDA36BFF58 | |
Source: | Code function: | 4_2_00007FFDA36C1D90 | |
Source: | Code function: | 4_2_00007FFDA36BBE08 | |
Source: | Code function: | 4_2_00007FFDA3634D30 | |
Source: | Code function: | 9_2_000001F8D4A8826A | |
Source: | Code function: | 13_2_000001C46B8E826A |
Source: | Dropped File: |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Code function: | 4_2_00007FFDA367A4B0 |
Source: | Code function: | 4_2_00007FFDA363A3C0 |
Source: | Code function: | 4_2_00007FFDA363EA90 |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | ReversingLabs: |
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 4_2_00007FFDA36A3E90 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Source: | Code function: | 4_2_00007FFDA3678440 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 4_2_00007FFDA36A0B94 |
Source: | Code function: | 4_2_00007FFDA36A0B94 |
Source: | Code function: | 4_2_00007FFDA36A3E90 |
Source: | Code function: | 4_2_00007FFDA3621C00 |
Source: | Code function: | 4_2_00007FFDA36A9A28 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 4_2_00007FFDA3676C20 |
Source: | Code function: | 4_2_00007FFDA36763B0 |
Source: | Code function: | 4_2_00007FFDA36CA388 | |
Source: | Code function: | 4_2_00007FFDA36CA458 | |
Source: | Code function: | 4_2_00007FFDA36C06B8 | |
Source: | Code function: | 4_2_00007FFDA36C0C4C | |
Source: | Code function: | 4_2_00007FFDA36CAA74 | |
Source: | Code function: | 4_2_00007FFDA36CA898 | |
Source: | Code function: | 4_2_00007FFDA36CA038 |
Source: | Code function: | 4_2_00007FFDA36A2FA8 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 111 Process Injection | 21 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 12 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 111 Process Injection | LSASS Memory | 141 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Rundll32 | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
34% | ReversingLabs | Win64.Downloader.ZLoader |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/AVI.Agent.yfqhy | ||
83% | ReversingLabs | Win64.Trojan.Interlock |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.66.248.99 | unknown | Russian Federation | 53356 | FREERANGECLOUDCA | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1572522 |
Start date and time: | 2024-12-10 16:44:09 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | vQu0zndLpi.dll (renamed file extension from exe to dll, renamed because original name is a hash value) |
Original Sample Name: | bef34611564f850070ab13288c6d52de24fbcfc2ede9323eb675d32a31413f18.dll.exe |
Detection: | MAL |
Classification: | mal76.evad.winDLL@25/6@0/1 |
EGA Information: |
|
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.168.117.173, 40.126.32.136, 13.107.246.63, 52.149.20.212
- Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, client.wns.windows.com, ocsp.digicert.com, login.live.com, otelrules.azureedge.net, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- VT rate limit hit for: vQu0zndLpi.dll
Time | Type | Description |
---|---|---|
10:45:05 | API Interceptor | |
10:45:08 | API Interceptor | |
10:45:11 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
FREERANGECLOUDCA | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Raccoon Stealer v2 | Browse |
| ||
Get hash | malicious | PureLog Stealer, Raccoon Stealer v2, SmokeLoader | Browse |
| ||
Get hash | malicious | AsyncRAT, HTMLPhisher, Clipboard Hijacker, Phorpiex, PureLog Stealer, Raccoon Stealer v2, RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\tmpf193.dll | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_vQu_bf88271f391678879aeb028db498ef27a519745_bcdf938d_146b9252-3f35-4b96-9696-2b8d3c7bcce4\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8165978015413434 |
Encrypted: | false |
SSDEEP: | 96:AMFnF6Fi9yKynsj6s4RvFm+qlf1BQXIDcQLc6wcEicw3MXaXz+HbHgSQgJj27h83:RNKi9ynuu0l04mjOvzuiF1Z24lO8g/3 |
MD5: | 6C14B4FE0A89E3150641D45F22FDACE9 |
SHA1: | 66F34C9A841DEF3A8D2315D82720C0149602832E |
SHA-256: | 420155904420D64B2DD8D890CE5E66C0519C88802D5806CD8DACE17E93C090CE |
SHA-512: | E65C50E6DEEEF47154758FD066481CF601B97D20006205FF26642FF239B31B688BE5AAEE6C0CE6C8E97F9AFD0787141836DD7A24173BCFCA2E117C648AA35BDF |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 567610 |
Entropy (8bit): | 1.4623863133537793 |
Encrypted: | false |
SSDEEP: | 384:X/4RqW1lIYPP33qYhSkcfIBc5bgEIscmPiC/h7oRZ33sur3S8Ff0N2EdzDxo6V:yq+P33DhSkcfXDiOh7oRZ33so3KxzC6V |
MD5: | CE44B5F6E0D7197C002BA8B6CA6688AE |
SHA1: | 54D8908928A5A9D1EF5823CD9A06007305ED657A |
SHA-256: | E66C540713F1A90A81AC0A716E074DAF442852C6E8DF952D4F48F6B7F763DDC4 |
SHA-512: | 4706EC3795C94FD0C28BB47A7CDB40C5E7A93846631B8EFF40AECD22BC2044C8DFE67E28EFCFA045233A39A1A2AB9DE54C5B0D16AF7AE388388CD61DDC0B460E |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8718 |
Entropy (8bit): | 3.7044200649980454 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ2Mhu8a6YXru0gmfp9npD089bKtkfqum:R6lXJT26Yb1gmfp9TKOfa |
MD5: | 511390FE73F08A721D8EE4785721220A |
SHA1: | 38576A63AA3083939C98EFCE6DC4E8D176D9B80B |
SHA-256: | B7DAF0E1614307C8AA60247DC7C95B32BEDE2CF5DEE5105CCEDE490DF4C0EA3C |
SHA-512: | 65D74C2110863F64E5A9ED70689A8B57CB74D8B86E357F1A81F71C088B449F6C0BA99A5AFFEBAE3F01B0BEFB6E11C2EECE290F486EE829928D38DDABA74C024D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4759 |
Entropy (8bit): | 4.4863842114209485 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs9Jg771I9mCcWpW8VYjnYm8M4JCY9CY1+AK6Fgmyq85mYgAsxKxptSTz:uIjfXI7oV7VTJ7Vf2mSzRpoOud |
MD5: | 944C30509588E500A104DF50F6A108FC |
SHA1: | 49585B651B68AB9F65888AF1338C650509B55F5F |
SHA-256: | B6C143DA5EEE98D88509C1C84D83DC98A919B8487D39D2D0D133F9F61BF61967 |
SHA-512: | F254EB4DEDB4D7FEE9DC4EB98E1C45D25BA51ED9F1B59DCFD9687071C6BA8D09A8AE0A1BB711F4D390D5D96A0F31A99518BAC01433E8EDD92F9E3D7077A8030F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2560 |
Entropy (8bit): | 1.257085001705468 |
Encrypted: | false |
SSDEEP: | 12:etGSGQwU8O0ay2Y8qS6gK/H/ffk6Om2BXp:etGScU8O0ay2vqS6p/H/QvBXp |
MD5: | 634A9AF8D3F2FA0D38820D577FB0FBEB |
SHA1: | CD6E84A3C4F81FC9DF8B82449DB8B2E87130E3FD |
SHA-256: | C9920E995FBC98CD3883EF4C4520300D5E82BAB5D2A5C781E9E9FE694A43E82F |
SHA-512: | ABCA2E016FF5A53395F95BA75C96F5BFA102086E92A8E2647BD2584A75E4A81A59596848D1ABFAB8E37981A6ADB021A35074D4DC99868CC30C9C4E2A4666C50A |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.469500637909571 |
Encrypted: | false |
SSDEEP: | 6144:7zZfpi6ceLPx9skLmb0fYZWSP3aJG8nAgeiJRMMhA2zX4WABluuNMjDH5S:3ZHtYZWOKnMM6bFpaj4 |
MD5: | E33C6FCA5C006424C2D8E78B7D6F5CA9 |
SHA1: | 273A08ABD6FCE8B0A9278C0EF5E7427F934EFD91 |
SHA-256: | 80888B56AB46A9784D1713C58B51C58BE2E1785B616EAA4F585CCB05860DBAC8 |
SHA-512: | 3C498277F40E3876500B52ACD7CAC5AD7E8CBD74BB92A67BE3C347CDCFC39FF84C3EDD086F9464FE02404B0149DE593D9BB208544AFE649F984D0F2E0D7204A1 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.476113305296515 |
TrID: |
|
File name: | vQu0zndLpi.dll |
File size: | 1'138'176 bytes |
MD5: | 6b0b96b6ec7950943213da4f98fab1c7 |
SHA1: | 502b8b7c5888b476365345d029df4f1d80c381c2 |
SHA256: | bef34611564f850070ab13288c6d52de24fbcfc2ede9323eb675d32a31413f18 |
SHA512: | f80bbffc22aa041eb1ccbb39f390fd322ab2b701b30d83e6872b68bc85b8c645d076b7216c5da6eab159fc9074bfc2c8410db6a6ce2e1c658868086dc88c6951 |
SSDEEP: | 24576:D+XUNkTrLLAhpLJdqhQZE8cpKPpo1MsAVHB+FYiY25r3wai:iXUNuAhpXqa+8cpKBgZAZBvig |
TLSH: | 7C356B1767F805A8E8B6D178897B5806F736B41587309AEF02D0226B1F77BE08E7E711 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l.........................5...............................................................a...J.......J.......J.............. |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x180083a90 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x180000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF |
Time Stamp: | 0x66FA53D2 [Mon Sep 30 07:31:30 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 767132e147d9da374bf0eb60457b20e1 |
Signature Valid: | |
Signature Issuer: | |
Signature Validation Error: | |
Error Number: | |
Not Before, Not After | |
Subject Chain | |
Version: | |
Thumbprint MD5: | |
Thumbprint SHA-1: | |
Thumbprint SHA-256: | |
Serial: |
Instruction |
---|
dec eax |
sub esp, 28h |
cmp edx, 01h |
jne 00007F2D84C83106h |
dec eax |
mov edx, ecx |
dec eax |
add edx, 001013B8h |
call 00007F2D84C8313Dh |
dec sp |
movd mm5, eax |
mov eax, 00000001h |
dec eax |
add esp, 28h |
ret |
dec eax |
sub esp, 28h |
dec sp |
movd eax, mm5 |
dec eax |
add esp, 28h |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
dec eax |
sub esp, 28h |
call 00007F2D84C830D3h |
mov edx, 00001BD8h |
dec eax |
mov ecx, eax |
call 00007F2D84C837AFh |
call eax |
xor eax, eax |
dec eax |
add esp, 28h |
ret |
int3 |
dec eax |
mov dword ptr [esp+10h], ebx |
dec eax |
mov dword ptr [esp+08h], ecx |
push ebp |
push esi |
push edi |
inc ecx |
push esp |
inc ecx |
push ebp |
inc ecx |
push esi |
inc ecx |
push edi |
dec eax |
lea ebp, dword ptr [esp-27h] |
dec eax |
sub esp, 00000100h |
inc ebp |
xor esp, esp |
dec eax |
mov ebx, edx |
mov dword ptr [esp+20h], 4C682648h |
mov dword ptr [esp+24h], 436D2A5Fh |
mov dword ptr [esp+28h], 4F4D674Fh |
mov dword ptr [esp+2Ch], 75352979h |
inc sp |
mov dword ptr [esp+50h], esp |
mov byte ptr [esp+30h], 00000000h |
mov dword ptr [esp+38h], 0065006Bh |
mov dword ptr [esp+3Ch], 006E0072h |
mov dword ptr [esp+40h], 00000065h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xede80 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xedf0c | 0xdc | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x101000 | 0x196ec | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0xf8000 | 0x744c | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xfcc00 | 0x4dc8 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x11b000 | 0x156c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xd9330 | 0x70 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xd9500 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xd93a0 | 0x138 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xb7000 | 0x5f8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb572c | 0xb5800 | fc6ea9a56a230231c4bb1fdc5ef08421 | False | 0.4668183970385675 | data | 6.386830917577598 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0xb7000 | 0x383b6 | 0x38400 | ec611e4019790695ac7d6d148ac88116 | False | 0.3645833333333333 | data | 4.902790895501739 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xf0000 | 0x749c | 0x5800 | 68b698e4c7307e6be67b30c865614f37 | False | 0.15185546875 | data | 4.497462253406015 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0xf8000 | 0x744c | 0x7600 | 27d6cbc5cf6ad3575f8a0f04a40429a3 | False | 0.4889433262711864 | PEX Binary Archive | 5.836748779718831 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
_RDATA | 0x100000 | 0xf4 | 0x200 | 3becaaa5faf69c9c92c0abf64cce14d9 | False | 0.3046875 | data | 2.4434385797190123 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x101000 | 0x196ec | 0x19800 | a2add8433692a7f4ef3e303d8b906d10 | False | 0.5730602787990197 | data | 7.1419435849845465 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x11b000 | 0x156c | 0x1600 | 94db310f1ca40a2e184b4684ec88d3df | False | 0.37659801136363635 | data | 5.401573591665021 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x1010e8 | 0x2d0 | data | English | United States | 0.46805555555555556 |
RT_ANICURSOR | 0x1013b8 | 0x191b2 | data | 0.5751210689071707 | ||
RT_MANIFEST | 0x11a56c | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
DLL | Import |
---|---|
RPCRT4.dll | UuidToStringW, UuidCreate, RpcStringFreeW |
KERNEL32.dll | LoadLibraryExW, SizeofResource, LockResource, LoadResource, FindResourceExW, FindResourceW, EnterCriticalSection, ReleaseSemaphore, LeaveCriticalSection, InitializeCriticalSection, WaitForThreadpoolTimerCallbacks, GetCurrentThreadId, CloseThreadpoolWait, WaitForThreadpoolWaitCallbacks, CloseThreadpoolTimer, CloseHandle, SetThreadpoolTimer, SetThreadpoolWait, CreateSemaphoreW, MultiByteToWideChar, GetModuleHandleW, WideCharToMultiByte, LocalFree, DeleteCriticalSection, GetCurrentProcessId, CreateFileW, GetFileTime, FileTimeToSystemTime, GetSystemTime, CreateProcessW, DeleteProcThreadAttributeList, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, GetExitCodeProcess, CreateThreadpoolWait, CreateThreadpoolTimer, CreateEventW, ResetEvent, LocalAlloc, CreateThread, OpenProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, WriteConsoleW, FreeEnvironmentStringsW, GetEnvironmentStringsW, DecodePointer, RaiseException, InitializeCriticalSectionEx, WaitForSingleObject, SetEvent, GetLastError, VerSetConditionMask, VerifyVersionInfoW, GetModuleHandleExW, Sleep, GetProcAddress, LoadLibraryW, GetModuleFileNameW, FreeLibrary, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, FormatMessageA, SetStdHandle, ExitProcess, GetCommandLineW, RtlUnwind, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, ReadConsoleW, GetConsoleMode, GetConsoleOutputCP, WriteFile, GetFileType, GetStdHandle, ReadFile, SetConsoleCtrlHandler, FreeLibraryAndExitThread, ExitThread, FlushFileBuffers, GetFileSizeEx, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, TlsFree, LCMapStringW, IsDebuggerPresent, OutputDebugStringW, GetStringTypeW, WaitForSingleObjectEx, GetExitCodeThread, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryEnterCriticalSection, FindClose, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, SetEndOfFile, SetFilePointerEx, GetFileInformationByHandleEx, QueryPerformanceCounter, QueryPerformanceFrequency, EncodePointer, LCMapStringEx, GetSystemTimeAsFileTime, GetCPInfo, InitializeCriticalSectionAndSpinCount, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, GetStartupInfoW, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, InterlockedFlushSList, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue |
USER32.dll | AllowSetForegroundWindow |
ADVAPI32.dll | RevertToSelf, ImpersonateLoggedOnUser, OpenProcessToken, QueryServiceStatusEx, OpenSCManagerW, OpenServiceW, GetSecurityInfo, GetSidIdentifierAuthority, GetAce, GetSidSubAuthority, GetSidSubAuthorityCount, EqualSid, ConvertSidToStringSidW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, SetEntriesInAclW, RegDeleteKeyW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, CloseServiceHandle, RegSetKeyValueW, RegOpenKeyExW, RegGetValueW, RegCloseKey |
SHELL32.dll | CommandLineToArgvW, SHGetKnownFolderPath |
ole32.dll | CoInitializeEx, CoUninitialize, CoSetProxyBlanket, CoTaskMemFree, CoCreateInstance |
OLEAUT32.dll | SysAllocString, VariantClear, SafeArrayCreate, VariantInit, SysStringLen, SysAllocStringLen, SysFreeString |
SHLWAPI.dll | PathRemoveFileSpecW, PathAppendW, PathIsRelativeW |
WINMM.dll | timeGetTime |
ntdll.dll | RtlLookupFunctionEntry, RtlVirtualUnwind, RtlCaptureContext |
Name | Ordinal | Address |
---|---|---|
xtart | 1 | 0x180020ad0 |
start | 2 | 0x180020b00 |
DllWinMain | 4 | 0x18005b0b0 |
UnInstall | 3 | 0x18006cfe0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 10, 2024 16:45:05.840579033 CET | 49708 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:05.840605021 CET | 443 | 49708 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:05.842237949 CET | 49708 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:05.844288111 CET | 49708 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:05.844301939 CET | 443 | 49708 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:05.844369888 CET | 443 | 49708 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:05.949861050 CET | 49709 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:05.949893951 CET | 443 | 49709 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:05.950032949 CET | 49709 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:05.951869965 CET | 49709 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:05.951881886 CET | 443 | 49709 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:05.951931953 CET | 443 | 49709 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.059345007 CET | 49710 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.059364080 CET | 443 | 49710 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.059459925 CET | 49710 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.060062885 CET | 49710 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.060072899 CET | 443 | 49710 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.060147047 CET | 443 | 49710 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.168692112 CET | 49711 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.168724060 CET | 443 | 49711 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.170380116 CET | 49711 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.171083927 CET | 49711 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.171097994 CET | 443 | 49711 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.171155930 CET | 443 | 49711 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.278052092 CET | 49712 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.278088093 CET | 443 | 49712 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.278283119 CET | 49712 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.278942108 CET | 49712 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.278956890 CET | 443 | 49712 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.279017925 CET | 443 | 49712 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.387310028 CET | 49714 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.387334108 CET | 443 | 49714 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.390507936 CET | 49714 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.391201019 CET | 49714 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.391211987 CET | 443 | 49714 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.391274929 CET | 443 | 49714 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.496895075 CET | 49715 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.496997118 CET | 443 | 49715 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.497116089 CET | 49715 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.497711897 CET | 49715 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.497725010 CET | 443 | 49715 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.497767925 CET | 443 | 49715 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.607490063 CET | 49716 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.607517958 CET | 443 | 49716 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.607594967 CET | 49716 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.609503031 CET | 49716 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.609517097 CET | 443 | 49716 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.609554052 CET | 443 | 49716 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.716022968 CET | 49717 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.716044903 CET | 443 | 49717 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.716114044 CET | 49717 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.716697931 CET | 49717 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.716717958 CET | 443 | 49717 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.716751099 CET | 443 | 49717 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.827663898 CET | 49718 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.827696085 CET | 443 | 49718 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.827775955 CET | 49718 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.828356981 CET | 49718 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.828372002 CET | 443 | 49718 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.828416109 CET | 443 | 49718 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.935189962 CET | 49720 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.935213089 CET | 443 | 49720 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.935333014 CET | 49720 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.935902119 CET | 49720 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:06.935914993 CET | 443 | 49720 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:06.935969114 CET | 443 | 49720 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.067049980 CET | 49721 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.067090988 CET | 443 | 49721 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.067150116 CET | 49721 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.080480099 CET | 49721 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.080496073 CET | 443 | 49721 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.080540895 CET | 443 | 49721 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.185355902 CET | 49723 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.185395956 CET | 443 | 49723 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.185477018 CET | 49723 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.346136093 CET | 49723 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.346153975 CET | 443 | 49723 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.346215963 CET | 443 | 49723 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.450315952 CET | 49724 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.450340986 CET | 443 | 49724 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.450395107 CET | 49724 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.453311920 CET | 49724 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.453330994 CET | 443 | 49724 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.453366041 CET | 443 | 49724 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.559309959 CET | 49725 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.559356928 CET | 443 | 49725 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.559439898 CET | 49725 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.560143948 CET | 49725 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.560162067 CET | 443 | 49725 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.560199976 CET | 443 | 49725 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.668941021 CET | 49726 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.668998003 CET | 443 | 49726 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.669071913 CET | 49726 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.670099974 CET | 49726 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:07.670121908 CET | 443 | 49726 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:07.670166016 CET | 443 | 49726 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:12.809901953 CET | 49729 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:12.809925079 CET | 443 | 49729 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:12.810008049 CET | 49729 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.032089949 CET | 49729 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.032105923 CET | 443 | 49729 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.032175064 CET | 443 | 49729 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.137530088 CET | 49730 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.137579918 CET | 443 | 49730 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.137641907 CET | 49730 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.139944077 CET | 49730 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.139955044 CET | 443 | 49730 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.140018940 CET | 443 | 49730 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.255021095 CET | 49731 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.255038977 CET | 443 | 49731 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.255109072 CET | 49731 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.257989883 CET | 49731 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.258002043 CET | 443 | 49731 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.258048058 CET | 443 | 49731 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.371676922 CET | 49737 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.371712923 CET | 443 | 49737 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.371779919 CET | 49737 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.372493029 CET | 49737 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.372508049 CET | 443 | 49737 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.372556925 CET | 443 | 49737 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.481081963 CET | 49738 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.481112003 CET | 443 | 49738 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.481184006 CET | 49738 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.482014894 CET | 49738 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.482028008 CET | 443 | 49738 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.482057095 CET | 443 | 49738 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.590694904 CET | 49739 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.590727091 CET | 443 | 49739 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.590792894 CET | 49739 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.591396093 CET | 49739 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.591408014 CET | 443 | 49739 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.591445923 CET | 443 | 49739 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.699862003 CET | 49740 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.699892998 CET | 443 | 49740 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.699970961 CET | 49740 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.700588942 CET | 49740 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.700599909 CET | 443 | 49740 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.700628042 CET | 443 | 49740 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.809340000 CET | 49741 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.809375048 CET | 443 | 49741 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.809493065 CET | 49741 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.810180902 CET | 49741 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.810194016 CET | 443 | 49741 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.810214996 CET | 443 | 49741 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.918675900 CET | 49742 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.918740034 CET | 443 | 49742 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.918808937 CET | 49742 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.919441938 CET | 49742 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:13.919451952 CET | 443 | 49742 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:13.919477940 CET | 443 | 49742 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.027982950 CET | 49743 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.028007984 CET | 443 | 49743 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.028175116 CET | 49743 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.029016972 CET | 49743 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.029030085 CET | 443 | 49743 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.029077053 CET | 443 | 49743 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.137492895 CET | 49744 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.137531042 CET | 443 | 49744 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.137617111 CET | 49744 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.138408899 CET | 49744 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.138422966 CET | 443 | 49744 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.138469934 CET | 443 | 49744 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.247046947 CET | 49745 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.247081041 CET | 443 | 49745 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.247189999 CET | 49745 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.247936964 CET | 49745 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.247951984 CET | 443 | 49745 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.248003960 CET | 443 | 49745 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.356344938 CET | 49746 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.356363058 CET | 443 | 49746 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.356434107 CET | 49746 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.357095957 CET | 49746 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.357105970 CET | 443 | 49746 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.357136965 CET | 443 | 49746 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.465466976 CET | 49747 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.465504885 CET | 443 | 49747 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.465583086 CET | 49747 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.466310978 CET | 49747 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.466325045 CET | 443 | 49747 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.466366053 CET | 443 | 49747 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.574966908 CET | 49748 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.575002909 CET | 443 | 49748 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.575141907 CET | 49748 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.576491117 CET | 49748 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.576504946 CET | 443 | 49748 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.576543093 CET | 443 | 49748 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.684241056 CET | 49749 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.684298992 CET | 443 | 49749 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.684384108 CET | 49749 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.685108900 CET | 49749 | 443 | 192.168.2.6 | 45.66.248.99 |
Dec 10, 2024 16:45:14.685125113 CET | 443 | 49749 | 45.66.248.99 | 192.168.2.6 |
Dec 10, 2024 16:45:14.685170889 CET | 443 | 49749 | 45.66.248.99 | 192.168.2.6 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:45:02 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66eb60000 |
File size: | 165'888 bytes |
MD5 hash: | 763455F9DCB24DFEECC2B9D9F8D46D52 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 10:45:02 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 10:45:02 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7755b0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 10:45:02 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7429d0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 10:45:02 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7429d0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 10:45:02 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6def20000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 10:45:05 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7429d0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 10:45:07 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7429d0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 10:45:08 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7429d0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 10:45:11 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7429d0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 13 |
Start time: | 10:45:11 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7429d0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 14 |
Start time: | 10:45:11 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7429d0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 15 |
Start time: | 10:45:11 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7429d0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 16 |
Start time: | 10:45:14 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7429d0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 86.7% |
Total number of Nodes: | 15 |
Total number of Limit Nodes: | 5 |
Graph
Function 00007FFDA36A2FF0 Relevance: 26.6, APIs: 4, Strings: 11, Instructions: 322memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36A3AF0 Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 215memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36A3BE4 Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 189memorylibraryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36A3E90 Relevance: 3.1, APIs: 2, Instructions: 113libraryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3678440 Relevance: 111.1, APIs: 43, Strings: 20, Instructions: 821libraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367F9E0 Relevance: 70.8, APIs: 15, Strings: 25, Instructions: 839memorytimecomCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA363F5B0 Relevance: 53.1, APIs: 35, Instructions: 619synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA363A3C0 Relevance: 37.9, APIs: 4, Strings: 17, Instructions: 1145timecomCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367B0B0 Relevance: 37.7, APIs: 6, Strings: 15, Instructions: 943COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3650530 Relevance: 35.6, APIs: 1, Strings: 19, Instructions: 588timeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36743E0 Relevance: 35.5, APIs: 4, Strings: 16, Instructions: 547COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3638960 Relevance: 34.0, APIs: 9, Strings: 10, Instructions: 768timeregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3665C50 Relevance: 32.5, APIs: 6, Strings: 12, Instructions: 1004timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36830E0 Relevance: 28.9, APIs: 4, Strings: 12, Instructions: 853COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA363B890 Relevance: 28.7, APIs: 7, Strings: 9, Instructions: 664comtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3668880 Relevance: 28.6, APIs: 8, Strings: 8, Instructions: 570timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA365A320 Relevance: 26.8, APIs: 11, Strings: 4, Instructions: 514COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3639750 Relevance: 25.2, APIs: 5, Strings: 9, Instructions: 688comtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3673BE0 Relevance: 25.0, APIs: 4, Strings: 10, Instructions: 462timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36764F0 Relevance: 24.9, APIs: 9, Strings: 5, Instructions: 411COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36C4248 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1209COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3687700 Relevance: 23.3, APIs: 4, Strings: 9, Instructions: 552COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367E890 Relevance: 23.1, APIs: 9, Strings: 4, Instructions: 324COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3676C20 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 215COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3646B40 Relevance: 19.8, APIs: 4, Strings: 7, Instructions: 577timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA368C190 Relevance: 19.8, APIs: 5, Strings: 6, Instructions: 559COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366DA50 Relevance: 19.8, APIs: 1, Strings: 10, Instructions: 503COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36766C0 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 366COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366F9F0 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 337COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367A820 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 473COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36626D0 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 426timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366B7A0 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 395COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3688C00 Relevance: 16.1, APIs: 3, Strings: 6, Instructions: 369registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3673600 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 298synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3653590 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 258COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36CAA74 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36A9A28 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36A0B94 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36237E0 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 505COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36763B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367A4B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36C0C4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36BDA2C Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36CA388 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36CA458 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36C06B8 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36859F0 Relevance: .2, Instructions: 199COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3646310 Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA365A3A7 Relevance: 53.0, APIs: 28, Strings: 2, Instructions: 450COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA365A6F7 Relevance: 44.1, APIs: 24, Strings: 1, Instructions: 333COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA365B06D Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 195COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36C1114 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA365BB00 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 224COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3651790 Relevance: 33.3, APIs: 3, Strings: 16, Instructions: 90timeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3664B50 Relevance: 31.9, APIs: 6, Strings: 12, Instructions: 356libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367E170 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 255libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3659210 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 278libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36344C0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 105libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA364F560 Relevance: 21.4, APIs: 9, Strings: 3, Instructions: 403COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA362E220 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 288memorytimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3622200 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 288memorytimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA362ABB0 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 288memorytimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3637360 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 245timeregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3630BF0 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 247libraryloadertimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3631580 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 246timesynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA364D0B0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 341libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA364E8B0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 254COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3682100 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 98serviceCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA362B3B0 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 323timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3622A00 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 314timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3644620 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 199COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3670070 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 176libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA364E210 Relevance: 14.4, APIs: 3, Strings: 5, Instructions: 368COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA362A070 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 349windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3647AF0 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 292timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3644A10 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 270libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366D610 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 259COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366CBC0 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 242timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36451F0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 202COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA364C0A0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 193COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3669690 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 178timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3637060 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 164timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36808D0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 132servicetimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3665210 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 81libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367DAB0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 291COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3667810 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 255timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36A01B0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 253COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36828C0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 230timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3687060 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 206timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA363C640 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 195registrytimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3640490 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 190COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA363C980 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 190registrytimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3652BD0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 184timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3671400 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 181registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3665490 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 172timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3633690 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 168registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36716F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366D190 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 152timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3662410 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 143timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3634170 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 138COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36483E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 110timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36485D0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 110timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36481F0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 109timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36B7458 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA362B970 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 364timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA362EA20 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 300timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3653080 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 298COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36C323C Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36671C0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 245timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36319E0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 234timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36377C0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 212timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3637B60 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 212timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36C26F8 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 202COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA362D300 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 198timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3632600 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 185COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA362A890 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 185comtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367D170 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 165COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36816D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 131timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36810F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 128timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366A520 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3681520 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36477B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 85timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3647620 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 85timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36CD89C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36A284C Relevance: 9.2, APIs: 6, Instructions: 203COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3634730 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 399COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36264E0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 229COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3630390 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 195timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA362B080 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 184timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36226D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 184timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA362E6F0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 184timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3638640 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3687400 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 179timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA364F270 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 179COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367D4D0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 174COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36633B0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 170timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36630F0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 170timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3663670 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 170timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3686BE0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 169COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36722F0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 154timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA364F080 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 137COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36770B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 131COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36271E0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367C3A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3661800 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36699D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA364A740 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 81libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA363C4A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 81timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA364A9C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 81libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36529B0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 29timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367A580 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 159COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3645650 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 157COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36719A0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 155registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3670AD0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 150threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367E530 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36863F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 134registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36675D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 119timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3671C20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 116timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3626360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36261D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3681320 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3680B20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 97timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366AA80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 90timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366D470 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36657C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366B2B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3653B60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36539D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3678160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366B120 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366AC30 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3665AD0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3669B70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 70timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366A3B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366A240 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366A0D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA366A6D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36782B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367A440 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36290F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36403B0 Relevance: 6.1, APIs: 4, Instructions: 62threadtimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36501D0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 201COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3631290 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367D780 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 179COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3646740 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36BD490 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3672A40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36826A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36694C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 111COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36C249C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA365E400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3659650 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36778D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367E770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69serviceCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA367A320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36C6560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36B75D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36C02C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36686D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA3628C20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDA36C0BF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|