Edit tour
Windows
Analysis Report
c2A6GRyAwn.dll
Overview
General Information
| Sample name: | c2A6GRyAwn.dllrenamed because original name is a hash value |
| Original sample name: | c25a973f8b0a24249c6e6894cef4d6b7.dll |
| Analysis ID: | 1578032 |
| MD5: | c25a973f8b0a24249c6e6894cef4d6b7 |
| SHA1: | ca709195fdae41296ce26a31f710f3d9a7495a8f |
| SHA256: | e5024fae6c595676b50f0a9b8ab6a3ccd0a9b36a069c5a3746ad07d73ef6cfb8 |
| Tags: | dlluser-abuse_ch |
| Infos: |   |
 | |
Detection
Nitol
| Score: | 96 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected Nitol
AI detected suspicious sample
Contains functionality to capture and log keystrokes
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect virtual machines (IN, VMware)
Creates an autostart registry key pointing to binary in C:\Windows
Found evasive API chain checking for user administrative privileges
PE file has a writeable .text section
Tries to delay execution (extensive OutputDebugStringW loop)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to detect virtual machines (SGDT)
Contains functionality to detect virtual machines (SIDT)
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
loaddll32.exe (PID: 180 cmdline: loaddll32. exe "C:\Us ers\user\D esktop\c2A 6GRyAwn.dl l" MD5: 51E6071F9CBA48E79F10C84515AAE618) 
conhost.exe (PID: 6284 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 612 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\c2A 6GRyAwn.dl l",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) 
rundll32.exe (PID: 2472 cmdline: rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",#1 MD5: 889B99C52A60DD49227C5E485A016679) 
WMIC.exe (PID: 2300 cmdline: wmic cpu g et process orid MD5: E2DE6500DE1148C7F6027AD50AC8B891) - conhost.exe (PID: 1520 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - rundll32.exe (PID: 1224 cmdline:
rundll32.e xe C:\User s\user\Des ktop\c2A6G RyAwn.dll, cef_add_cr oss_origin _whitelist _entry MD5: 889B99C52A60DD49227C5E485A016679) - WMIC.exe (PID: 1020 cmdline:
wmic cpu g et process orid MD5: E2DE6500DE1148C7F6027AD50AC8B891) - conhost.exe (PID: 1248 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - rundll32.exe (PID: 7060 cmdline:
rundll32.e xe C:\User s\user\Des ktop\c2A6G RyAwn.dll, cef_add_we b_plugin_d irectory MD5: 889B99C52A60DD49227C5E485A016679) - WMIC.exe (PID: 4912 cmdline:
wmic cpu g et process orid MD5: E2DE6500DE1148C7F6027AD50AC8B891) - conhost.exe (PID: 6104 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - rundll32.exe (PID: 1784 cmdline:
rundll32.e xe C:\User s\user\Des ktop\c2A6G RyAwn.dll, cef_add_we b_plugin_p ath MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 5688 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_add_ cross_orig in_whiteli st_entry MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 6672 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_add_ web_plugin _directory MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 344 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_add_ web_plugin _path MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 1732 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",create_c ontext_sha red MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 3620 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_zip_ reader_cre ate MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 6008 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_zip_ directory MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 3924 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_writ e_json MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 6448 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_wind ow_create_ top_level MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 4720 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_visi t_web_plug in_info MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 4676 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_valu e_create MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 2000 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8va lue_create _undefined MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7124 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8va lue_create _uint MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 4308 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8va lue_create _string MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7156 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8va lue_create _object MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 1272 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8va lue_create _null MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 5948 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8va lue_create _int MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 3780 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8va lue_create _function MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 6020 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8va lue_create _double MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 5336 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8va lue_create _date MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 5808 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8va lue_create _bool MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7176 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8va lue_create _array_buf fer MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7196 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8va lue_create _array MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7208 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8st ack_trace_ get_curren t MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7228 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8co ntext_in_c ontext MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7236 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8co ntext_get_ entered_co ntext MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7244 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_v8co ntext_get_ current_co ntext MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7252 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_urlr equest_cre ate MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7264 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_urie ncode MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7272 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_urid ecode MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7280 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_unre gister_int ernal_web_ plugin MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7292 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\c2A6 GRyAwn.dll ",cef_time _to_timet MD5: 889B99C52A60DD49227C5E485A016679)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Nitol | No Attribution |
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Nitol | Yara detected Nitol | Joe Security | ||
| JoeSecurity_Nitol | Yara detected Nitol | Joe Security | ||
| JoeSecurity_Nitol | Yara detected Nitol | Joe Security | ||
| JoeSecurity_Nitol | Yara detected Nitol | Joe Security | ||
| JoeSecurity_Nitol | Yara detected Nitol | Joe Security | ||
| Click to see the 63 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Nitol | Yara detected Nitol | Joe Security | ||
| JoeSecurity_Nitol | Yara detected Nitol | Joe Security | ||
| JoeSecurity_Nitol | Yara detected Nitol | Joe Security | ||
| JoeSecurity_Nitol | Yara detected Nitol | Joe Security | ||
| JoeSecurity_Nitol | Yara detected Nitol | Joe Security | ||
| Click to see the 97 entries | ||||
System Summary |   |
|---|
| Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): | ||
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Code function: | 3_2_1000D890 | |
| Source: | Code function: | 4_2_1000D890 | |
| Source: | Code function: | 6_2_1000D890 | |
| Source: | Code function: | 14_2_1000D890 | |
| Source: | Code function: | 15_2_1000D890 | |
| Source: | Code function: | 16_2_1000D890 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Networking | |
|---|
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | TCP traffic: | ||
| Source: | ASN Name: | ||
| Source: | ASN Name: | ||
| Source: | ASN Name: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 3_2_1001A470 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
Key, Mouse, Clipboard, Microphone and Screen Capturing | |
|---|
| Source: | Code function: | 3_2_1000EF10 | |
| Source: | Code function: | 3_2_1000EF10 | |
| Source: | Code function: | 4_2_1000EF10 | |
| Source: | Code function: | 4_2_1000EF10 | |
| Source: | Code function: | 6_2_1000EF10 | |
| Source: | Code function: | 6_2_1000EF10 | |
| Source: | Code function: | 14_2_1000EF10 | |
| Source: | Code function: | 14_2_1000EF10 | |
| Source: | Code function: | 15_2_1000EF10 | |
| Source: | Code function: | 15_2_1000EF10 | |
| Source: | Code function: | 16_2_1000EF10 | |
| Source: | Code function: | 16_2_1000EF10 | |
| Source: | Code function: | 3_2_1000F017 | |
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Code function: | 0_3_00F90A95 | |
| Source: | Code function: | 0_3_00F90A09 | |
| Source: | Code function: | 3_3_02BF0A95 | |
| Source: | Code function: | 3_3_02BF0A09 | |
| Source: | Code function: | 4_3_00BA0A95 | |
| Source: | Code function: | 4_3_00BA0A09 | |
| Source: | Code function: | 6_3_033A0A95 | |
| Source: | Code function: | 6_3_033A0A09 | |
| Source: | Code function: | 7_3_00530A95 | |
| Source: | Code function: | 7_3_00530A09 | |
| Source: | Code function: | 14_3_00B10A95 | |
| Source: | Code function: | 14_3_00B10A09 | |
| Source: | Code function: | 15_3_030E0A09 | |
| Source: | Code function: | 15_3_030E0A95 | |
| Source: | Code function: | 16_3_03200A09 | |
| Source: | Code function: | 16_3_03200A95 | |
| Source: | Code function: | 3_2_100123C0 | |
| Source: | Code function: | 3_2_10010560 | |
| Source: | Code function: | 4_2_10010560 | |
| Source: | Code function: | 6_2_10010560 | |
| Source: | Code function: | 14_2_10010560 | |
| Source: | Code function: | 15_2_10010560 | |
| Source: | Code function: | 16_2_10010560 | |
| Source: | Code function: | 0_3_00F9000D | |
| Source: | Code function: | 3_3_02BF000D | |
| Source: | Code function: | 3_2_10030296 | |
| Source: | Code function: | 3_2_1000B300 | |
| Source: | Code function: | 3_2_1000B30B | |
| Source: | Code function: | 3_2_1002136E | |
| Source: | Code function: | 3_2_1002A416 | |
| Source: | Code function: | 3_2_10020580 | |
| Source: | Code function: | 3_2_1002062D | |
| Source: | Code function: | 3_2_100036A0 | |
| Source: | Code function: | 3_2_100217A3 | |
| Source: | Code function: | 3_2_1002F7B6 | |
| Source: | Code function: | 3_2_10030A12 | |
| Source: | Code function: | 3_2_10020B21 | |
| Source: | Code function: | 3_2_10034B30 | |
| Source: | Code function: | 3_2_10032BA9 | |
| Source: | Code function: | 3_2_1002FD26 | |
| Source: | Code function: | 3_2_1002DE4D | |
| Source: | Code function: | 3_2_10020F39 | |
| Source: | Code function: | 4_3_00BA000D | |
| Source: | Code function: | 4_2_10030296 | |
| Source: | Code function: | 4_2_1000B300 | |
| Source: | Code function: | 4_2_1000B30B | |
| Source: | Code function: | 4_2_1002136E | |
| Source: | Code function: | 4_2_1002A416 | |
| Source: | Code function: | 4_2_10020580 | |
| Source: | Code function: | 4_2_1002062D | |
| Source: | Code function: | 4_2_100036A0 | |
| Source: | Code function: | 4_2_100217A3 | |
| Source: | Code function: | 4_2_1002F7B6 | |
| Source: | Code function: | 4_2_10030A12 | |
| Source: | Code function: | 4_2_10020B21 | |
| Source: | Code function: | 4_2_10034B30 | |
| Source: | Code function: | 4_2_10032BA9 | |
| Source: | Code function: | 4_2_1002FD26 | |
| Source: | Code function: | 4_2_1002DE4D | |
| Source: | Code function: | 4_2_10020F39 | |
| Source: | Code function: | 6_3_033A000D | |
| Source: | Code function: | 6_2_10030296 | |
| Source: | Code function: | 6_2_1000B300 | |
| Source: | Code function: | 6_2_1000B30B | |
| Source: | Code function: | 6_2_1002136E | |
| Source: | Code function: | 6_2_1002A416 | |
| Source: | Code function: | 6_2_10020580 | |
| Source: | Code function: | 6_2_1002062D | |
| Source: | Code function: | 6_2_100036A0 | |
| Source: | Code function: | 6_2_100217A3 | |
| Source: | Code function: | 6_2_1002F7B6 | |
| Source: | Code function: | 6_2_10030A12 | |
| Source: | Code function: | 6_2_10020B21 | |
| Source: | Code function: | 6_2_10034B30 | |
| Source: | Code function: | 6_2_10032BA9 | |
| Source: | Code function: | 6_2_1002FD26 | |
| Source: | Code function: | 6_2_1002DE4D | |
| Source: | Code function: | 6_2_10020F39 | |
| Source: | Code function: | 7_3_0053000D | |
| Source: | Code function: | 14_3_00B1000D | |
| Source: | Code function: | 14_2_10030296 | |
| Source: | Code function: | 14_2_1000B300 | |
| Source: | Code function: | 14_2_1000B30B | |
| Source: | Code function: | 14_2_1002136E | |
| Source: | Code function: | 14_2_1002A416 | |
| Source: | Code function: | 14_2_10020580 | |
| Source: | Code function: | 14_2_1002062D | |
| Source: | Code function: | 14_2_100036A0 | |
| Source: | Code function: | 14_2_100217A3 | |
| Source: | Code function: | 14_2_1002F7B6 | |
| Source: | Code function: | 14_2_10030A12 | |
| Source: | Code function: | 14_2_10020B21 | |
| Source: | Code function: | 14_2_10034B30 | |
| Source: | Code function: | 14_2_10032BA9 | |
| Source: | Code function: | 14_2_1002FD26 | |
| Source: | Code function: | 14_2_1002DE4D | |
| Source: | Code function: | 14_2_10020F39 | |
| Source: | Code function: | 15_3_030E000D | |
| Source: | Code function: | 15_2_10030296 | |
| Source: | Code function: | 15_2_1000B300 | |
| Source: | Code function: | 15_2_1000B30B | |
| Source: | Code function: | 15_2_1002136E | |
| Source: | Code function: | 15_2_1002A416 | |
| Source: | Code function: | 15_2_10020580 | |
| Source: | Code function: | 15_2_1002062D | |
| Source: | Code function: | 15_2_100036A0 | |
| Source: | Code function: | 15_2_100217A3 | |
| Source: | Code function: | 15_2_1002F7B6 | |
| Source: | Code function: | 15_2_10030A12 | |
| Source: | Code function: | 15_2_10020B21 | |
| Source: | Code function: | 15_2_10034B30 | |
| Source: | Code function: | 15_2_10032BA9 | |
| Source: | Code function: | 15_2_1002FD26 | |
| Source: | Code function: | 15_2_1002DE4D | |
| Source: | Code function: | 15_2_10020F39 | |
| Source: | Code function: | 16_3_0320000D | |
| Source: | Code function: | 16_2_10030296 | |
| Source: | Code function: | 16_2_1000B300 | |
| Source: | Code function: | 16_2_1000B30B | |
| Source: | Code function: | 16_2_1002136E | |
| Source: | Code function: | 16_2_1002A416 | |
| Source: | Code function: | 16_2_10020580 | |
| Source: | Code function: | 16_2_1002062D | |
| Source: | Code function: | 16_2_100036A0 | |
| Source: | Code function: | 16_2_100217A3 | |
| Source: | Code function: | 16_2_1002F7B6 | |
| Source: | Code function: | 16_2_10030A12 | |
| Source: | Code function: | 16_2_10020B21 | |
| Source: | Code function: | 16_2_10034B30 | |
| Source: | Code function: | 16_2_10032BA9 | |
| Source: | Code function: | 16_2_1002FD26 | |
| Source: | Code function: | 16_2_1002DE4D | |
| Source: | Code function: | 16_2_10020F39 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 3_2_10012550 | |
| Source: | Code function: | 4_2_10012550 | |
| Source: | Code function: | 6_2_10012550 | |
| Source: | Code function: | 14_2_10012550 | |
| Source: | Code function: | 15_2_10012550 | |
| Source: | Code function: | 16_2_10012550 | |
| Source: | Code function: | 3_2_100152A0 | |
| Source: | Code function: | 3_2_10013A20 | |
| Source: | Code function: | 3_2_10013A20 | |
| Source: | Code function: | 4_2_10013A20 | |
| Source: | Code function: | 6_2_10013A20 | |
| Source: | Code function: | 14_2_10013A20 | |
| Source: | Code function: | 15_2_10013A20 | |
| Source: | Code function: | 16_2_10013A20 | |
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Virustotal: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_3_00F90C05 | |
| Source: | Code function: | 3_2_100241EF | |
| Source: | Code function: | 3_2_100248A8 | |
| Source: | Code function: | 4_2_100241EF | |
| Source: | Code function: | 4_2_100248A8 | |
| Source: | Code function: | 6_2_100241EF | |
| Source: | Code function: | 6_2_100248A8 | |
| Source: | Code function: | 14_2_100241EF | |
| Source: | Code function: | 14_2_100248A8 | |
| Source: | Code function: | 15_2_100241EF | |
| Source: | Code function: | 15_2_100248A8 | |
| Source: | Code function: | 16_2_100241EF | |
| Source: | Code function: | 16_2_100248A8 | |
Boot Survival | |
|---|
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Code function: | 3_2_10013A20 | |
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
Malware Analysis System Evasion | |
|---|
| Source: | Code function: | 3_2_1000E970 | |
| Source: | Code function: | 4_2_1000E970 | |
| Source: | Code function: | 6_2_1000E970 | |
| Source: | Code function: | 14_2_1000E970 | |
| Source: | Code function: | 15_2_1000E970 | |
| Source: | Code function: | 16_2_1000E970 | |
| Source: | Code function: | 3_2_10013080 | |
| Source: | Check user administrative privileges: | graph_3-24155 | ||
| Source: | Section loaded: | ||
| Source: | Code function: | 3_2_1000F2B0 | |
| Source: | Code function: | 3_2_10013000 | |
| Source: | Code function: | 3_2_10013000 | |
| Source: | Evasive API call chain: | graph_3-24355 | ||
| Source: | Evasive API call chain: | graph_3-24540 | ||
| Source: | API coverage: | ||
| Source: | API coverage: | ||
| Source: | API coverage: | ||
| Source: | API coverage: | ||
| Source: | API coverage: | ||
| Source: | API coverage: | ||
| Source: | API coverage: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Code function: | 3_2_10005CA0 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_6C917EA0 | |
| Source: | Code function: | 3_2_6C9297C0 | |
| Source: | Code function: | 3_2_1000F2B0 | |
| Source: | Code function: | 0_3_00F90C05 | |
| Source: | Code function: | 3_2_100143E0 | |
| Source: | Code function: | 0_2_6C925420 | |
| Source: | Code function: | 3_2_6C925420 | |
| Source: | Code function: | 3_2_10028206 | |
| Source: | Code function: | 4_2_6C925420 | |
| Source: | Code function: | 4_2_10028206 | |
| Source: | Code function: | 6_2_6C925420 | |
| Source: | Code function: | 6_2_10028206 | |
| Source: | Code function: | 14_2_6C925420 | |
| Source: | Code function: | 14_2_10028206 | |
| Source: | Code function: | 15_2_6C925420 | |
| Source: | Code function: | 15_2_10028206 | |
| Source: | Code function: | 16_2_6C925420 | |
| Source: | Code function: | 16_2_10028206 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 3_2_10025930 | |
| Source: | Code function: | 3_2_1002A1A0 | |
| Source: | Code function: | 3_2_1002D09F | |
| Source: | Code function: | 3_2_10012A90 | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 3_2_1001C580 | |
| Source: | Code function: | 3_2_1001DBF0 | |
| Source: | Code function: | 4_2_1001C580 | |
| Source: | Code function: | 4_2_1001DBF0 | |
| Source: | Code function: | 6_2_1001C580 | |
| Source: | Code function: | 6_2_1001DBF0 | |
| Source: | Code function: | 14_2_1001C580 | |
| Source: | Code function: | 14_2_1001DBF0 | |
| Source: | Code function: | 15_2_1001C580 | |
| Source: | Code function: | 15_2_1001DBF0 | |
| Source: | Code function: | 16_2_1001C580 | |
| Source: | Code function: | 16_2_1001DBF0 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 1 Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | 111 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 13 Native API | 1 Valid Accounts | 1 Valid Accounts | 2 Obfuscated Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 111 Input Capture | 2 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 2 Command and Scripting Interpreter | 4 Windows Service | 1 Access Token Manipulation | 1 DLL Side-Loading | Security Account Manager | 16 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | 2 Service Execution | 11 Registry Run Keys / Startup Folder | 4 Windows Service | 1 Valid Accounts | NTDS | 151 Security Software Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 112 Process Injection | 1 Access Token Manipulation | LSA Secrets | 23 Virtualization/Sandbox Evasion | SSH | Keylogging | 2 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 11 Registry Run Keys / Startup Folder | 23 Virtualization/Sandbox Evasion | Cached Domain Credentials | 3 Process Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 112 Process Injection | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Rundll32 | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 12% | Virustotal | Browse | ||
| 11% | ReversingLabs | Win32.Backdoor.GhostRAT |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| 286f37a9.ifconfig.cc.cname.hcnamedns.com | 122.226.191.212 | true | true | unknown | |
| 4.tcpdump.cn | 104.21.42.47 | true | true | unknown | |
| ifconfig.cc | unknown | unknown | false | unknown | |
| 4.ipw.cn | unknown | unknown | false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 122.226.191.212 | 286f37a9.ifconfig.cc.cname.hcnamedns.com | China | 136190 | CHINATELECOM-ZHEJIANG-JINHUA-IDCJINHUAZHEJIANGProvince | true | |
| 104.21.42.47 | 4.tcpdump.cn | United States | 13335 | CLOUDFLARENETUS | true | |
| 206.238.77.142 | unknown | United States | 174 | COGENT-174US | true |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1578032 |
| Start date and time: | 2024-12-19 08:07:30 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 11m 24s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Run with higher sleep bypass |
| Number of analysed new started processes analysed: | 45 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | c2A6GRyAwn.dllrenamed because original name is a hash value |
| Original Sample Name: | c25a973f8b0a24249c6e6894cef4d6b7.dll |
| Detection: | MAL |
| Classification: | mal96.troj.spyw.evad.winDLL@177/0@3/3 |
| EGA Information: |
|
| HCA Information: | Failed |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target rundll32.exe, PID 1784 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 08:09:55 | Autostart | |
| 08:10:03 | Autostart |
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| COGENT-174US | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| |
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, Stealc | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| CHINATELECOM-ZHEJIANG-JINHUA-IDCJINHUAZHEJIANGProvince | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 7.999295905537857 |
| TrID: |
|
| File name: | c2A6GRyAwn.dll |
| File size: | 2'739'712 bytes |
| MD5: | c25a973f8b0a24249c6e6894cef4d6b7 |
| SHA1: | ca709195fdae41296ce26a31f710f3d9a7495a8f |
| SHA256: | e5024fae6c595676b50f0a9b8ab6a3ccd0a9b36a069c5a3746ad07d73ef6cfb8 |
| SHA512: | 60fa67697707027555a96e1ae0e0a3b54284b7f9f989db5222ff2caf6f5d9798d43021af236abce848c507525f92fe861adbf8ae4adffe8aa0c60679a68165ea |
| SSDEEP: | 49152:zp1hs0Y3clbb+0Mv8nFmTfazEVT84+gVSJ5QzKXVmOnVuSQ55QXvZB5OC:j+9slFBJgl8Ng8JKzKcOnV/Q0fZB3 |
| TLSH: | 45C53375587006CCFEBDBA3391E2DAEB7648623436F033610D9E207D91AD09B6AD9137 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"..]C.X]C.X]C.X.4=X\C.X..MXpC.X..NX.C.X..OX.B.X.4<XUC.X.4>XYC.X]C.X.@.X.49XxC.Xz.OX^C.Xz.JX\C.Xz.IX\C.X]C.X\C.Xz.LX\C.XRich]C. |
 | |
| Icon Hash: | 7ae282899bbab082 |
| Entrypoint: | 0x10294020 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x10000000 |
| Subsystem: | windows cui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
| Time Stamp: | 0x669E40E9 [Mon Jul 22 11:22:17 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 6d967b24540c0dcbca853710eddbda14 |
| Instruction |
|---|
| mov eax, 105D7E64h |
| push eax |
| push dword ptr fs:[00000000h] |
| mov dword ptr fs:[00000000h], esp |
| xor eax, eax |
| mov dword ptr [eax], ecx |
| push eax |
| inc ebp |
| inc ebx |
| outsd |
| insd |
| jo 00007FF2C4CF5BE3h |
| arpl word ptr [edx+esi+00h], si |
| cmp byte ptr [ecx-06h], bh |
| cdq |
| movsd |
| adc eax, 4F1F2EC4h |
| outsb |
| stosd |
| sbb dl, byte ptr [eax-7Ah] |
| dec esi |
| xor cl, byte ptr [edx+1559A0ACh] |
| pop ebp |
| fbstp [eax+ebp+2122F65Fh] |
| int3 |
| dec edi |
| or ebp, dword ptr [esi+35h] |
| cmp byte ptr [ebx-2D075677h], 00000065h |
| out dx, eax |
| fbstp [esi-69h] |
| cli |
| idiv ah |
| movsb |
| add dword ptr [ebx], edi |
| out dx, eax |
| out DDh, al |
| inc ebx |
| test dword ptr [ebx], 9D6BD962h |
| daa |
| pop eax |
| scasb |
| and ecx, dword ptr [edx-0Dh] |
| aaa |
| xlatb |
| or eax, 1A6ABD03h |
| sbb ch, byte ptr fs:[edi+31h] |
| aad 22h |
| ret |
| fdiv dword ptr [ebp-1AA3D25Bh] |
| pop ebx |
| cld |
| cmp al, FDh |
| pop ebx |
| push 9D8C9189h |
| salc |
| xor esi, esi |
| cmp edi, ecx |
| mov edi, 1AF185CAh |
| mov dh, 48h |
| sbb ch, byte ptr [0D1D4AC3h] |
| jne 00007FF2C4CF5B77h |
| dec ecx |
| add dword ptr [edi+11BE5BBDh], edx |
| insb |
| fidiv dword ptr [edi] |
| salc |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x5d52e0 | 0x15e8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5d6e0c | 0x3fd | .rsrc |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5d5000 | 0x2d8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x5da000 | 0x1c | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x5d7f40 | 0x48 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x5d4000 | 0x298400 | 033e1e609069d5aac750cc1aa80706f0 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x5d5000 | 0x5000 | 0x4400 | d27e0c21185a9df30d3e51625b8551c9 | False | 0.58984375 | data | 6.4035865241497865 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .reloc | 0x5da000 | 0x200 | 0x200 | 22e3743c4cd7d5f6adb4c28c88c50b84 | False | 0.07421875 | data | 0.31780982431271465 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_RIBBON_XML | 0x539000 | 0x381 | empty | Chinese | China | 0 |
| RT_CURSOR | 0x539388 | 0x134 | empty | Chinese | China | 0 |
| RT_GROUP_CURSOR | 0x5394c0 | 0x14 | empty | Chinese | China | 0 |
| RT_MANIFEST | 0x5d5150 | 0x188 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5892857142857143 |
| DLL | Import |
|---|---|
| kernel32.dll | LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree |
| MSIMG32.dll | AlphaBlend |
| SHLWAPI.dll | PathStripToRootA |
| UxTheme.dll | OpenThemeData |
| dwmapi.dll | DwmDefWindowProc |
| OLEACC.dll | CreateStdAccessibleObject |
| gdiplus.dll | GdipDeleteGraphics |
| IMM32.dll | ImmGetContext |
| WINMM.dll | PlaySoundA |
| USER32.dll | MessageBeep |
| GDI32.dll | BitBlt |
| WINSPOOL.DRV | ClosePrinter |
| ADVAPI32.dll | RegCloseKey |
| SHELL32.dll | DragQueryFileA |
| ole32.dll | OleLockRunning |
| OLEAUT32.dll | VariantClear |
| Name | Ordinal | Address |
|---|---|---|
| cef_add_cross_origin_whitelist_entry | 1 | 0x10006760 |
| cef_add_web_plugin_directory | 2 | 0x10006890 |
| cef_add_web_plugin_path | 3 | 0x10006ac0 |
| cef_api_hash | 4 | 0x10006c40 |
| cef_base64decode | 5 | 0x10006de0 |
| cef_base64encode | 6 | 0x10006f40 |
| cef_begin_tracing | 7 | 0x100070b0 |
| cef_binary_value_create | 8 | 0x100071d0 |
| cef_browser_create | 9 | 0x10007310 |
| cef_browser_host_create_browser | 10 | 0x10007470 |
| cef_browser_host_create_browser_sync | 11 | 0x100075d0 |
| cef_browser_view_create | 12 | 0x10007820 |
| cef_browser_view_get_for_browser | 13 | 0x10007a10 |
| cef_build_revision | 14 | 0x10007b80 |
| cef_clear_cross_origin_whitelist | 15 | 0x10007d40 |
| cef_clear_scheme_handler_factories | 16 | 0x10007ec0 |
| cef_command_line_create | 17 | 0x10008010 |
| cef_command_line_get_global | 18 | 0x10008150 |
| cef_cookie_manager_create_manager | 19 | 0x10008280 |
| cef_cookie_manager_get_blocking_manager | 20 | 0x10008420 |
| cef_cookie_manager_get_global_manager | 21 | 0x10008540 |
| cef_crash_reporting_enabled | 22 | 0x100086c0 |
| cef_create_context_shared | 23 | 0x10008820 |
| cef_create_directory | 24 | 0x10008970 |
| cef_create_new_temp_directory | 25 | 0x10008b50 |
| cef_create_temp_directory_in_directory | 26 | 0x10008cd0 |
| cef_create_url | 27 | 0x10008d70 |
| cef_currently_on | 28 | 0x10008fb0 |
| cef_delete_file | 29 | 0x100090e0 |
| cef_dictionary_value_create | 30 | 0x10009220 |
| cef_directory_exists | 31 | 0x10009360 |
| cef_display_get_alls | 32 | 0x100095a0 |
| cef_display_get_count | 33 | 0x10009730 |
| cef_display_get_matching_bounds | 34 | 0x10009900 |
| cef_display_get_nearest_point | 35 | 0x10009a50 |
| cef_display_get_primary | 36 | 0x10009c00 |
| cef_do_message_loop_work | 37 | 0x10009d70 |
| cef_drag_data_create | 38 | 0x10009f90 |
| cef_enable_highdpi_support | 39 | 0x1000a180 |
| cef_end_tracing | 40 | 0x1000a330 |
| cef_execute_java_script_with_user_gesture_for_tests | 41 | 0x1000a4d0 |
| cef_execute_process | 42 | 0x1000a670 |
| cef_force_web_plugin_shutdown | 43 | 0x1000a800 |
| cef_format_url_for_security_display | 44 | 0x1000a980 |
| cef_get_current_platform_thread_id | 45 | 0x1000ab80 |
| cef_get_extensions_for_mime_type | 46 | 0x1000ace0 |
| cef_get_geolocation | 47 | 0x1000aec0 |
| cef_get_mime_type | 48 | 0x1000b000 |
| cef_get_min_log_level | 49 | 0x1000b220 |
| cef_get_path | 50 | 0x1000b360 |
| cef_get_temp_directory | 51 | 0x1000b580 |
| cef_image_create | 52 | 0x1000b710 |
| cef_initialize | 53 | 0x1000b880 |
| cef_is_cert_status_error | 54 | 0x1000ba00 |
| cef_is_cert_status_minor_error | 55 | 0x1000bc10 |
| cef_is_web_plugin_unstable | 56 | 0x1000bdc0 |
| cef_label_button_create | 57 | 0x1000bf70 |
| cef_launch_process | 58 | 0x1000c0b0 |
| cef_list_value_create | 59 | 0x1000c180 |
| cef_load_crlsets_file | 60 | 0x1000c2c0 |
| cef_log | 61 | 0x1000c4f0 |
| cef_menu_button_create | 62 | 0x1000c670 |
| cef_menu_model_create | 63 | 0x1000c7d0 |
| cef_now_from_system_trace_time | 64 | 0x1000c9d0 |
| cef_panel_create | 65 | 0x1000ca90 |
| cef_parse_csscolor | 66 | 0x1000cc60 |
| cef_parse_json | 67 | 0x1000cf00 |
| cef_parse_jsonand_return_error | 68 | 0x1000d050 |
| cef_parse_url | 69 | 0x1000d1e0 |
| cef_post_data_create | 70 | 0x1000d3b0 |
| cef_post_data_element_create | 71 | 0x1000d5a0 |
| cef_post_delayed_task | 72 | 0x1000d740 |
| cef_post_task | 73 | 0x1000d830 |
| cef_print_settings_create | 74 | 0x1000d910 |
| cef_process_message_create | 75 | 0x1000dab0 |
| cef_quit_message_loop | 76 | 0x1000dc40 |
| cef_refresh_web_plugins | 77 | 0x1000dde0 |
| cef_register_extension | 78 | 0x1000def0 |
| cef_register_scheme_handler_factory | 79 | 0x1000e000 |
| cef_register_web_plugin_crash | 80 | 0x1000e130 |
| cef_register_widevine_cdm | 81 | 0x1000e2d0 |
| cef_remove_cross_origin_whitelist_entry | 82 | 0x1000e4b0 |
| cef_remove_web_plugin_path | 83 | 0x1000e650 |
| cef_request_context_create_context | 84 | 0x1000e860 |
| cef_request_context_get_global_context | 85 | 0x1000e9b0 |
| cef_request_create | 86 | 0x1000eb90 |
| cef_response_create | 87 | 0x1000ed10 |
| cef_run_message_loop | 88 | 0x1000eed0 |
| cef_scroll_view_create | 89 | 0x1000efe0 |
| cef_server_create | 90 | 0x1000f140 |
| cef_set_crash_key_value | 91 | 0x1000f2d0 |
| cef_set_osmodal_loop | 92 | 0x1000f440 |
| cef_shutdown | 93 | 0x1000f570 |
| cef_stream_reader_create_for_data | 94 | 0x1000f6b0 |
| cef_stream_reader_create_for_file | 95 | 0x1000f860 |
| cef_stream_reader_create_for_handler | 96 | 0x1000f9c0 |
| cef_stream_writer_create_for_file | 97 | 0x1000fb10 |
| cef_stream_writer_create_for_handler | 98 | 0x1000fd40 |
| cef_string_ascii_to_utf16 | 99 | 0x1000fe10 |
| cef_string_list_alloc | 100 | 0x1000ff80 |
| cef_string_list_append | 101 | 0x100100c0 |
| cef_string_list_copy | 102 | 0x10010210 |
| cef_string_list_free | 103 | 0x10010300 |
| cef_string_list_size | 104 | 0x100104c0 |
| cef_string_list_value | 105 | 0x10010610 |
| cef_string_map_alloc | 106 | 0x10010780 |
| cef_string_map_append | 107 | 0x10010870 |
| cef_string_map_free | 108 | 0x10010a40 |
| cef_string_map_key | 109 | 0x10010b20 |
| cef_string_map_size | 110 | 0x10010c90 |
| cef_string_map_value | 111 | 0x10010e30 |
| cef_string_multimap_alloc | 112 | 0x10010f10 |
| cef_string_multimap_append | 113 | 0x10011100 |
| cef_string_multimap_free | 114 | 0x100112a0 |
| cef_string_multimap_key | 115 | 0x10011460 |
| cef_string_multimap_size | 116 | 0x10011690 |
| cef_string_multimap_value | 117 | 0x10011840 |
| cef_string_userfree_utf16_free | 118 | 0x100119b0 |
| cef_string_utf16_clear | 119 | 0x10011af0 |
| cef_string_utf16_cmp | 120 | 0x10011be0 |
| cef_string_utf16_set | 121 | 0x10011d40 |
| cef_string_utf16_to_lower | 122 | 0x10011f10 |
| cef_string_utf16_to_utf8 | 123 | 0x10012070 |
| cef_string_utf8_clear | 124 | 0x10012230 |
| cef_string_utf8_to_utf16 | 125 | 0x100123a0 |
| cef_string_wide_set | 126 | 0x10012560 |
| cef_string_wide_to_utf8 | 127 | 0x100126c0 |
| cef_task_runner_get_for_current_thread | 128 | 0x10012920 |
| cef_task_runner_get_for_thread | 129 | 0x10012ad0 |
| cef_textfield_create | 130 | 0x10012c90 |
| cef_time_delta | 131 | 0x10012db0 |
| cef_time_now | 132 | 0x10012f10 |
| cef_time_to_timet | 133 | 0x10013040 |
| cef_unregister_internal_web_plugin | 134 | 0x100131f0 |
| cef_uridecode | 135 | 0x10013380 |
| cef_uriencode | 136 | 0x10013470 |
| cef_urlrequest_create | 137 | 0x10013610 |
| cef_v8context_get_current_context | 138 | 0x100137b0 |
| cef_v8context_get_entered_context | 139 | 0x100138f0 |
| cef_v8context_in_context | 140 | 0x10013ad0 |
| cef_v8stack_trace_get_current | 141 | 0x10013c50 |
| cef_v8value_create_array | 142 | 0x10013d50 |
| cef_v8value_create_array_buffer | 143 | 0x10013f50 |
| cef_v8value_create_bool | 144 | 0x100140a0 |
| cef_v8value_create_date | 145 | 0x10014230 |
| cef_v8value_create_double | 146 | 0x100143d0 |
| cef_v8value_create_function | 147 | 0x10014530 |
| cef_v8value_create_int | 148 | 0x100146b0 |
| cef_v8value_create_null | 149 | 0x100147d0 |
| cef_v8value_create_object | 150 | 0x10014950 |
| cef_v8value_create_string | 151 | 0x10014b60 |
| cef_v8value_create_uint | 152 | 0x10014cc0 |
| cef_v8value_create_undefined | 153 | 0x10014e20 |
| cef_value_create | 154 | 0x10014fb0 |
| cef_visit_web_plugin_info | 155 | 0x10015120 |
| cef_window_create_top_level | 156 | 0x100152e0 |
| cef_write_json | 157 | 0x10015430 |
| cef_zip_directory | 158 | 0x10015600 |
| cef_zip_reader_create | 159 | 0x100157b0 |
| create_context_shared | 160 | 0x10015970 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Chinese | China |  |
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 19, 2024 08:09:53.040038109 CET | 49757 | 1111 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:09:53.041610956 CET | 49759 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:09:53.159595966 CET | 1111 | 49757 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:09:53.159729004 CET | 49757 | 1111 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:09:53.159990072 CET | 49757 | 1111 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:09:53.161051035 CET | 2222 | 49759 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:09:53.161134005 CET | 49759 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:09:53.161248922 CET | 49759 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:09:53.279448032 CET | 1111 | 49757 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:09:53.279514074 CET | 49757 | 1111 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:09:53.280646086 CET | 2222 | 49759 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:09:53.280699015 CET | 49759 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:09:53.399012089 CET | 1111 | 49757 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:09:53.400193930 CET | 2222 | 49759 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:09:56.574246883 CET | 2222 | 49759 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:09:56.574301958 CET | 49759 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:09:56.576122046 CET | 49759 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:09:56.696073055 CET | 2222 | 49759 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:09:58.730422974 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:09:58.764851093 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:09:58.849984884 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:09:58.850102901 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:09:58.884362936 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:09:58.884438038 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:09:58.925787926 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:09:58.950890064 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:09:59.045326948 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:09:59.070390940 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:00.119376898 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:00.120404959 CET | 49778 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:00.162676096 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:00.163703918 CET | 49757 | 1111 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:00.224189043 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:00.224328995 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:00.240145922 CET | 2222 | 49778 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:00.240415096 CET | 49778 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:00.240415096 CET | 49778 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:00.283246040 CET | 1111 | 49757 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:00.284081936 CET | 49757 | 1111 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:00.359981060 CET | 2222 | 49778 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:00.360236883 CET | 49778 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:00.403527021 CET | 1111 | 49757 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:00.482999086 CET | 2222 | 49778 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:01.048355103 CET | 1111 | 49757 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:01.184334993 CET | 49757 | 1111 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:02.359489918 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:02.479001999 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:02.856461048 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:02.860909939 CET | 49778 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:02.916848898 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:02.980382919 CET | 2222 | 49778 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:02.980463028 CET | 49778 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:03.100188971 CET | 2222 | 49778 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:03.653760910 CET | 2222 | 49778 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:03.655613899 CET | 49778 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:03.662765026 CET | 49778 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:03.662772894 CET | 49785 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:03.782335997 CET | 2222 | 49778 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:03.782368898 CET | 2222 | 49785 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:03.785448074 CET | 49785 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:03.785448074 CET | 49785 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:03.904963017 CET | 2222 | 49785 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:03.905101061 CET | 49785 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:04.027036905 CET | 2222 | 49785 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:04.722996950 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:04.842470884 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:05.227884054 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:05.228843927 CET | 49785 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:05.293550968 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:05.348354101 CET | 2222 | 49785 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:05.348426104 CET | 49785 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:05.467915058 CET | 2222 | 49785 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:07.199196100 CET | 2222 | 49785 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:07.199259043 CET | 49785 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:07.199357033 CET | 49785 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:07.199640989 CET | 49795 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:07.319051981 CET | 2222 | 49785 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:07.319320917 CET | 2222 | 49795 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:07.319396973 CET | 49795 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:07.319638014 CET | 49795 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:07.439033031 CET | 2222 | 49795 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:07.439138889 CET | 49795 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:07.558716059 CET | 2222 | 49795 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:07.728404999 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:07.847937107 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:08.214782953 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:08.215475082 CET | 49795 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:08.262315989 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:08.335062981 CET | 2222 | 49795 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:08.336256027 CET | 49795 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:08.455812931 CET | 2222 | 49795 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:10.733333111 CET | 2222 | 49795 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:10.735023022 CET | 49795 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:10.736581087 CET | 49795 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:10.741904020 CET | 49806 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:10.856229067 CET | 2222 | 49795 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:10.861440897 CET | 2222 | 49806 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:10.861835957 CET | 49806 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:10.861836910 CET | 49806 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:11.005563021 CET | 2222 | 49806 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:11.005686045 CET | 49806 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:11.245191097 CET | 2222 | 49806 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:11.522144079 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:11.641583920 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:12.013550997 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:12.014154911 CET | 49806 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:12.059186935 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:12.133620977 CET | 2222 | 49806 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:12.133672953 CET | 49806 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:12.254740953 CET | 2222 | 49806 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:14.267973900 CET | 2222 | 49806 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:14.268074989 CET | 49806 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:14.268183947 CET | 49806 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:14.268457890 CET | 49814 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:14.387609959 CET | 2222 | 49806 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:14.387932062 CET | 2222 | 49814 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:14.388184071 CET | 49814 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:14.388489008 CET | 49814 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:14.507901907 CET | 2222 | 49814 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:14.508024931 CET | 49814 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:14.627448082 CET | 2222 | 49814 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:14.861768961 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:14.981295109 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:15.368319988 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:15.368899107 CET | 49814 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:15.418582916 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:15.488439083 CET | 2222 | 49814 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:15.488529921 CET | 49814 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:15.608000994 CET | 2222 | 49814 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:17.816397905 CET | 2222 | 49814 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:17.816468954 CET | 49814 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:17.816561937 CET | 49814 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:17.817006111 CET | 49824 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:17.936094046 CET | 2222 | 49814 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:17.936595917 CET | 2222 | 49824 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:17.936686039 CET | 49824 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:17.942085028 CET | 49824 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:18.061566114 CET | 2222 | 49824 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:18.061630964 CET | 49824 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:18.182688951 CET | 2222 | 49824 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:18.480043888 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:18.599584103 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:18.985959053 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:18.995462894 CET | 49824 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:19.043581963 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:19.115008116 CET | 2222 | 49824 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:19.115077019 CET | 49824 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:19.236129999 CET | 2222 | 49824 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:21.367664099 CET | 2222 | 49824 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:21.367741108 CET | 49824 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:21.367839098 CET | 49824 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:21.371335983 CET | 49835 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:21.487407923 CET | 2222 | 49824 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:21.490823984 CET | 2222 | 49835 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:21.490897894 CET | 49835 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:21.491101027 CET | 49835 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:21.610589981 CET | 2222 | 49835 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:21.610860109 CET | 49835 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:21.730371952 CET | 2222 | 49835 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:21.853686094 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:21.973156929 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:22.348196983 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:22.349162102 CET | 49835 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:22.403003931 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:22.468801022 CET | 2222 | 49835 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:22.468862057 CET | 49835 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:22.589023113 CET | 2222 | 49835 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:24.929610014 CET | 2222 | 49835 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:24.929809093 CET | 49835 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:24.929809093 CET | 49835 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:24.930171013 CET | 49841 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:25.049420118 CET | 2222 | 49835 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:25.049631119 CET | 2222 | 49841 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:25.049849987 CET | 49841 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:25.050076008 CET | 49841 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:25.170496941 CET | 2222 | 49841 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:25.170577049 CET | 49841 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:25.289983988 CET | 2222 | 49841 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:25.493524075 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:25.612925053 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:26.000999928 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:26.001773119 CET | 49841 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:26.043643951 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:26.121608019 CET | 2222 | 49841 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:26.121929884 CET | 49841 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:26.241584063 CET | 2222 | 49841 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:28.456003904 CET | 2222 | 49841 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:28.456123114 CET | 49841 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:28.456252098 CET | 49841 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:28.456501961 CET | 49852 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:28.575999022 CET | 2222 | 49841 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:28.576114893 CET | 2222 | 49852 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:28.576201916 CET | 49852 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:28.576436996 CET | 49852 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:28.696393967 CET | 2222 | 49852 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:28.696479082 CET | 49852 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:28.816381931 CET | 2222 | 49852 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:28.999010086 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:29.118685961 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:29.502334118 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:29.502907038 CET | 49852 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:29.543657064 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:29.622358084 CET | 2222 | 49852 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:29.622450113 CET | 49852 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:29.741955042 CET | 2222 | 49852 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:31.985094070 CET | 2222 | 49852 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:31.985186100 CET | 49852 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:31.985268116 CET | 49852 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:31.985630035 CET | 49859 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:32.104919910 CET | 2222 | 49852 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:32.105290890 CET | 2222 | 49859 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:32.105386019 CET | 49859 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:32.105658054 CET | 49859 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:32.225074053 CET | 2222 | 49859 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:32.227087975 CET | 49859 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:32.346621037 CET | 2222 | 49859 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:32.524966955 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:32.644449949 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:33.032080889 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:33.032629013 CET | 49859 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:33.074892044 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:33.152245045 CET | 2222 | 49859 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:33.152401924 CET | 49859 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:33.271876097 CET | 2222 | 49859 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:35.521199942 CET | 2222 | 49859 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:35.525130987 CET | 49859 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:35.525232077 CET | 49859 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:35.525501966 CET | 49869 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:35.644629002 CET | 2222 | 49859 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:35.644953012 CET | 2222 | 49869 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:35.645176888 CET | 49869 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:35.645282030 CET | 49869 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:35.764802933 CET | 2222 | 49869 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:35.764955997 CET | 49869 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:35.884427071 CET | 2222 | 49869 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:36.087780952 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:36.207199097 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:36.583295107 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:36.583870888 CET | 49869 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:36.637502909 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:36.703324080 CET | 2222 | 49869 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:36.703427076 CET | 49869 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:36.823483944 CET | 2222 | 49869 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:39.072808027 CET | 2222 | 49869 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:39.073004961 CET | 49869 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:39.073065996 CET | 49869 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:39.073363066 CET | 49880 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:39.192550898 CET | 2222 | 49869 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:39.192841053 CET | 2222 | 49880 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:39.192950010 CET | 49880 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:39.193444014 CET | 49880 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:39.312865019 CET | 2222 | 49880 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:39.312933922 CET | 49880 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:39.432524920 CET | 2222 | 49880 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:39.533737898 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:39.653289080 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:40.027842999 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:40.028697014 CET | 49880 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:40.074940920 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:40.148118019 CET | 2222 | 49880 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:40.148194075 CET | 49880 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:40.267687082 CET | 2222 | 49880 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:42.597363949 CET | 2222 | 49880 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:42.597449064 CET | 49880 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:42.602727890 CET | 49880 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:42.606806993 CET | 49886 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:42.722265959 CET | 2222 | 49880 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:42.726296902 CET | 2222 | 49886 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:42.726389885 CET | 49886 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:42.728312016 CET | 49886 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:42.847817898 CET | 2222 | 49886 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:42.847882986 CET | 49886 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:42.967434883 CET | 2222 | 49886 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:43.119726896 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:43.239274979 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:43.613964081 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:43.614563942 CET | 49886 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:43.668770075 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:43.734020948 CET | 2222 | 49886 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:43.734169960 CET | 49886 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:43.853755951 CET | 2222 | 49886 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:46.149447918 CET | 2222 | 49886 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:46.149553061 CET | 49886 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:46.149610996 CET | 49886 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:46.149857998 CET | 49897 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:46.269213915 CET | 2222 | 49886 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:46.269409895 CET | 2222 | 49897 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:46.269479036 CET | 49897 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:46.269743919 CET | 49897 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:46.389189005 CET | 2222 | 49897 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:46.389277935 CET | 49897 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:46.508826971 CET | 2222 | 49897 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:46.762511969 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:46.882054090 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:47.254827023 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:47.257569075 CET | 49897 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:47.309412003 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:47.377104044 CET | 2222 | 49897 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:47.381242990 CET | 49897 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:47.500883102 CET | 2222 | 49897 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:49.675523043 CET | 2222 | 49897 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:49.675700903 CET | 49897 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:49.675815105 CET | 49897 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:49.676256895 CET | 49908 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:49.795537949 CET | 2222 | 49897 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:49.795876980 CET | 2222 | 49908 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:49.795990944 CET | 49908 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:49.796238899 CET | 49908 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:49.916779995 CET | 2222 | 49908 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:49.916840076 CET | 49908 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:50.036823034 CET | 2222 | 49908 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:50.198714972 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:50.318803072 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:50.702821016 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:50.703408003 CET | 49908 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:50.746840954 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:50.822779894 CET | 2222 | 49908 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:50.822870970 CET | 49908 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:50.942673922 CET | 2222 | 49908 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:53.199153900 CET | 2222 | 49908 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:53.199285984 CET | 49908 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:53.199373960 CET | 49908 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:53.199661970 CET | 49914 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:53.319237947 CET | 2222 | 49908 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:53.319427967 CET | 2222 | 49914 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:53.319504976 CET | 49914 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:53.319703102 CET | 49914 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:53.440119982 CET | 2222 | 49914 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:53.440201998 CET | 49914 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:53.559932947 CET | 2222 | 49914 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:53.686009884 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:53.805591106 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:54.194869995 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:54.195355892 CET | 49914 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:54.246901989 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:54.314940929 CET | 2222 | 49914 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:54.315020084 CET | 49914 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:54.434499025 CET | 2222 | 49914 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:56.738209963 CET | 2222 | 49914 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:56.738298893 CET | 49914 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:56.738389015 CET | 49914 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:56.738801956 CET | 49925 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:56.857914925 CET | 2222 | 49914 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:56.858308077 CET | 2222 | 49925 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:56.858534098 CET | 49925 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:56.858819962 CET | 49925 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:56.978411913 CET | 2222 | 49925 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:56.978487968 CET | 49925 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:10:57.098202944 CET | 2222 | 49925 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:10:57.243702888 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:57.294521093 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:57.363208055 CET | 80 | 49771 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:10:57.363322020 CET | 49771 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:10:58.870009899 CET | 49931 | 80 | 192.168.2.5 | 122.226.191.212 |
| Dec 19, 2024 08:10:58.991516113 CET | 80 | 49931 | 122.226.191.212 | 192.168.2.5 |
| Dec 19, 2024 08:10:58.991645098 CET | 49931 | 80 | 192.168.2.5 | 122.226.191.212 |
| Dec 19, 2024 08:10:58.993473053 CET | 49931 | 80 | 192.168.2.5 | 122.226.191.212 |
| Dec 19, 2024 08:10:59.113164902 CET | 80 | 49931 | 122.226.191.212 | 192.168.2.5 |
| Dec 19, 2024 08:11:00.271002054 CET | 2222 | 49925 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:00.271151066 CET | 49925 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:00.271238089 CET | 49925 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:00.390948057 CET | 2222 | 49925 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:00.529135942 CET | 80 | 49931 | 122.226.191.212 | 192.168.2.5 |
| Dec 19, 2024 08:11:00.529932022 CET | 49937 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:00.575031042 CET | 49931 | 80 | 192.168.2.5 | 122.226.191.212 |
| Dec 19, 2024 08:11:00.649509907 CET | 2222 | 49937 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:00.649672985 CET | 49937 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:00.649981976 CET | 49937 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:00.769561052 CET | 2222 | 49937 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:00.769701004 CET | 49937 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:00.889385939 CET | 2222 | 49937 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:01.049078941 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:01.059457064 CET | 49757 | 1111 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:01.170470953 CET | 80 | 49772 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:01.180047035 CET | 1111 | 49757 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:01.293854952 CET | 49772 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:01.294843912 CET | 49931 | 80 | 192.168.2.5 | 122.226.191.212 |
| Dec 19, 2024 08:11:01.414267063 CET | 80 | 49931 | 122.226.191.212 | 192.168.2.5 |
| Dec 19, 2024 08:11:01.637809038 CET | 49757 | 1111 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:01.757635117 CET | 1111 | 49757 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:01.757777929 CET | 49757 | 1111 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:01.848136902 CET | 80 | 49931 | 122.226.191.212 | 192.168.2.5 |
| Dec 19, 2024 08:11:01.848700047 CET | 49937 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:01.877767086 CET | 1111 | 49757 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:01.903160095 CET | 49931 | 80 | 192.168.2.5 | 122.226.191.212 |
| Dec 19, 2024 08:11:01.968770027 CET | 2222 | 49937 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:01.968838930 CET | 49937 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:02.088602066 CET | 2222 | 49937 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:04.073216915 CET | 2222 | 49937 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:04.073364019 CET | 49937 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:04.073462009 CET | 49937 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:04.073981047 CET | 49943 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:04.192871094 CET | 2222 | 49937 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:04.193522930 CET | 2222 | 49943 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:04.193609953 CET | 49943 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:04.193972111 CET | 49943 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:04.313523054 CET | 2222 | 49943 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:04.313596010 CET | 49943 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:04.433152914 CET | 2222 | 49943 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:04.640177965 CET | 49947 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:04.759821892 CET | 80 | 49947 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:04.760093927 CET | 49947 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:04.760202885 CET | 49947 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:04.879646063 CET | 80 | 49947 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:05.294507027 CET | 49947 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:05.299588919 CET | 49931 | 80 | 192.168.2.5 | 122.226.191.212 |
| Dec 19, 2024 08:11:05.420042992 CET | 80 | 49931 | 122.226.191.212 | 192.168.2.5 |
| Dec 19, 2024 08:11:05.852078915 CET | 80 | 49931 | 122.226.191.212 | 192.168.2.5 |
| Dec 19, 2024 08:11:05.852514982 CET | 49943 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:05.903162003 CET | 49931 | 80 | 192.168.2.5 | 122.226.191.212 |
| Dec 19, 2024 08:11:05.972079992 CET | 2222 | 49943 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:05.972134113 CET | 49943 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:06.091629028 CET | 2222 | 49943 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:07.590677977 CET | 2222 | 49943 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:07.590800047 CET | 49943 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:07.590881109 CET | 49943 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:07.591187954 CET | 49955 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:07.710472107 CET | 2222 | 49943 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:07.710695982 CET | 2222 | 49955 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:07.710767984 CET | 49955 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:07.711002111 CET | 49955 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:07.830418110 CET | 2222 | 49955 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:07.830472946 CET | 49955 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:07.949959040 CET | 2222 | 49955 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:08.075663090 CET | 49956 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:08.373857975 CET | 80 | 49956 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:08.373954058 CET | 49956 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:08.374138117 CET | 49956 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:08.493588924 CET | 80 | 49956 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:09.293996096 CET | 49956 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:09.295010090 CET | 49931 | 80 | 192.168.2.5 | 122.226.191.212 |
| Dec 19, 2024 08:11:09.414994955 CET | 80 | 49931 | 122.226.191.212 | 192.168.2.5 |
| Dec 19, 2024 08:11:09.848345041 CET | 80 | 49931 | 122.226.191.212 | 192.168.2.5 |
| Dec 19, 2024 08:11:09.848997116 CET | 49955 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:09.903275013 CET | 49931 | 80 | 192.168.2.5 | 122.226.191.212 |
| Dec 19, 2024 08:11:09.968702078 CET | 2222 | 49955 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:09.968791008 CET | 49955 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:10.088670015 CET | 2222 | 49955 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:11.130742073 CET | 2222 | 49955 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:11.130855083 CET | 49955 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:11.130958080 CET | 49955 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:11.131242037 CET | 49963 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:11.250478983 CET | 2222 | 49955 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:11.250690937 CET | 2222 | 49963 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:11.250762939 CET | 49963 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:11.250961065 CET | 49963 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:11.370820999 CET | 2222 | 49963 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:11.370922089 CET | 49963 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:11.490437031 CET | 2222 | 49963 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:11.611821890 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:11.731334925 CET | 80 | 49966 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:11.731456995 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:11.731646061 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:11.851891994 CET | 80 | 49966 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:12.989423037 CET | 80 | 49966 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:12.989839077 CET | 49963 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:13.043768883 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:13.109941006 CET | 2222 | 49963 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:13.110073090 CET | 49963 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:13.229685068 CET | 2222 | 49963 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:14.651066065 CET | 2222 | 49963 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:14.651191950 CET | 49963 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:14.651279926 CET | 49963 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:14.651607037 CET | 49972 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:14.770862103 CET | 2222 | 49963 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:14.771179914 CET | 2222 | 49972 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:14.771245956 CET | 49972 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:14.771437883 CET | 49972 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:14.890904903 CET | 2222 | 49972 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:14.890966892 CET | 49972 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:14.948231936 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:15.010432005 CET | 2222 | 49972 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:15.067723989 CET | 80 | 49966 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:15.454953909 CET | 80 | 49966 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:15.455472946 CET | 49972 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:15.496920109 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:15.575043917 CET | 2222 | 49972 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:15.575130939 CET | 49972 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:15.694719076 CET | 2222 | 49972 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:18.174243927 CET | 2222 | 49972 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:18.174367905 CET | 49972 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:18.174446106 CET | 49972 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:18.174770117 CET | 49983 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:18.293926954 CET | 2222 | 49972 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:18.294204950 CET | 2222 | 49983 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:18.294306993 CET | 49983 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:18.294523954 CET | 49983 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:18.413944960 CET | 2222 | 49983 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:18.414083004 CET | 49983 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:18.533649921 CET | 2222 | 49983 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:18.569248915 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:18.688747883 CET | 80 | 49966 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:19.078119993 CET | 80 | 49966 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:19.078660965 CET | 49983 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:19.121973038 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:19.198196888 CET | 2222 | 49983 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:19.198307037 CET | 49983 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:19.317814112 CET | 2222 | 49983 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:21.700474024 CET | 2222 | 49983 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:21.700573921 CET | 49983 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:21.700674057 CET | 49983 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:21.700942039 CET | 49991 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:21.821882010 CET | 2222 | 49983 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:21.821898937 CET | 2222 | 49991 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:21.822017908 CET | 49991 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:21.822205067 CET | 49991 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:21.941601992 CET | 2222 | 49991 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:21.941725969 CET | 49991 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:22.017446995 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:22.061172009 CET | 2222 | 49991 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:22.136977911 CET | 80 | 49966 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:22.511931896 CET | 80 | 49966 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:22.512408018 CET | 49991 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:22.559484005 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:22.631995916 CET | 2222 | 49991 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:22.632110119 CET | 49991 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:22.752451897 CET | 2222 | 49991 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:25.240164042 CET | 2222 | 49991 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:25.240281105 CET | 49991 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:25.240360975 CET | 49991 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:25.240659952 CET | 50000 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:25.359816074 CET | 2222 | 49991 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:25.360124111 CET | 2222 | 50000 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:25.360203028 CET | 50000 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:25.360382080 CET | 50000 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:25.479911089 CET | 2222 | 50000 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:25.480010033 CET | 50000 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:25.599742889 CET | 2222 | 50000 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:25.619628906 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:25.739156008 CET | 80 | 49966 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:26.113868952 CET | 80 | 49966 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:26.114455938 CET | 50000 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:26.168853045 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:26.245129108 CET | 2222 | 50000 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:26.245249033 CET | 50000 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:26.364716053 CET | 2222 | 50000 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:28.799896002 CET | 2222 | 50000 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:28.799952984 CET | 50000 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:28.800031900 CET | 50000 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:28.800450087 CET | 50009 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:28.919536114 CET | 2222 | 50000 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:28.919900894 CET | 2222 | 50009 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:28.920069933 CET | 50009 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:28.920294046 CET | 50009 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:29.039829969 CET | 2222 | 50009 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:29.040138006 CET | 50009 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:29.094314098 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:29.159760952 CET | 2222 | 50009 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:29.213824987 CET | 80 | 49966 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:29.293955088 CET | 49966 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:29.294819117 CET | 49931 | 80 | 192.168.2.5 | 122.226.191.212 |
| Dec 19, 2024 08:11:29.414347887 CET | 80 | 49931 | 122.226.191.212 | 192.168.2.5 |
| Dec 19, 2024 08:11:29.889605999 CET | 80 | 49931 | 122.226.191.212 | 192.168.2.5 |
| Dec 19, 2024 08:11:29.890206099 CET | 50009 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:29.934578896 CET | 49931 | 80 | 192.168.2.5 | 122.226.191.212 |
| Dec 19, 2024 08:11:30.009738922 CET | 2222 | 50009 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:30.009819031 CET | 50009 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:30.129323006 CET | 2222 | 50009 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:32.351871967 CET | 2222 | 50009 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:32.351977110 CET | 50009 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:32.352024078 CET | 50009 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:32.352281094 CET | 50010 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:32.471520901 CET | 2222 | 50009 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:32.471772909 CET | 2222 | 50010 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:32.471868992 CET | 50010 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:32.472019911 CET | 50010 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:32.591393948 CET | 2222 | 50010 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:32.591495037 CET | 50010 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:32.643043041 CET | 50011 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:32.710980892 CET | 2222 | 50010 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:32.762587070 CET | 80 | 50011 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:32.762676001 CET | 50011 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:32.762868881 CET | 50011 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:32.882307053 CET | 80 | 50011 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:34.062380075 CET | 80 | 50011 | 104.21.42.47 | 192.168.2.5 |
| Dec 19, 2024 08:11:34.106364012 CET | 50011 | 80 | 192.168.2.5 | 104.21.42.47 |
| Dec 19, 2024 08:11:35.510400057 CET | 50010 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:35.630042076 CET | 2222 | 50010 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:35.630166054 CET | 50010 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:35.749665976 CET | 2222 | 50010 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:35.885374069 CET | 2222 | 50010 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:35.885526896 CET | 50010 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:36.041171074 CET | 50010 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:36.041469097 CET | 50012 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:36.161607027 CET | 2222 | 50010 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:36.161922932 CET | 2222 | 50012 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:36.162028074 CET | 50012 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:36.162158012 CET | 50012 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:36.281620026 CET | 2222 | 50012 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:36.281733036 CET | 50012 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:36.401328087 CET | 2222 | 50012 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:39.583111048 CET | 2222 | 50012 | 206.238.77.142 | 192.168.2.5 |
| Dec 19, 2024 08:11:39.583251953 CET | 50012 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:39.583303928 CET | 50012 | 2222 | 192.168.2.5 | 206.238.77.142 |
| Dec 19, 2024 08:11:39.702749968 CET | 2222 | 50012 | 206.238.77.142 | 192.168.2.5 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 19, 2024 08:09:58.196500063 CET | 54576 | 53 | 192.168.2.5 | 1.1.1.1 |
| Dec 19, 2024 08:09:58.674978018 CET | 53 | 54576 | 1.1.1.1 | 192.168.2.5 |
| Dec 19, 2024 08:10:57.296947956 CET | 59557 | 53 | 192.168.2.5 | 1.1.1.1 |
| Dec 19, 2024 08:10:58.310949087 CET | 59557 | 53 | 192.168.2.5 | 1.1.1.1 |
| Dec 19, 2024 08:10:58.869010925 CET | 53 | 59557 | 1.1.1.1 | 192.168.2.5 |
| Dec 19, 2024 08:10:58.869055033 CET | 53 | 59557 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 19, 2024 08:09:58.196500063 CET | 192.168.2.5 | 1.1.1.1 | 0xfa93 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 19, 2024 08:10:57.296947956 CET | 192.168.2.5 | 1.1.1.1 | 0x8fc5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 19, 2024 08:10:58.310949087 CET | 192.168.2.5 | 1.1.1.1 | 0x8fc5 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 19, 2024 08:09:58.674978018 CET | 1.1.1.1 | 192.168.2.5 | 0xfa93 | No error (0) | 4.tcpdump.cn | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 19, 2024 08:09:58.674978018 CET | 1.1.1.1 | 192.168.2.5 | 0xfa93 | No error (0) | 104.21.42.47 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 08:09:58.674978018 CET | 1.1.1.1 | 192.168.2.5 | 0xfa93 | No error (0) | 172.67.156.54 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 08:10:58.869010925 CET | 1.1.1.1 | 192.168.2.5 | 0x8fc5 | No error (0) | 286f37a9.ifconfig.cc.cname.hcnamedns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 19, 2024 08:10:58.869010925 CET | 1.1.1.1 | 192.168.2.5 | 0x8fc5 | No error (0) | 122.226.191.212 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 08:10:58.869010925 CET | 1.1.1.1 | 192.168.2.5 | 0x8fc5 | No error (0) | 183.134.17.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 08:10:58.869010925 CET | 1.1.1.1 | 192.168.2.5 | 0x8fc5 | No error (0) | 183.134.17.27 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 08:10:58.869055033 CET | 1.1.1.1 | 192.168.2.5 | 0x8fc5 | No error (0) | 286f37a9.ifconfig.cc.cname.hcnamedns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 19, 2024 08:10:58.869055033 CET | 1.1.1.1 | 192.168.2.5 | 0x8fc5 | No error (0) | 122.226.191.212 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 08:10:58.869055033 CET | 1.1.1.1 | 192.168.2.5 | 0x8fc5 | No error (0) | 183.134.17.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 08:10:58.869055033 CET | 1.1.1.1 | 192.168.2.5 | 0x8fc5 | No error (0) | 183.134.17.27 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49771 | 104.21.42.47 | 80 | 1784 | C:\Windows\SysWOW64\rundll32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 08:09:58.925787926 CET | 83 | OUT | |
| Dec 19, 2024 08:10:00.119376898 CET | 867 | IN | |
| Dec 19, 2024 08:10:02.359489918 CET | 83 | OUT | |
| Dec 19, 2024 08:10:02.856461048 CET | 870 | IN | |
| Dec 19, 2024 08:10:07.728404999 CET | 83 | OUT | |
| Dec 19, 2024 08:10:08.214782953 CET | 876 | IN | |
| Dec 19, 2024 08:10:14.861768961 CET | 83 | OUT | |
| Dec 19, 2024 08:10:15.368319988 CET | 878 | IN | |
| Dec 19, 2024 08:10:21.853686094 CET | 83 | OUT | |
| Dec 19, 2024 08:10:22.348196983 CET | 875 | IN | |
| Dec 19, 2024 08:10:28.999010086 CET | 83 | OUT | |
| Dec 19, 2024 08:10:29.502334118 CET | 878 | IN | |
| Dec 19, 2024 08:10:36.087780952 CET | 83 | OUT | |
| Dec 19, 2024 08:10:36.583295107 CET | 870 | IN | |
| Dec 19, 2024 08:10:43.119726896 CET | 83 | OUT | |
| Dec 19, 2024 08:10:43.613964081 CET | 876 | IN | |
| Dec 19, 2024 08:10:50.198714972 CET | 83 | OUT | |
| Dec 19, 2024 08:10:50.702821016 CET | 880 | IN | |
| Dec 19, 2024 08:10:57.243702888 CET | 83 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49772 | 104.21.42.47 | 80 | 1784 | C:\Windows\SysWOW64\rundll32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 08:09:58.950890064 CET | 83 | OUT | |
| Dec 19, 2024 08:10:00.162676096 CET | 870 | IN | |
| Dec 19, 2024 08:10:04.722996950 CET | 83 | OUT | |
| Dec 19, 2024 08:10:05.227884054 CET | 871 | IN | |
| Dec 19, 2024 08:10:11.522144079 CET | 83 | OUT | |
| Dec 19, 2024 08:10:12.013550997 CET | 869 | IN | |
| Dec 19, 2024 08:10:18.480043888 CET | 83 | OUT | |
| Dec 19, 2024 08:10:18.985959053 CET | 877 | IN | |
| Dec 19, 2024 08:10:25.493524075 CET | 83 | OUT | |
| Dec 19, 2024 08:10:26.000999928 CET | 877 | IN | |
| Dec 19, 2024 08:10:32.524966955 CET | 83 | OUT | |
| Dec 19, 2024 08:10:33.032080889 CET | 883 | IN | |
| Dec 19, 2024 08:10:39.533737898 CET | 83 | OUT | |
| Dec 19, 2024 08:10:40.027842999 CET | 879 | IN | |
| Dec 19, 2024 08:10:46.762511969 CET | 83 | OUT | |
| Dec 19, 2024 08:10:47.254827023 CET | 875 | IN | |
| Dec 19, 2024 08:10:53.686009884 CET | 83 | OUT | |
| Dec 19, 2024 08:10:54.194869995 CET | 875 | IN | |
| Dec 19, 2024 08:11:01.049078941 CET | 83 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 49931 | 122.226.191.212 | 80 | 1784 | C:\Windows\SysWOW64\rundll32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 08:10:58.993473053 CET | 86 | OUT | |
| Dec 19, 2024 08:11:00.529135942 CET | 866 | IN | |
| Dec 19, 2024 08:11:01.294843912 CET | 86 | OUT | |
| Dec 19, 2024 08:11:01.848136902 CET | 866 | IN | |
| Dec 19, 2024 08:11:05.299588919 CET | 86 | OUT | |
| Dec 19, 2024 08:11:05.852078915 CET | 866 | IN | |
| Dec 19, 2024 08:11:09.295010090 CET | 86 | OUT | |
| Dec 19, 2024 08:11:09.848345041 CET | 866 | IN | |
| Dec 19, 2024 08:11:29.294819117 CET | 86 | OUT | |
| Dec 19, 2024 08:11:29.889605999 CET | 866 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.5 | 49947 | 104.21.42.47 | 80 | 1784 | C:\Windows\SysWOW64\rundll32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 08:11:04.760202885 CET | 83 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.5 | 49956 | 104.21.42.47 | 80 | 1784 | C:\Windows\SysWOW64\rundll32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 08:11:08.374138117 CET | 83 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.5 | 49966 | 104.21.42.47 | 80 | 1784 | C:\Windows\SysWOW64\rundll32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 08:11:11.731646061 CET | 83 | OUT | |
| Dec 19, 2024 08:11:12.989423037 CET | 864 | IN | |
| Dec 19, 2024 08:11:14.948231936 CET | 83 | OUT | |
| Dec 19, 2024 08:11:15.454953909 CET | 880 | IN | |
| Dec 19, 2024 08:11:18.569248915 CET | 83 | OUT | |
| Dec 19, 2024 08:11:19.078119993 CET | 877 | IN | |
| Dec 19, 2024 08:11:22.017446995 CET | 83 | OUT | |
| Dec 19, 2024 08:11:22.511931896 CET | 872 | IN | |
| Dec 19, 2024 08:11:25.619628906 CET | 83 | OUT | |
| Dec 19, 2024 08:11:26.113868952 CET | 879 | IN | |
| Dec 19, 2024 08:11:29.094314098 CET | 83 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.5 | 50011 | 104.21.42.47 | 80 | 1784 | C:\Windows\SysWOW64\rundll32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 08:11:32.762868881 CET | 83 | OUT | |
| Dec 19, 2024 08:11:34.062380075 CET | 861 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 02:08:26 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\System32\loaddll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x4c0000 |
| File size: | 126'464 bytes |
| MD5 hash: | 51E6071F9CBA48E79F10C84515AAE618 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 1 |
| Start time: | 02:08:26 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6d64d0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 02:08:26 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x790000 |
| File size: | 236'544 bytes |
| MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 02:08:26 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 02:08:26 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 02:08:29 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | true |
| Target ID: | 7 |
| Start time: | 02:08:33 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 8 |
| Start time: | 02:08:33 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\wbem\WMIC.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x430000 |
| File size: | 427'008 bytes |
| MD5 hash: | E2DE6500DE1148C7F6027AD50AC8B891 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 02:08:33 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6d64d0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 10 |
| Start time: | 02:08:33 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\wbem\WMIC.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x430000 |
| File size: | 427'008 bytes |
| MD5 hash: | E2DE6500DE1148C7F6027AD50AC8B891 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 11 |
| Start time: | 02:08:33 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6d64d0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 12 |
| Start time: | 02:08:37 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\wbem\WMIC.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x430000 |
| File size: | 427'008 bytes |
| MD5 hash: | E2DE6500DE1148C7F6027AD50AC8B891 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 13 |
| Start time: | 02:08:37 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6d64d0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 14 |
| Start time: | 02:08:37 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 15 |
| Start time: | 02:08:37 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 16 |
| Start time: | 02:08:37 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x7ff6d64d0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 17 |
| Start time: | 02:08:37 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 18 |
| Start time: | 02:08:37 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 19 |
| Start time: | 02:08:37 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 20 |
| Start time: | 02:08:37 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 21 |
| Start time: | 02:08:37 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 22 |
| Start time: | 02:08:37 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 23 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 24 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 25 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 26 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 27 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 28 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 29 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 30 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 31 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 32 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 33 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 34 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 35 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 36 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 37 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 38 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 39 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 40 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 41 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 42 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 43 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 44 |
| Start time: | 02:08:38 |
| Start date: | 19/12/2024 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xbb0000 |
| File size: | 61'440 bytes |
| MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
Execution Graph
| Execution Coverage: | 0.1% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 18.5% |
| Total number of Nodes: | 27 |
| Total number of Limit Nodes: | 0 |
Graph
Function 00F90A09 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 178nativememorywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F90A95 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140memorynativewindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F913BF Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F9082D Relevance: 2.6, APIs: 2, Instructions: 57memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F9000D Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 1.9% |
| Dynamic/Decrypted Code Coverage: | 98.5% |
| Signature Coverage: | 16.4% |
| Total number of Nodes: | 457 |
| Total number of Limit Nodes: | 8 |
Graph
Function 10013A20 Relevance: 50.9, APIs: 17, Strings: 12, Instructions: 185filesynchronizationCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000D890 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 142encryptionCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02BF0A09 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 178nativememorywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02BF0A95 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140memorynativewindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000CFC0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 251processpipeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000D420 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 250processpipeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10026FE8 Relevance: 16.8, APIs: 11, Instructions: 257COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6C696740 Relevance: 6.2, APIs: 4, Instructions: 243memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02BF13BF Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1002CE25 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02BF082D Relevance: 2.6, APIs: 2, Instructions: 57memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 10021DFA Relevance: 1.5, APIs: 1, Instructions: 39COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10036500 Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10022BD3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012550 Relevance: 54.6, APIs: 24, Strings: 7, Instructions: 308servicefileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E970 Relevance: 54.5, APIs: 26, Strings: 5, Instructions: 217stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000EF10 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 213keyboardsleepstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100123C0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 117libraryloaderprocessCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10005CA0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 87libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001DBF0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 104networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000F017 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34keyboardsleepstringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100143E0 Relevance: 7.6, APIs: 5, Instructions: 71memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10010560 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16shutdownCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A470 Relevance: 3.0, APIs: 2, Instructions: 39networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10013080 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10013000 Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100153E0 Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 249libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10007130 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 183timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012C30 Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 120sleepregistrysynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015EB0 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 139libraryloaderfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015000 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 103libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015BC0 Relevance: 30.0, APIs: 10, Strings: 7, Instructions: 232libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011980 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 148libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015950 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 94libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015160 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 72libraryloaderstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E190 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E2F0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E4A0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E600 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100138F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 70registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10029B73 Relevance: 16.7, APIs: 11, Instructions: 229COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10010380 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E760 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012C66 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49sleepsynchronizationnetworkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011F60 Relevance: 15.1, APIs: 10, Instructions: 123COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10013E90 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 150libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100157F0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 101libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E560 Relevance: 13.6, APIs: 9, Instructions: 139COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012E80 Relevance: 13.6, APIs: 9, Instructions: 62sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011580 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 118fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011E10 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 59stringnetworkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10002740 Relevance: 12.1, APIs: 8, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100145C0 Relevance: 10.7, APIs: 7, Instructions: 158COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10002070 Relevance: 10.6, APIs: 7, Instructions: 114COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A6F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100libraryfileloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A8B0 Relevance: 10.6, APIs: 7, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E880 Relevance: 10.6, APIs: 7, Instructions: 91memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100137C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 81registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10003320 Relevance: 10.6, APIs: 7, Instructions: 80COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011FE0 Relevance: 10.6, APIs: 7, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011B40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10001220 Relevance: 10.6, APIs: 7, Instructions: 58COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000F630 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54processsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10025DD7 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10023833 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10023908 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016140 Relevance: 9.2, APIs: 6, Instructions: 151COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E0D0 Relevance: 9.1, APIs: 6, Instructions: 127memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000C230 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10009900 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A9D0 Relevance: 9.1, APIs: 6, Instructions: 86networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10017B90 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000B5A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011EE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100122A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016750 Relevance: 7.7, APIs: 5, Instructions: 158memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001CCD0 Relevance: 7.6, APIs: 5, Instructions: 116COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001DFB0 Relevance: 7.6, APIs: 5, Instructions: 51memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001B630 Relevance: 7.5, APIs: 6, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001D760 Relevance: 6.3, APIs: 5, Instructions: 86memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E3A0 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001B710 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10014070 Relevance: 6.1, APIs: 4, Instructions: 84memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A3A0 Relevance: 6.1, APIs: 4, Instructions: 84fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001B090 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10003480 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10003280 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001EB80 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012300 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016B30 Relevance: 6.1, APIs: 4, Instructions: 52memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016AC0 Relevance: 6.0, APIs: 4, Instructions: 33memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100065C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000F5B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001BBF0 Relevance: 5.1, APIs: 4, Instructions: 133memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001CEA0 Relevance: 5.1, APIs: 4, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Execution Graph
| Execution Coverage: | 2.1% |
| Dynamic/Decrypted Code Coverage: | 98.6% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 503 |
| Total number of Limit Nodes: | 10 |
Graph
Function 10013A20 Relevance: 50.9, APIs: 17, Strings: 12, Instructions: 185filesynchronizationCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000D890 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 142encryptionCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA0A09 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 178nativememorywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BA0A95 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140memorynativewindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000CFC0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 251processpipeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000D420 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 250processpipeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10026FE8 Relevance: 16.8, APIs: 11, Instructions: 257COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10029B73 Relevance: 16.7, APIs: 11, Instructions: 229COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6C696740 Relevance: 6.2, APIs: 4, Instructions: 243memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA13BF Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1002CE25 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA082D Relevance: 2.6, APIs: 2, Instructions: 57memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10021DFA Relevance: 1.5, APIs: 1, Instructions: 39COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10036500 Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10022BD3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10036790 Relevance: 1.3, APIs: 1, Instructions: 34COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012550 Relevance: 54.6, APIs: 24, Strings: 7, Instructions: 308servicefileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E970 Relevance: 54.5, APIs: 26, Strings: 5, Instructions: 217stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000EF10 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 213keyboardsleepstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001DBF0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 104networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100153E0 Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 249libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10007130 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 183timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012C30 Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 120sleepregistrysynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015EB0 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 139libraryloaderfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100123C0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 117libraryloaderprocessCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015000 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 103libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015BC0 Relevance: 30.0, APIs: 10, Strings: 7, Instructions: 232libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011980 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 148libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015950 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 94libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10005CA0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 87libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015160 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 72libraryloaderstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E190 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E2F0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E4A0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E600 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100138F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 70registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10010380 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E760 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012C66 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49sleepsynchronizationnetworkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011F60 Relevance: 15.1, APIs: 10, Instructions: 123COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10013E90 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 150libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100157F0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 101libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E560 Relevance: 13.6, APIs: 9, Instructions: 139COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012E80 Relevance: 13.6, APIs: 9, Instructions: 62sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011580 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 118fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011E10 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 59stringnetworkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10002740 Relevance: 12.1, APIs: 8, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100145C0 Relevance: 10.7, APIs: 7, Instructions: 158COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10002070 Relevance: 10.6, APIs: 7, Instructions: 114COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A6F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100libraryfileloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A8B0 Relevance: 10.6, APIs: 7, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E880 Relevance: 10.6, APIs: 7, Instructions: 91memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100137C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 81registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10003320 Relevance: 10.6, APIs: 7, Instructions: 80COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011FE0 Relevance: 10.6, APIs: 7, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011B40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10001220 Relevance: 10.6, APIs: 7, Instructions: 58COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000F630 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54processsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10025DD7 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10023833 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10023908 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016140 Relevance: 9.2, APIs: 6, Instructions: 151COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E0D0 Relevance: 9.1, APIs: 6, Instructions: 127memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000C230 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10009900 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A9D0 Relevance: 9.1, APIs: 6, Instructions: 86networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10017B90 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000B5A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011EE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000F017 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34keyboardsleepstringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100122A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016750 Relevance: 7.7, APIs: 5, Instructions: 158memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001CCD0 Relevance: 7.6, APIs: 5, Instructions: 116COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100143E0 Relevance: 7.6, APIs: 5, Instructions: 71memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001DFB0 Relevance: 7.6, APIs: 5, Instructions: 51memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001B630 Relevance: 7.5, APIs: 6, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001D760 Relevance: 6.3, APIs: 5, Instructions: 86memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E3A0 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001B710 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10014070 Relevance: 6.1, APIs: 4, Instructions: 84memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A3A0 Relevance: 6.1, APIs: 4, Instructions: 84fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001B090 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10003480 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10003280 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001EB80 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012300 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016B30 Relevance: 6.1, APIs: 4, Instructions: 52memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016AC0 Relevance: 6.0, APIs: 4, Instructions: 33memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100065C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000F5B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001BBF0 Relevance: 5.1, APIs: 4, Instructions: 133memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001CEA0 Relevance: 5.1, APIs: 4, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Execution Graph
| Execution Coverage: | 2% |
| Dynamic/Decrypted Code Coverage: | 98.5% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 457 |
| Total number of Limit Nodes: | 8 |
Graph
Function 10013A20 Relevance: 50.9, APIs: 17, Strings: 12, Instructions: 185filesynchronizationCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000D890 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 142encryptionCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 033A0A09 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 178nativememorywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 033A0A95 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140memorynativewindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000CFC0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 251processpipeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000D420 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 250processpipeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10026FE8 Relevance: 16.8, APIs: 11, Instructions: 257COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6C696740 Relevance: 6.2, APIs: 4, Instructions: 243memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 033A13BF Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1002CE25 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 033A082D Relevance: 2.6, APIs: 2, Instructions: 57memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 10021DFA Relevance: 1.5, APIs: 1, Instructions: 39COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10036500 Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10022BD3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012550 Relevance: 54.6, APIs: 24, Strings: 7, Instructions: 308servicefileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E970 Relevance: 54.5, APIs: 26, Strings: 5, Instructions: 217stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000EF10 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 213keyboardsleepstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001DBF0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 104networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100153E0 Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 249libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10007130 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 183timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012C30 Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 120sleepregistrysynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015EB0 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 139libraryloaderfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100123C0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 117libraryloaderprocessCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015000 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 103libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015BC0 Relevance: 30.0, APIs: 10, Strings: 7, Instructions: 232libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011980 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 148libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015950 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 94libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10005CA0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 87libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015160 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 72libraryloaderstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E190 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E2F0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E4A0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E600 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100138F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 70registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10029B73 Relevance: 16.7, APIs: 11, Instructions: 229COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10010380 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E760 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012C66 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49sleepsynchronizationnetworkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011F60 Relevance: 15.1, APIs: 10, Instructions: 123COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10013E90 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 150libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100157F0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 101libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E560 Relevance: 13.6, APIs: 9, Instructions: 139COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012E80 Relevance: 13.6, APIs: 9, Instructions: 62sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011580 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 118fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011E10 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 59stringnetworkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10002740 Relevance: 12.1, APIs: 8, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100145C0 Relevance: 10.7, APIs: 7, Instructions: 158COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10002070 Relevance: 10.6, APIs: 7, Instructions: 114COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A6F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100libraryfileloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A8B0 Relevance: 10.6, APIs: 7, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E880 Relevance: 10.6, APIs: 7, Instructions: 91memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100137C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 81registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10003320 Relevance: 10.6, APIs: 7, Instructions: 80COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011FE0 Relevance: 10.6, APIs: 7, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011B40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10001220 Relevance: 10.6, APIs: 7, Instructions: 58COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000F630 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54processsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10025DD7 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10023833 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10023908 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016140 Relevance: 9.2, APIs: 6, Instructions: 151COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E0D0 Relevance: 9.1, APIs: 6, Instructions: 127memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000C230 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10009900 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A9D0 Relevance: 9.1, APIs: 6, Instructions: 86networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10017B90 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000B5A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011EE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000F017 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34keyboardsleepstringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100122A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016750 Relevance: 7.7, APIs: 5, Instructions: 158memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001CCD0 Relevance: 7.6, APIs: 5, Instructions: 116COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100143E0 Relevance: 7.6, APIs: 5, Instructions: 71memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001DFB0 Relevance: 7.6, APIs: 5, Instructions: 51memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001B630 Relevance: 7.5, APIs: 6, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001D760 Relevance: 6.3, APIs: 5, Instructions: 86memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E3A0 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001B710 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10014070 Relevance: 6.1, APIs: 4, Instructions: 84memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A3A0 Relevance: 6.1, APIs: 4, Instructions: 84fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001B090 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10003480 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10003280 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001EB80 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012300 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016B30 Relevance: 6.1, APIs: 4, Instructions: 52memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016AC0 Relevance: 6.0, APIs: 4, Instructions: 33memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100065C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000F5B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001BBF0 Relevance: 5.1, APIs: 4, Instructions: 133memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001CEA0 Relevance: 5.1, APIs: 4, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00530A09 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 178nativememorywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00530A95 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140memorynativewindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005313BF Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0053082D Relevance: 2.6, APIs: 2, Instructions: 57memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 1.9% |
| Dynamic/Decrypted Code Coverage: | 98.5% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 457 |
| Total number of Limit Nodes: | 8 |
Graph
Function 10013A20 Relevance: 50.9, APIs: 17, Strings: 12, Instructions: 185filesynchronizationCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000D890 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 142encryptionCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B10A09 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 178nativememorywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B10A95 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140memorynativewindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000CFC0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 251processpipeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000D420 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 250processpipeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10026FE8 Relevance: 16.8, APIs: 11, Instructions: 257COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6C696740 Relevance: 6.2, APIs: 4, Instructions: 243memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B113BF Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1002CE25 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B1082D Relevance: 2.6, APIs: 2, Instructions: 57memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 10021DFA Relevance: 1.5, APIs: 1, Instructions: 39COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10036500 Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10022BD3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012550 Relevance: 54.6, APIs: 24, Strings: 7, Instructions: 308servicefileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100153E0 Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 249libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10007130 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 183timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100123C0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 117libraryloaderprocessCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015000 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 103libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10015160 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 72libraryloaderstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E190 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E2F0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E4A0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E600 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10010380 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000E760 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E560 Relevance: 13.6, APIs: 9, Instructions: 139COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10011580 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 118fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10002740 Relevance: 12.1, APIs: 8, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100145C0 Relevance: 10.7, APIs: 7, Instructions: 158COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10002070 Relevance: 10.6, APIs: 7, Instructions: 114COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A6F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100libraryfileloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10003320 Relevance: 10.6, APIs: 7, Instructions: 80COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10001220 Relevance: 10.6, APIs: 7, Instructions: 58COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000F630 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54processsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016140 Relevance: 9.2, APIs: 6, Instructions: 151COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E0D0 Relevance: 9.1, APIs: 6, Instructions: 127memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000C230 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000B5A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000F017 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34keyboardsleepstringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100122A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10016750 Relevance: 7.7, APIs: 5, Instructions: 158memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100143E0 Relevance: 7.6, APIs: 5, Instructions: 71memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001B630 Relevance: 7.5, APIs: 6, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001D760 Relevance: 6.3, APIs: 5, Instructions: 86memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001E3A0 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001B710 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10014070 Relevance: 6.1, APIs: 4, Instructions: 84memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001A3A0 Relevance: 6.1, APIs: 4, Instructions: 84fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1001B090 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10003480 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10003280 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10012300 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100065C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 1000F5B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|