Edit tour
Windows
Analysis Report
1.exe
Overview
General Information
| Sample name: | 1.exe |
| Analysis ID: | 1582637 |
| MD5: | a2eccd0ac68e32f1763ff60e5b151304 |
| SHA1: | ee8cb670f183d9c38a8c2b40085d160f11fd547b |
| SHA256: | f29ac22ca60872b1edd94e2411007f37b5cf814a3b3a85df6b162c94c92a3dd5 |
| Tags: | DonutLoaderexeValleyRATuser-lontze7 |
| Infos: |   |
 | |
Detection
GhostRat
| Score: | 92 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Detected unpacking (creates a PE file in dynamic memory)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected GhostRat
AI detected suspicious sample
Contain functionality to detect virtual machines
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
Sigma detected: Potentially Suspicious Malware Callback Communication
AV process strings found (often used to terminate AV products)
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found decision node followed by non-executed suspicious APIs
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a global mouse hook
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
- System is w10x64
1.exe (PID: 7344 cmdline: "C:\Users\ user\Deskt op\1.exe" MD5: A2ECCD0AC68E32F1763FF60E5B151304) 
WerFault.exe (PID: 7520 cmdline: C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 344 -s 141 6 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
| Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
| JoeSecurity_GhostRat | Yara detected GhostRat | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
| Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
|
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems): | ||
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
Compliance | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Code function: | 0_2_0006939A | |
| Source: | TCP traffic: | ||
| Source: | ASN Name: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 0_2_031615C0 | |
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_000B6712 | |
| Source: | Code function: | 0_2_0316AA00 | |
| Source: | Code function: | 0_2_03167F30 | |
| Source: | Code function: | 0_2_000FC056 | |
| Source: | Code function: | 0_2_0316A6D0 | |
| Source: | Windows user hook set: | Jump to behavior | ||
| Source: | Code function: | 0_2_000E8144 | |
| Source: | Code function: | 0_2_000805D8 | |
| Source: | Code function: | 0_2_000D87A3 | |
| Source: | Code function: | 0_2_000AC98F | |
| Source: | Code function: | 0_2_0008AB3A | |
| Source: | Code function: | 0_2_000C4C24 | |
| Source: | Code function: | 0_2_00088CC8 | |
| Source: | Code function: | 0_2_0005F717 | |
| Source: | Code function: | 0_2_000F373B | |
| Source: | Code function: | 0_2_000D7C12 | |
| Source: | Code function: | 0_2_000DDC2D | |
| Source: | Code function: | 0_2_000ABDCF | |
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_03164110 | |
| Source: | Code function: | 0_2_03167941 | |
| Source: | Code function: | 0_2_03167972 | |
| Source: | Code function: | 0_2_031679A3 | |
| Source: | Code function: | 0_2_0014C0F3 | |
| Source: | Code function: | 0_2_000CE3B0 | |
| Source: | Code function: | 0_2_00090A4A | |
| Source: | Code function: | 0_2_00076D33 | |
| Source: | Code function: | 0_2_000E2E0B | |
| Source: | Code function: | 0_2_000C0EBB | |
| Source: | Code function: | 0_2_0009F174 | |
| Source: | Code function: | 0_2_00149416 | |
| Source: | Code function: | 0_2_000CF621 | |
| Source: | Code function: | 0_2_0015798C | |
| Source: | Code function: | 0_2_000BFE1F | |
| Source: | Code function: | 0_2_0006DE82 | |
| Source: | Code function: | 0_2_000CFF70 | |
| Source: | Code function: | 0_2_03163D60 | |
| Source: | Code function: | 0_2_031803A1 | |
| Source: | Code function: | 0_2_03180A7D | |
| Source: | Code function: | 0_2_0317AF11 | |
| Source: | Code function: | 0_2_03165530 | |
| Source: | Code function: | 0_2_03179A63 | |
| Source: | Code function: | 0_2_0316D850 | |
| Source: | Code function: | 0_2_0317F8FF | |
| Source: | Code function: | 0_2_0317FE50 | |
| Source: | Code function: | 0_2_03181DB1 | |
| Source: | Code function: | 0_2_02AC6AB0 | |
| Source: | Code function: | 0_2_02AC29A0 | |
| Source: | Code function: | 0_2_02AD37E1 | |
| Source: | Code function: | 0_2_02AD7541 | |
| Source: | Code function: | 0_2_02AD7A92 | |
| Source: | Code function: | 0_2_02AD1916 | |
| Source: | Code function: | 0_2_02AD995C | |
| Source: | Code function: | 0_2_02AD7FE3 | |
| Source: | Code function: | 0_2_0356D20F | |
| Source: | Code function: | 0_2_0357F2BE | |
| Source: | Code function: | 0_2_0357F80F | |
| Source: | Code function: | 0_2_0357A8D0 | |
| Source: | Code function: | 0_2_03581770 | |
| Source: | Code function: | 0_2_0356371F | |
| Source: | Code function: | 0_2_03564EEF | |
| Source: | Code function: | 0_2_0357FD60 | |
| Source: | Code function: | 0_2_03579422 | |
| Source: | Process created: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_03164640 | |
| Source: | Code function: | 0_2_03164520 | |
| Source: | Code function: | 0_2_03164A70 | |
| Source: | Code function: | 0_2_03163D60 | |
| Source: | Code function: | 0_2_00051410 | |
| Source: | Code function: | 0_2_00066D30 | |
| Source: | Code function: | 0_2_0005810C | |
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_0014FAAC | |
| Source: | Code function: | 0_2_00148C1E | |
| Source: | Code function: | 0_2_00148D78 | |
| Source: | Code function: | 0_2_031844F4 | |
| Source: | Code function: | 0_2_031844F4 | |
| Source: | Code function: | 0_2_031844F4 | |
| Source: | Code function: | 0_2_03174DA8 | |
| Source: | Code function: | 0_2_02ACD4A8 | |
| Source: | Code function: | 0_2_03574767 | |
| Source: | Code function: | 0_2_03576C70 | |
| Source: | Code function: | 0_2_00086268 | |
| Source: | Code function: | 0_2_0008630C | |
| Source: | Code function: | 0_2_000C659B | |
| Source: | Code function: | 0_2_000F094D | |
| Source: | Code function: | 0_2_00080DD9 | |
| Source: | Code function: | 0_2_000C7160 | |
| Source: | Code function: | 0_2_000C51EF | |
| Source: | Code function: | 0_2_00071906 | |
| Source: | Code function: | 0_2_000C5C7E | |
| Source: | Code function: | 0_2_000C5C7E | |
| Source: | Code function: | 0_2_000C5C7E | |
| Source: | Code function: | 0_2_000C5F7E | |
| Source: | Code function: | 0_2_0009BFF7 | |
| Source: | Code function: | 0_2_03167893 | |
| Source: | Code function: | 0_2_00067E35 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | Code function: | 0_2_03164420 | |
| Source: | Registry key queried: | Jump to behavior | ||
| Source: | Decision node followed by non-executed suspicious API: | graph_0-127830 | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_0006939A | |
| Source: | Code function: | 0_2_0014CA47 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-127469 | ||
| Source: | API call chain: | graph_0-126446 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_0014F4CB | |
| Source: | Code function: | 0_2_0014CA47 | |
| Source: | Code function: | 0_2_0014FAAC | |
| Source: | Code function: | 0_2_035600CD | |
| Source: | Code function: | 0_2_031837A9 | |
| Source: | Code function: | 0_2_0014F4CB | |
| Source: | Code function: | 0_2_00147629 | |
| Source: | Code function: | 0_2_0317403B | |
| Source: | Code function: | 0_2_03169DF0 | |
| Source: | Code function: | 0_2_0317112F | |
| Source: | Code function: | 0_2_02AC3840 | |
| Source: | Code function: | 0_2_02ACA37F | |
| Source: | Code function: | 0_2_02ACC8AB | |
| Source: | Code function: | 0_2_02ACF749 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Code function: | 0_2_031646E0 | |
| Source: | Code function: | 0_2_031646E0 | |
| Source: | Code function: | 0_2_031646E0 | |
| Source: | Code function: | 0_2_031646E0 | |
| Source: | Code function: | 0_2_03162320 | |
| Source: | Code function: | 0_2_000549C6 | |
| Source: | Code function: | 0_2_000A18C0 | |
| Source: | Code function: | 0_2_03162320 | |
| Source: | Code function: | 0_2_0014E528 | |
| Source: | Code function: | 0_2_001547F0 | |
| Source: | Code function: | 0_2_00067E35 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_0316EBA0 | |
| Source: | Code function: | 0_2_02AC7DF0 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 1 Replication Through Removable Media | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 41 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 11 Peripheral Device Discovery | Remote Desktop Protocol | 1 Screen Capture | 1 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 211 Process Injection | 2 Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 41 Input Capture | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Software Packing | NTDS | 16 System Information Discovery | Distributed Component Object Model | 2 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 151 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 131 Virtualization/Sandbox Evasion | Cached Domain Credentials | 131 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 211 Process Injection | Proc Filesystem | 1 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 Indicator Removal | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 45% | Virustotal | Browse | ||
| 63% | ReversingLabs | Win32.Exploit.DonutMarte |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 124.156.117.13 | unknown | Singapore | 132203 | TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN | true |
| IP |
|---|
| 192.168.1.2 |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1582637 |
| Start date and time: | 2024-12-31 08:20:07 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 16s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | 1.exe |
| Detection: | MAL |
| Classification: | mal92.troj.evad.winEXE@2/5@0/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.168.117.173, 40.126.32.133, 4.245.163.56, 13.107.246.45
- Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
| Time | Type | Description |
|---|---|---|
| 02:20:56 | API Interceptor | |
| 02:21:20 | API Interceptor |
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1.exe_2262233b1c4a664c14445ff2c18db8ed6a66_c1a861f5_ce72d914-4322-4cd4-93a0-02a51ba4f189\Report.wer 
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 1.0634783812485191 |
| Encrypted: | false |
| SSDEEP: | 192:mSp9hd66Zc0HR6iCjjeLZrHkFrgKzuiFVZ24IO8Y:DzhgcXHR6iCj0KzuiFVY4IO8Y |
| MD5: | 23B0671AC439F643AEA1A13C1ABDBC51 |
| SHA1: | 087A71BADC91C38B3326FD05831BAAE658333FDB |
| SHA-256: | A4A931DAC9DBB9A0F6C7F53AC4EA8B1047D4FF73F74F4F71B4FA44945873638A |
| SHA-512: | B45902215595AA141482BEC6183928B74551807DB344397A23DBF7EE0B2DDE15FFE59D7116432B79245011E21138B346A47726215070ACC89303884D59CF12BF |
| Malicious: | true |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 152582 |
| Entropy (8bit): | 1.83683695026491 |
| Encrypted: | false |
| SSDEEP: | 768:ilHGwUfJBZb0sBgm/qK2zft50u2ZhZj+Bp8UgXnXGK/:qm39v/q3zf/8WK |
| MD5: | FE8AECC572A7FEC7092876C67BCF3844 |
| SHA1: | 6AC408E0840CAADC367077E8089C998048C6F492 |
| SHA-256: | E3757EA72FAEEF20B7957F5927F73F7D861794CEAE6273BCA2DCA06939E2DD56 |
| SHA-512: | 92A072306F38CB2DD582B03D4C3535DB447D046BAB441D2DB20EE48D4DEB0148721E7931CEA25CB57320E35018CE8C4BD8235F8F66A16F78481CB4D92AD79227 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8396 |
| Entropy (8bit): | 3.6963346370593766 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJkR666Y9FSUwTgmf2ttWprS89boKsfV4m:R6lXJi666YfSUwTgmf2tSopfP |
| MD5: | C12DB8F132ED2D776E2E0BBBC510C123 |
| SHA1: | CA2C68ED79E91166C70C951D36F0C4B839C1120B |
| SHA-256: | 935EA047C4D833F254D585E9EFC16C4012286FBE2D56592D0AC526C8CCC5B0E6 |
| SHA-512: | 6598C26879FF03412C34D8181571DA555669B30CB98A538F457EB5C3FF5154AA9925EAABE05C7CACC5CF2A2EAA4C9A3742DEB06A96D01B8F811271C61586306F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4745 |
| Entropy (8bit): | 4.461088465802109 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsnkJg77aI9V/SWpW8VYNYm8M4JuoF0+q8vG/R8qT1Wrd:uIjfiI7r77VRJCKi8eErd |
| MD5: | 2285A95A418DA37CC9045F63167B6750 |
| SHA1: | 381DFD3219B8F6CF1D72879AFBBB2B8AFD0123B3 |
| SHA-256: | C2B76753DCAC8E358CB3237A9F81EA15F71547DB33AE6280B55ADF444CE1D981 |
| SHA-512: | 2A7EED98053EF00E32409FAA5FB01B9A8AFC9869C159B2CEB746EF915918820B1003FB4C9BEDF14C1FEC1B1A24FCD161E3373DC7E32D7F60910533FC623E6E1F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1835008 |
| Entropy (8bit): | 4.465520975444696 |
| Encrypted: | false |
| SSDEEP: | 6144:3IXfpi67eLPU9skLmb0b4gWSPKaJG8nAgejZMMhA2gX4WABl0uNkdwBCswSb2:4XD94gWlLZMM6YFH6+2 |
| MD5: | CB661BA798BF3EEA112BC295EF72515F |
| SHA1: | 7416E7BDCF2E0F623CBEE980867C2EB169CB6937 |
| SHA-256: | EDBA5535E971702B3E19F4B7A5D82958C4AC4B62F1A9B4FFE112D4274A9C70AF |
| SHA-512: | F24A944A931EFAF9E9918B72759B90DEAFBFE7AFB68A58A6504AF1A27940CDB20F7A2220D6FFABA2B06240CD6E3B2326B0362FB30C8B60064BEA1584F0D61BFE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.649482194453071 |
| TrID: |
|
| File name: | 1.exe |
| File size: | 1'874'432 bytes |
| MD5: | a2eccd0ac68e32f1763ff60e5b151304 |
| SHA1: | ee8cb670f183d9c38a8c2b40085d160f11fd547b |
| SHA256: | f29ac22ca60872b1edd94e2411007f37b5cf814a3b3a85df6b162c94c92a3dd5 |
| SHA512: | 86de5d8f3d9fef2a436bc36c9178f6f030ba006a71a86bb30ce9df0e4eefb4b9fa71fa596c64bde7d231417c75d33410dde2c2855e45809b9b727b54a03e8985 |
| SSDEEP: | 49152:RrwObw+yBXDMjmS/vVLdVlxl/z5MP/m2Y8H9W0AORUbwLwA6/TFmSfy:2ObwnBsmEVLdfxl/z5MPO8H9W7ORUbXd |
| TLSH: | 0A85AE3A3A919077C1333234558DF3BAF2AEA5314D38565766911F3C3E358A2992C3AF |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................................(.......).................U.....-.....................Rich....................PE..L....vkg... |
 | |
| Icon Hash: | 9e1f191f6777733a |
| Entrypoint: | 0x4f761f |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x676B7696 [Wed Dec 25 03:05:58 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 1 |
| File Version Major: | 5 |
| File Version Minor: | 1 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 1 |
| Import Hash: | 1d827ad5ca3aef28dfe0cea19c081a23 |
| Instruction |
|---|
| call 00007F4DF47FED09h |
| jmp 00007F4DF47F7C8Eh |
| cmp ecx, dword ptr [005625E0h] |
| jne 00007F4DF47F7E04h |
| rep ret |
| jmp 00007F4DF47FED90h |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| push ecx |
| push ebx |
| push esi |
| mov esi, dword ptr [0051C290h] |
| push edi |
| push dword ptr [005957A8h] |
| call esi |
| push dword ptr [005957A4h] |
| mov ebx, eax |
| mov dword ptr [ebp-04h], ebx |
| call esi |
| mov esi, eax |
| cmp esi, ebx |
| jc 00007F4DF47F7E87h |
| mov edi, esi |
| sub edi, ebx |
| lea eax, dword ptr [edi+04h] |
| cmp eax, 04h |
| jc 00007F4DF47F7E77h |
| push ebx |
| call 00007F4DF47FB674h |
| mov ebx, eax |
| lea eax, dword ptr [edi+04h] |
| pop ecx |
| cmp ebx, eax |
| jnc 00007F4DF47F7E4Ah |
| mov eax, 00000800h |
| cmp ebx, eax |
| jnc 00007F4DF47F7E04h |
| mov eax, ebx |
| add eax, ebx |
| cmp eax, ebx |
| jc 00007F4DF47F7E11h |
| push eax |
| push dword ptr [ebp-04h] |
| call 00007F4DF47FEEC3h |
| pop ecx |
| pop ecx |
| test eax, eax |
| jne 00007F4DF47F7E18h |
| lea eax, dword ptr [ebx+10h] |
| cmp eax, ebx |
| jc 00007F4DF47F7E40h |
| push eax |
| push dword ptr [ebp-04h] |
| call 00007F4DF47FEEADh |
| pop ecx |
| pop ecx |
| test eax, eax |
| je 00007F4DF47F7E31h |
| sar edi, 02h |
| push eax |
| lea esi, dword ptr [eax+edi*4] |
| call dword ptr [0051C294h] |
| mov dword ptr [005957A8h], eax |
| push dword ptr [ebp+08h] |
| mov edi, dword ptr [0051C294h] |
| call edi |
| mov dword ptr [esi], eax |
| add esi, 04h |
| push esi |
| call edi |
| mov dword ptr [005957A4h], eax |
| mov eax, dword ptr [ebp+08h] |
| jmp 00007F4DF47F7E04h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x15ab58 | 0x17c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x196000 | 0x14020 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1ab000 | 0x19964 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x11ccd0 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1457b0 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x11c000 | 0x908 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x11ab56 | 0x11ac00 | 81f07ad9401bb030f6fd4b22bfc8020d | False | 0.5604173574270557 | data | 6.522543309935167 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x11c000 | 0x41c80 | 0x41e00 | 53ba3f6835c1465c9f6599c95a09247d | False | 0.2668665500474383 | data | 4.99171438264604 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x15e000 | 0x377bc | 0x30200 | 0925c3d4d81457481990a402b0e891aa | False | 0.896190137987013 | data | 7.817358833843515 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x196000 | 0x14020 | 0x14200 | 0d1402167d2e62a9452ff3195ff8375e | False | 0.7321549883540373 | data | 6.846851273620952 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x1ab000 | 0x28678 | 0x28800 | b766fbb210faa4b699434a30410c6ed0 | False | 0.26442539544753085 | data | 4.952802281401289 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0x196d78 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.4805194805194805 |
| RT_CURSOR | 0x196eac | 0xb4 | Targa image data - Map 32 x 65536 x 1 +16 "\001" | Chinese | China | 0.7 |
| RT_CURSOR | 0x196f60 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | Chinese | China | 0.36363636363636365 |
| RT_CURSOR | 0x197094 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.35714285714285715 |
| RT_CURSOR | 0x1971c8 | 0x134 | data | Chinese | China | 0.37337662337662336 |
| RT_CURSOR | 0x1972fc | 0x134 | data | Chinese | China | 0.37662337662337664 |
| RT_CURSOR | 0x197430 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.36688311688311687 |
| RT_CURSOR | 0x197564 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.37662337662337664 |
| RT_CURSOR | 0x197698 | 0x134 | Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.36688311688311687 |
| RT_CURSOR | 0x1977cc | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.38636363636363635 |
| RT_CURSOR | 0x197900 | 0x134 | data | Chinese | China | 0.44155844155844154 |
| RT_CURSOR | 0x197a34 | 0x134 | data | Chinese | China | 0.4155844155844156 |
| RT_CURSOR | 0x197b68 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | Chinese | China | 0.5422077922077922 |
| RT_CURSOR | 0x197c9c | 0x134 | data | Chinese | China | 0.2662337662337662 |
| RT_CURSOR | 0x197dd0 | 0x134 | data | Chinese | China | 0.2824675324675325 |
| RT_CURSOR | 0x197f04 | 0x134 | data | Chinese | China | 0.3246753246753247 |
| RT_BITMAP | 0x198038 | 0xb8 | Device independent bitmap graphic, 12 x 10 x 4, image size 80 | Chinese | China | 0.44565217391304346 |
| RT_BITMAP | 0x1980f0 | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | Chinese | China | 0.37962962962962965 |
| RT_ICON | 0x198234 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | Chinese | China | 0.5335365853658537 |
| RT_ICON | 0x19889c | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | Chinese | China | 0.646505376344086 |
| RT_ICON | 0x198b84 | 0x1e8 | Device independent bitmap graphic, 24 x 48 x 4, image size 288 | Chinese | China | 0.6598360655737705 |
| RT_ICON | 0x198d6c | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | Chinese | China | 0.6385135135135135 |
| RT_ICON | 0x198e94 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Chinese | China | 0.6260660980810234 |
| RT_ICON | 0x199d3c | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Chinese | China | 0.7793321299638989 |
| RT_ICON | 0x19a5e4 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Chinese | China | 0.8231566820276498 |
| RT_ICON | 0x19acac | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Chinese | China | 0.6575144508670521 |
| RT_ICON | 0x19b214 | 0x93cb | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | Chinese | China | 0.9988106250825954 |
| RT_ICON | 0x1a45e0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Chinese | China | 0.5116182572614107 |
| RT_ICON | 0x1a6b88 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Chinese | China | 0.6109287054409006 |
| RT_ICON | 0x1a7c30 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Chinese | China | 0.6221311475409836 |
| RT_ICON | 0x1a85b8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Chinese | China | 0.7402482269503546 |
| RT_DIALOG | 0x1a8a20 | 0x120 | data | Chinese | China | 0.6145833333333334 |
| RT_DIALOG | 0x1a8b40 | 0xd8 | data | Chinese | China | 0.7268518518518519 |
| RT_DIALOG | 0x1a8c18 | 0xe2 | data | Chinese | China | 0.6769911504424779 |
| RT_DIALOG | 0x1a8cfc | 0x34 | data | Chinese | China | 0.8653846153846154 |
| RT_STRING | 0x1a8d30 | 0x44 | data | Chinese | China | 0.6764705882352942 |
| RT_STRING | 0x1a8d74 | 0x4e | data | Chinese | China | 0.8461538461538461 |
| RT_STRING | 0x1a8dc4 | 0x2c | data | Chinese | China | 0.5909090909090909 |
| RT_STRING | 0x1a8df0 | 0x84 | data | Chinese | China | 0.9166666666666666 |
| RT_STRING | 0x1a8e74 | 0x1c4 | data | Chinese | China | 0.8053097345132744 |
| RT_STRING | 0x1a9038 | 0x14e | data | Chinese | China | 0.5179640718562875 |
| RT_STRING | 0x1a9188 | 0x10e | data | Chinese | China | 0.7037037037037037 |
| RT_STRING | 0x1a9298 | 0x50 | data | Chinese | China | 0.7125 |
| RT_STRING | 0x1a92e8 | 0x44 | data | Chinese | China | 0.6764705882352942 |
| RT_STRING | 0x1a932c | 0x68 | data | Chinese | China | 0.7019230769230769 |
| RT_STRING | 0x1a9394 | 0x1b2 | data | Chinese | China | 0.6474654377880185 |
| RT_STRING | 0x1a9548 | 0xf4 | data | Chinese | China | 0.6065573770491803 |
| RT_STRING | 0x1a963c | 0x24 | data | Chinese | China | 0.4722222222222222 |
| RT_STRING | 0x1a9660 | 0x1a6 | data | Chinese | China | 0.6658767772511849 |
| RT_GROUP_CURSOR | 0x1a9808 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | Chinese | China | 1.0294117647058822 |
| RT_GROUP_CURSOR | 0x1a982c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a9840 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a9854 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a9868 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a987c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a9890 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a98a4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a98b8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a98cc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a98e0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a98f4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a9908 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a991c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a9930 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_ICON | 0x1a9944 | 0xbc | data | Chinese | China | 0.6117021276595744 |
| RT_VERSION | 0x1a9a00 | 0x2bc | data | Chinese | China | 0.4542857142857143 |
| RT_MANIFEST | 0x1a9cbc | 0x362 | ASCII text, with very long lines (866), with no line terminators | English | United States | 0.4515011547344111 |
| DLL | Import |
|---|---|
| KERNEL32.dll | IsDebuggerPresent, IsProcessorFeaturePresent, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetStringTypeW, GetTimeZoneInformation, LCMapStringW, GetConsoleCP, GetConsoleMode, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, HeapCreate, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStdHandle, SetUnhandledExceptionFilter, GetFileType, SetStdHandle, VirtualQuery, GetSystemInfo, WriteConsoleW, SetEnvironmentVariableA, FindResourceW, LoadResource, LockResource, SizeofResource, GetModuleFileNameW, CreateThread, VirtualAlloc, GetSystemTimeAsFileTime, HeapSize, HeapQueryInformation, HeapReAlloc, RaiseException, ExitThread, RtlUnwind, ExitProcess, HeapAlloc, HeapFree, DecodePointer, EncodePointer, GetStartupInfoW, HeapSetInformation, GetCommandLineW, FindResourceExW, SearchPathW, GetProfileIntW, GetTickCount, InitializeCriticalSectionAndSpinCount, GetNumberFormatW, GetWindowsDirectoryW, GetTempPathW, GetTempFileNameW, GetFileTime, GetFileSizeEx, GetFileAttributesW, FileTimeToLocalFileTime, GetFileAttributesExW, SetErrorMode, FileTimeToSystemTime, lstrlenA, GlobalGetAtomNameW, GetFullPathNameW, GetVolumeInformationW, FindFirstFileW, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileW, lstrcmpiW, lstrcpyW, DeleteFileW, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalFlags, GetCurrentDirectoryW, GlobalFindAtomW, GetVersionExW, CompareStringW, InterlockedDecrement, ReleaseActCtx, CreateActCtxW, CopyFileW, GlobalSize, FormatMessageW, LocalFree, MulDiv, GlobalUnlock, GlobalFree, FreeResource, GetCurrentProcessId, GlobalAddAtomW, GetPrivateProfileStringW, lstrlenW, WritePrivateProfileStringW, GetPrivateProfileIntW, WaitForSingleObject, ResumeThread, SetThreadPriority, lstrcmpA, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, GetUserDefaultUILanguage, ConvertDefaultLocale, GetSystemDefaultUILanguage, GetLocaleInfoW, ActivateActCtx, LoadLibraryW, GetLastError, DeactivateActCtx, SetLastError, MultiByteToWideChar, WideCharToMultiByte, GlobalLock, lstrcmpW, GlobalAlloc, GetModuleHandleW, GetProcAddress, InterlockedExchange, FreeLibrary, TerminateThread, Sleep, CloseHandle, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, VirtualProtect |
| USER32.dll | RegisterClipboardFormatW, FrameRect, CopyIcon, CharUpperBuffW, PostThreadMessageW, GetKeyNameTextW, DefFrameProcW, DefMDIChildProcW, DrawMenuBar, HideCaret, InvertRect, LockWindowUpdate, SetCursorPos, SetRect, CreateAcceleratorTableW, GetKeyboardState, GetKeyboardLayout, MapVirtualKeyW, ToUnicodeEx, CopyAcceleratorTableW, TranslateMDISysAccel, DrawFrameControl, DrawIconEx, SetClassLongW, DestroyAcceleratorTable, SetParent, UnpackDDElParam, ReuseDDElParam, LoadImageW, LoadAcceleratorsW, InsertMenuItemW, BringWindowToTop, TranslateAcceleratorW, UnregisterClassW, GetMenuDefaultItem, SetMenuDefaultItem, CreatePopupMenu, IsMenu, MonitorFromPoint, UpdateLayeredWindow, EnableScrollBar, EmptyClipboard, IsRectEmpty, IsZoomed, GetAsyncKeyState, NotifyWinEvent, MessageBeep, RedrawWindow, SetWindowRgn, LoadMenuW, OffsetRect, IntersectRect, CharUpperW, DestroyIcon, GetSysColorBrush, SetLayeredWindowAttributes, EnumDisplayMonitors, SetRectEmpty, KillTimer, SetTimer, RealChildWindowFromPoint, DeleteMenu, WaitMessage, ReleaseCapture, LoadCursorW, WindowFromPoint, SetCapture, ShowWindow, MoveWindow, SetWindowTextW, IsDialogMessageW, CheckDlgButton, RegisterWindowMessageW, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, CloseClipboard, SetClipboardData, OpenClipboard, GetNextDlgGroupItem, CopyImage, UnionRect, GetIconInfo, CreateMenu, IsClipboardFormatAvailable, GetUpdateRect, GetDoubleClickTime, IsCharLowerW, MapVirtualKeyExW, SubtractRect, DestroyCursor, MapDialogRect, DrawFocusRect, GetCapture, GetClassLongW, SetPropW, GetPropW, RemovePropW, GetWindowRgn, DrawEdge, GetKeyState, EnableWindow, DrawIcon, GetClientRect, GetSystemMetrics, IsIconic, SendMessageW, AppendMenuW, GetSystemMenu, LoadIconW, PostMessageW, PostQuitMessage, CheckMenuItem, EnableMenuItem, GetMenuState, ModifyMenuW, GetParent, GetFocus, LoadBitmapW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, ValidateRect, GetCursorPos, PeekMessageW, IsWindowVisible, GetActiveWindow, DispatchMessageW, TranslateMessage, GetMessageW, CallNextHookEx, SetWindowsHookExW, SetCursor, ShowOwnedPopups, MessageBoxW, IsWindowEnabled, GetLastActivePopup, GetWindowLongW, GetWindowThreadProcessId, DrawStateW, FillRect, UpdateWindow, InvalidateRect, GetClassNameW, EndDialog, GetNextDlgTabItem, GetDlgItem, IsWindow, DestroyWindow, CreateDialogIndirectParamW, SetActiveWindow, GetDesktopWindow, RemoveMenu, GetSubMenu, GetMenuItemCount, InsertMenuW, GetMenuItemID, GetMenuStringW, TabbedTextOutW, DrawTextW, DrawTextExW, GrayStringW, ScreenToClient, ClientToScreen, GetDC, ReleaseDC, GetWindowDC, BeginPaint, EndPaint, GetSysColor, PtInRect, GetWindowRect, UnhookWindowsHookEx, CopyRect, InflateRect, GetMenuItemInfoW, DestroyMenu, SystemParametersInfoW, GetWindow, SetWindowPos, SetWindowLongW, GetMenu, CallWindowProcW, DefWindowProcW, GetDlgCtrlID, GetWindowPlacement, SetWindowPlacement, SetScrollInfo, GetScrollInfo, DeferWindowPos, EqualRect, AdjustWindowRectEx, RegisterClassW, GetClassInfoW, GetClassInfoExW, CreateWindowExW, ShowScrollBar, SetForegroundWindow, GetScrollPos, SetScrollPos, GetScrollRange, SetScrollRange, SetMenu, TrackPopupMenu, ScrollWindow, MapWindowPoints, GetMonitorInfoW, MonitorFromWindow, GetMessagePos, GetMessageTime, GetTopWindow, EndDeferWindowPos, BeginDeferWindowPos, GetForegroundWindow, GetWindowTextW, GetWindowTextLengthW, SetFocus |
| GDI32.dll | GetStockObject, GetDeviceCaps, CopyMetaFileW, CreateDCW, SaveDC, RestoreDC, SetBkColor, SetBkMode, SetPolyFillMode, SetROP2, SetTextColor, SetMapMode, GetClipBox, ExcludeClipRect, IntersectClipRect, LineTo, MoveToEx, SetTextAlign, GetLayout, SetLayout, SelectClipRgn, CreateRectRgn, GetViewportExtEx, GetWindowExtEx, BitBlt, GetPixel, PtVisible, RectVisible, TextOutW, ExtTextOutW, Escape, SelectObject, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, ExtSelectClipRgn, DeleteDC, GetObjectW, CreatePatternBrush, CreateCompatibleDC, CreateSolidBrush, GetObjectType, CreatePen, CreateHatchBrush, CreateFontIndirectW, GetTextExtentPoint32W, CreateDIBitmap, CreateCompatibleBitmap, CreateRectRgnIndirect, GetTextMetricsW, EnumFontFamiliesW, GetTextCharsetInfo, SetRectRgn, CombineRgn, PatBlt, DPtoLP, CreateRoundRectRgn, CreateDIBSection, CreatePolygonRgn, GetBkColor, GetTextColor, CreateEllipticRgn, Polyline, Ellipse, Polygon, CreatePalette, GetPaletteEntries, GetNearestPaletteIndex, RealizePalette, GetSystemPaletteEntries, OffsetRgn, GetRgnBox, SetDIBColorTable, StretchBlt, SetPixel, Rectangle, EnumFontFamiliesExW, ExtFloodFill, SetPaletteEntries, LPtoDP, GetWindowOrgEx, GetViewportOrgEx, PtInRegion, FillRgn, FrameRgn, GetBoundsRect, GetTextFaceW, SetPixelV, DeleteObject, CreateBitmap, SelectPalette |
| MSIMG32.dll | AlphaBlend, TransparentBlt |
| COMDLG32.dll | GetFileTitleW |
| WINSPOOL.DRV | OpenPrinterW, DocumentPropertiesW, ClosePrinter |
| ADVAPI32.dll | RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyW, RegQueryValueW, RegCloseKey, RegEnumValueW, RegEnumKeyExW |
| SHELL32.dll | SHBrowseForFolderW, SHAppBarMessage, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetDesktopFolder, ShellExecuteW, DragQueryFileW, DragFinish, SHGetFileInfoW |
| COMCTL32.dll | ImageList_GetIconSize, InitCommonControlsEx |
| SHLWAPI.dll | PathFindExtensionW, PathFindFileNameW, PathStripToRootW, PathIsUNCW, PathRemoveFileSpecW |
| ole32.dll | OleCreateMenuDescriptor, OleDestroyMenuDescriptor, OleTranslateAccelerator, IsAccelerator, OleLockRunning, OleGetClipboard, RegisterDragDrop, CoLockObjectExternal, RevokeDragDrop, CoCreateGuid, CoTaskMemFree, DoDragDrop, CreateStreamOnHGlobal, CoInitializeEx, CoInitialize, CoCreateInstance, CoUninitialize, OleDuplicateData, CoTaskMemAlloc, ReleaseStgMedium |
| OLEAUT32.dll | SysFreeString, SysAllocString, SysAllocStringLen, VariantClear, VariantChangeType, VariantInit, SysStringLen, VarBstrFromDate, SystemTimeToVariantTime, VariantTimeToSystemTime |
| gdiplus.dll | GdipGetImagePaletteSize, GdipGetImagePalette, GdipCreateBitmapFromStream, GdipCreateBitmapFromScan0, GdipGetImagePixelFormat, GdipBitmapUnlockBits, GdipGetImageGraphicsContext, GdipDrawImageI, GdipCreateFromHDC, GdiplusShutdown, GdiplusStartup, GdipGetImageHeight, GdipCloneImage, GdipGetImageWidth, GdipCreateBitmapFromHBITMAP, GdipDisposeImage, GdipDeleteGraphics, GdipAlloc, GdipDrawImageRectI, GdipBitmapLockBits, GdipFree, GdipSetInterpolationMode |
| IPHLPAPI.DLL | GetTcpTable2, SetTcpEntry |
| WS2_32.dll | htonl, inet_ntop |
| OLEACC.dll | AccessibleObjectFromWindow, CreateStdAccessibleObject, LresultFromObject |
| IMM32.dll | ImmGetOpenStatus, ImmReleaseContext, ImmGetContext |
| WINMM.dll | PlaySoundW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Chinese | China |  |
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 31, 2024 08:20:59.418148041 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:20:59.423110008 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:20:59.423192024 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:20:59.423474073 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:20:59.428203106 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.306638002 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.306925058 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.311794996 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.311836958 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.311846972 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.622891903 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.622915983 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.622925997 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.622936010 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.622946024 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.622956038 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.622967005 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.622977018 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.622987986 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.622997999 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.622993946 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.623109102 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.623109102 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.624001980 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.628279924 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.628290892 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.628345966 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.846925974 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.846940041 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.846950054 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.846977949 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.846990108 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.846998930 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.847009897 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.847013950 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.847019911 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.847047091 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.847069025 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.847534895 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.847546101 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.847556114 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.847565889 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.847575903 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.847584009 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.847608089 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.848304033 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.848315001 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.848325968 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.848349094 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.848393917 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.848468065 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.848479986 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.848525047 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.848695993 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.848706007 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.848716974 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.848726988 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.848737001 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:00.848742008 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:00.848774910 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.068840981 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.068928957 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.068939924 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.068949938 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.068985939 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.069029093 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.069065094 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.069076061 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.069092989 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.069104910 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.069114923 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.069122076 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.069125891 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.069140911 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.069145918 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.069165945 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.069982052 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.069992065 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.070003033 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.070012093 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.070023060 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.070029974 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.070033073 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.070044994 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.070053101 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.070089102 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.070875883 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.070887089 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.070897102 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.070907116 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.070916891 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.070924997 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.070926905 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.070939064 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.070941925 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.070983887 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.071808100 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.071819067 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.071830034 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.071840048 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.071850061 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.071861029 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.071871996 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.071875095 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.071875095 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.071907997 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.071932077 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.072702885 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.072714090 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.072731018 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.072741032 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.072751999 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.072757959 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.072762966 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.072773933 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.072802067 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.072846889 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.073559999 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.073570967 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.073616982 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.297157049 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297193050 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297202110 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297213078 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297223091 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297245026 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.297295094 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.297378063 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297411919 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297420025 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.297456980 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297511101 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.297527075 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297785044 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297800064 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297811985 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297821999 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297832966 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297835112 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.297843933 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297852993 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.297875881 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.297899961 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.298207045 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298218012 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298227072 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298243999 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298254967 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298255920 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.298264980 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298275948 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298300028 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.298332930 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.298742056 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298782110 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298795938 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.298836946 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298847914 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298857927 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298867941 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298877001 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.298888922 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.298916101 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.299268961 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.299279928 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.299289942 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.299299955 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.299335957 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.299366951 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.299544096 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.299554110 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.299565077 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.299608946 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.299619913 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.299635887 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.299684048 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.299943924 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.299954891 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.299966097 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.299976110 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.299998045 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.300024986 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.300179005 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.300232887 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.300344944 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.300355911 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.300365925 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.300375938 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.300385952 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.300395966 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.300405979 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.300415993 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.300415993 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.300426006 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.300436020 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.300482035 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.302165031 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.302175045 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.302207947 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.302225113 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.302268982 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.302323103 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.302335024 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.302344084 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.302357912 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.302367926 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.302377939 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.302377939 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.302388906 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.302397966 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.302409887 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.302417040 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.302419901 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.302437067 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.302454948 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.303169012 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.303179979 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.303189993 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.303200006 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.303222895 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.303272963 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.303431034 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.303442001 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.303452015 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.303481102 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.352766037 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520109892 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520143986 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520153999 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520164013 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520174026 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520184994 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520195007 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520204067 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520216942 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520292044 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520292997 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520342112 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520353079 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520363092 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520379066 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520405054 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520415068 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520423889 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520426035 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520426035 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520433903 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520443916 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520453930 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520472050 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520524979 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520549059 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520560026 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520569086 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520576000 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520580053 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520607948 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520634890 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520751953 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520761967 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520771980 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520781994 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520792007 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520802021 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520803928 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520812035 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520822048 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520832062 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520847082 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520845890 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520847082 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520865917 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520899057 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.520955086 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520966053 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520977020 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520987034 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.520996094 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.521009922 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.521044016 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.521080017 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.521090031 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.521115065 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.521126032 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.521132946 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.521135092 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.521146059 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.521167994 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.521194935 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:01.606362104 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:01.610362053 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:03.619288921 CET | 49731 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:03.624187946 CET | 7777 | 49731 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:21:03.624272108 CET | 49731 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:21:26.733814955 CET | 49731 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 31, 2024 08:20:59.418517113 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:20:59.418585062 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:20:59.463048935 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:20:59.500804901 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:20:59.593075037 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:20:59.663238049 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:20:59.780808926 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:20:59.902810097 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:00.050786972 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:00.220776081 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:00.410804033 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:00.623785019 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:00.844789028 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:01.104795933 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:01.373797894 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:01.663798094 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:01.963835001 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:02.295708895 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:02.641851902 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:03.012928009 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:03.391835928 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:03.727715969 CET | 54327 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:03.727822065 CET | 54327 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:03.745790005 CET | 54327 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:03.792912960 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:03.797487974 CET | 54327 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:03.864820957 CET | 54327 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:21.570061922 CET | 54327 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:21:21.576653004 CET | 54326 | 6341 | 192.168.2.4 | 192.168.1.2 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 02:20:56 |
| Start date: | 31/12/2024 |
| Path: | C:\Users\user\Desktop\1.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x50000 |
| File size: | 1'874'432 bytes |
| MD5 hash: | A2ECCD0AC68E32F1763FF60E5B151304 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 02:21:02 |
| Start date: | 31/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xac0000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 2.9% |
| Dynamic/Decrypted Code Coverage: | 68.5% |
| Signature Coverage: | 8.8% |
| Total number of Nodes: | 1371 |
| Total number of Limit Nodes: | 26 |
Graph
Function 00067E35 Relevance: 103.8, APIs: 48, Strings: 11, Instructions: 557libraryloaderstringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03162320 Relevance: 89.7, APIs: 38, Strings: 13, Instructions: 447stringnetworklibraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03169DF0 Relevance: 47.6, APIs: 20, Strings: 7, Instructions: 330sleepsynchronizationtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC3840 Relevance: 16.5, APIs: 11, Instructions: 43threadsleepsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03164110 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75comstringnativeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00051410 Relevance: 7.5, APIs: 5, Instructions: 49processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 031615C0 Relevance: 3.1, APIs: 2, Instructions: 71networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000B6E09 Relevance: 40.7, APIs: 22, Strings: 1, Instructions: 421windowCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316A2E0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 223sleepsynchronizationtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316FC80 Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 324threadtimenetworkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03163E70 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 165registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03162D40 Relevance: 24.7, APIs: 2, Strings: 12, Instructions: 164windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC2310 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 120memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03162FC0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 99sleepstringsynchronizationCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03161410 Relevance: 21.2, APIs: 14, Instructions: 157networkstringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC1410 Relevance: 21.2, APIs: 14, Instructions: 157networkstringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03164290 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 99registrylibraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00051660 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 128threadsleepCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316EC80 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 113networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316F570 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 154networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0006386E Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03161BD0 Relevance: 13.6, APIs: 9, Instructions: 101synchronizationtimeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316F3A0 Relevance: 13.6, APIs: 9, Instructions: 81memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03170700 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC3140 Relevance: 10.7, APIs: 7, Instructions: 203sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC5F70 Relevance: 10.7, APIs: 7, Instructions: 152COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316C2F0 Relevance: 10.6, APIs: 7, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC2190 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 82sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 031717EF Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACAA21 Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000514C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03164210 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0317178A Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACA9BC Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC3460 Relevance: 9.1, APIs: 6, Instructions: 149sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC9945 Relevance: 9.1, APIs: 6, Instructions: 109timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC9950 Relevance: 9.1, APIs: 6, Instructions: 102timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC85F0 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316EA50 Relevance: 9.1, APIs: 6, Instructions: 72networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC7CA0 Relevance: 9.1, APIs: 6, Instructions: 72networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACA9B0 Relevance: 9.0, APIs: 6, Instructions: 29threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316B2E0 Relevance: 7.6, APIs: 5, Instructions: 147COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 031613B0 Relevance: 7.5, APIs: 5, Instructions: 32COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC13B0 Relevance: 7.5, APIs: 5, Instructions: 32COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 031619A0 Relevance: 6.1, APIs: 4, Instructions: 102timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC1BE0 Relevance: 6.1, APIs: 4, Instructions: 101synchronizationtimeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC1190 Relevance: 6.1, APIs: 4, Instructions: 76memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC10E0 Relevance: 6.1, APIs: 4, Instructions: 66memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316CB80 Relevance: 4.6, APIs: 3, Instructions: 114COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC5550 Relevance: 4.6, APIs: 3, Instructions: 96COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00148212 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316C670 Relevance: 4.5, APIs: 3, Instructions: 39networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC58D0 Relevance: 4.5, APIs: 3, Instructions: 39networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316A620 Relevance: 4.5, APIs: 3, Instructions: 32threadsynchronizationCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0317172A Relevance: 4.5, APIs: 3, Instructions: 11threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316FB50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC8DA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 035601CB Relevance: 3.3, APIs: 2, Instructions: 267memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC4550 Relevance: 3.1, APIs: 2, Instructions: 147COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC1840 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC19B0 Relevance: 3.1, APIs: 2, Instructions: 102timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC15C0 Relevance: 3.1, APIs: 2, Instructions: 71networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC7B90 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AC1750 Relevance: 3.1, APIs: 2, Instructions: 60networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC7100 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC42B0 Relevance: 3.0, APIs: 2, Instructions: 49COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316B0D0 Relevance: 3.0, APIs: 2, Instructions: 43memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC4340 Relevance: 3.0, APIs: 2, Instructions: 43memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008277F Relevance: 3.0, APIs: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316C3D0 Relevance: 3.0, APIs: 2, Instructions: 33networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC5630 Relevance: 3.0, APIs: 2, Instructions: 33networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316EEE0 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000548E0 Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AC17F0 Relevance: 3.0, APIs: 2, Instructions: 21sleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00056385 Relevance: 3.0, APIs: 2, Instructions: 15threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02ACA97B Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 031640F4 Relevance: 3.0, APIs: 2, Instructions: 8registryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316BAD0 Relevance: 1.6, APIs: 1, Instructions: 67timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC4D30 Relevance: 1.6, APIs: 1, Instructions: 67timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AC1040 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03171040 Relevance: 1.6, APIs: 1, Instructions: 50timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACA290 Relevance: 1.6, APIs: 1, Instructions: 50timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00054010 Relevance: 1.5, APIs: 1, Instructions: 37memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000591AE Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02ADAB70 Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03171749 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00066BCB Relevance: 1.5, APIs: 1, Instructions: 17COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316ADD0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316ADE0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC4020 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC4030 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000513E0 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316C480 Relevance: 1.5, APIs: 1, Instructions: 10networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC56E0 Relevance: 1.5, APIs: 1, Instructions: 10networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00051270 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00051590 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 031646E0 Relevance: 68.5, APIs: 30, Strings: 9, Instructions: 240libraryloaderinjectionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03167F30 Relevance: 58.1, APIs: 29, Strings: 4, Instructions: 354windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316AA00 Relevance: 58.0, APIs: 31, Strings: 2, Instructions: 216filesynchronizationstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C659B Relevance: 42.5, APIs: 28, Instructions: 452windowkeyboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000D87A3 Relevance: 37.1, APIs: 20, Strings: 1, Instructions: 325windowkeyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03164D50 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 127threadinjectionprocessCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316A6D0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 130synchronizationfilestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008AB3A Relevance: 21.3, APIs: 14, Instructions: 280keyboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03164520 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 69libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00090A4A Relevance: 20.8, APIs: 13, Instructions: 1300COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000CE3B0 Relevance: 16.9, APIs: 11, Instructions: 446COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B6712 Relevance: 13.6, APIs: 9, Instructions: 141clipboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000549C6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0005810C Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316EBA0 Relevance: 4.6, APIs: 3, Instructions: 84networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000F094D Relevance: 4.5, APIs: 3, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00086268 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0008630C Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 031837A9 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03165530 Relevance: .6, Instructions: 608COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B6908 Relevance: 51.1, APIs: 28, Strings: 1, Instructions: 323fileCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0317479B Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03168670 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 170stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 031666A0 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 308windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03163B70 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 146memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0005E64D Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 191windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03164B80 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 141libraryloaderfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000A4685 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 230windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 031631E0 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 222stringcomregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007E3EF Relevance: 25.0, APIs: 11, Strings: 3, Instructions: 469windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00054A92 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 132libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000ECBE8 Relevance: 22.8, APIs: 15, Instructions: 259COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03169910 Relevance: 22.8, APIs: 15, Instructions: 254COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00078914 Relevance: 22.7, APIs: 15, Instructions: 232timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 031688B0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 164registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 031639A0 Relevance: 19.7, APIs: 13, Instructions: 169COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000660FA Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 334windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03163520 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 144registrystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E2A14 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 137COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000A6AF0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 137windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03163346 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 125stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000AE9E0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 234windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000A099F Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03166C90 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 150windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03163820 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 116memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03168B30 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 66registrystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000A81C1 Relevance: 16.9, APIs: 11, Instructions: 392COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000583B9 Relevance: 16.6, APIs: 11, Instructions: 139COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03168BE0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88processstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316A8E0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 74stringtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D80E2 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 51sleepthreadCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03168540 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0006097D Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 69windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000868D0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 031709B0 Relevance: 13.7, APIs: 9, Instructions: 168COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03170470 Relevance: 13.6, APIs: 9, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E0A63 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000A40F7 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000A493D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 79windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001369DF Relevance: 12.1, APIs: 8, Instructions: 134COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316B930 Relevance: 12.1, APIs: 8, Instructions: 121synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0006E78F Relevance: 12.1, APIs: 8, Instructions: 111COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0007CA6F Relevance: 12.1, APIs: 8, Instructions: 100COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0008843A Relevance: 12.1, APIs: 8, Instructions: 80windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00058717 Relevance: 12.1, APIs: 8, Instructions: 74windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0006687A Relevance: 12.1, APIs: 8, Instructions: 64COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00058945 Relevance: 12.1, APIs: 8, Instructions: 52memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00068809 Relevance: 12.0, APIs: 8, Instructions: 39COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0012AB90 Relevance: 12.0, APIs: 8, Instructions: 36windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0007A6F8 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 367stringwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000EE250 Relevance: 10.8, APIs: 7, Instructions: 348COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000D67C4 Relevance: 10.8, APIs: 7, Instructions: 325windowstringCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000BC7D7 Relevance: 10.7, APIs: 7, Instructions: 233COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000EE6AA Relevance: 10.7, APIs: 7, Instructions: 174COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316CD10 Relevance: 10.7, APIs: 7, Instructions: 152COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0006EAD5 Relevance: 10.6, APIs: 7, Instructions: 126COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000CC7C7 Relevance: 10.6, APIs: 7, Instructions: 120COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316EF50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000CE943 Relevance: 10.6, APIs: 7, Instructions: 90windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000565A3 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0005E135 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00054630 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000545C4 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316A860 Relevance: 10.5, APIs: 7, Instructions: 42filesynchronizationstringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 031744B7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000687C3 Relevance: 10.5, APIs: 7, Instructions: 30COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000707E8 Relevance: 9.3, APIs: 6, Instructions: 299COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0009A2AE Relevance: 9.2, APIs: 6, Instructions: 221COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000A2223 Relevance: 9.2, APIs: 6, Instructions: 177windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0007226D Relevance: 9.2, APIs: 6, Instructions: 155windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000581F5 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000A6166 Relevance: 9.1, APIs: 6, Instructions: 137windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000D4767 Relevance: 9.1, APIs: 6, Instructions: 120windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03166520 Relevance: 9.1, APIs: 6, Instructions: 107COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316C6E0 Relevance: 9.1, APIs: 6, Instructions: 99networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00076AD4 Relevance: 9.1, APIs: 6, Instructions: 95windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 031630E0 Relevance: 9.1, APIs: 6, Instructions: 86processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B213D Relevance: 9.1, APIs: 6, Instructions: 82windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AC613 Relevance: 9.1, APIs: 6, Instructions: 77COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000EC4A6 Relevance: 9.1, APIs: 6, Instructions: 73COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007A343 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 294keyboardCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03166490 Relevance: 9.0, APIs: 6, Instructions: 42COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03161EC0 Relevance: 9.0, APIs: 6, Instructions: 39synchronizationsleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000A4220 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 143memorywindowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00086BD8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 031786CE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C89DA Relevance: 7.8, APIs: 5, Instructions: 316COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0009256E Relevance: 7.7, APIs: 5, Instructions: 241COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000E445E Relevance: 7.7, APIs: 5, Instructions: 226windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000F827E Relevance: 7.7, APIs: 5, Instructions: 207COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0007C0AC Relevance: 7.7, APIs: 5, Instructions: 196COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316CF10 Relevance: 7.7, APIs: 5, Instructions: 181COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C2823 Relevance: 7.7, APIs: 5, Instructions: 171windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000AC42D Relevance: 7.7, APIs: 5, Instructions: 169COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000C880C Relevance: 7.7, APIs: 5, Instructions: 168COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000A0BA2 Relevance: 7.7, APIs: 5, Instructions: 162stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00104323 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000F8B19 Relevance: 7.7, APIs: 5, Instructions: 155windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00078BDB Relevance: 7.6, APIs: 5, Instructions: 123COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0009C894 Relevance: 7.6, APIs: 5, Instructions: 113windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000AE4E3 Relevance: 7.6, APIs: 5, Instructions: 111windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000EC56C Relevance: 7.6, APIs: 5, Instructions: 109windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0009CB9C Relevance: 7.6, APIs: 5, Instructions: 106COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000F85EF Relevance: 7.6, APIs: 5, Instructions: 105COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000CE1B1 Relevance: 7.6, APIs: 5, Instructions: 102windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0007206B Relevance: 7.6, APIs: 5, Instructions: 99COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0008C2F3 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000984D4 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000B0062 Relevance: 7.6, APIs: 5, Instructions: 94windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0008A15A Relevance: 7.6, APIs: 5, Instructions: 94windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316C850 Relevance: 7.6, APIs: 5, Instructions: 87stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0005E4C7 Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000F02B6 Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000B29F5 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C4999 Relevance: 7.6, APIs: 5, Instructions: 68windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00080226 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0008E797 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03161270 Relevance: 7.6, APIs: 6, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012AA8B Relevance: 7.6, APIs: 5, Instructions: 61COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000A247D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00094B13 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000ACAE7 Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000D813A Relevance: 7.6, APIs: 5, Instructions: 53threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316B040 Relevance: 7.5, APIs: 6, Instructions: 49COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 031643B0 Relevance: 7.5, APIs: 5, Instructions: 33processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 031678EE Relevance: 7.5, APIs: 5, Instructions: 26processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0317177E Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000FC793 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109keyboardCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00066941 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72windowCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03162CA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000A25EF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00060770 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00056521 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000564C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000CA573 Relevance: 6.4, APIs: 4, Instructions: 435COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03169710 Relevance: 6.4, APIs: 5, Instructions: 140COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316E690 Relevance: 6.3, APIs: 5, Instructions: 80stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03170410 Relevance: 6.3, APIs: 5, Instructions: 34COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00096245 Relevance: 6.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000BE396 Relevance: 6.2, APIs: 4, Instructions: 187windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0007CBE4 Relevance: 6.2, APIs: 4, Instructions: 187COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000DC0C7 Relevance: 6.2, APIs: 4, Instructions: 173COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000C80DF Relevance: 6.2, APIs: 4, Instructions: 159COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000841B0 Relevance: 6.2, APIs: 4, Instructions: 155timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001266C6 Relevance: 6.2, APIs: 4, Instructions: 155windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000BE80F Relevance: 6.2, APIs: 4, Instructions: 151windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00090594 Relevance: 6.1, APIs: 4, Instructions: 148COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0006215C Relevance: 6.1, APIs: 4, Instructions: 132windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0007636C Relevance: 6.1, APIs: 4, Instructions: 120COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00088185 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000CC250 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000BC6FE Relevance: 6.1, APIs: 4, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316F060 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000A6303 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03161190 Relevance: 6.1, APIs: 4, Instructions: 76memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000AE8AB Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 031610E0 Relevance: 6.1, APIs: 4, Instructions: 66memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00058894 Relevance: 6.1, APIs: 4, Instructions: 62windowCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03169D50 Relevance: 6.1, APIs: 4, Instructions: 59memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E6375 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316E1B0 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316B150 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000800E2 Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000A2AD5 Relevance: 6.1, APIs: 4, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000D8410 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000BC4DB Relevance: 6.1, APIs: 4, Instructions: 51COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000EA37E Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000943D4 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000EA9EA Relevance: 6.0, APIs: 4, Instructions: 48COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0006EA50 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0006265C Relevance: 6.0, APIs: 4, Instructions: 45COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 03166E40 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000629EF Relevance: 6.0, APIs: 4, Instructions: 39windowCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000585B8 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00058524 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000BE317 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0316A680 Relevance: 6.0, APIs: 4, Instructions: 27threadsleepsynchronizationCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 031617F0 Relevance: 6.0, APIs: 4, Instructions: 21synchronizationsleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0316EDD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 03178447 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|