Edit tour
Windows
Analysis Report
1.exe
Overview
General Information
| Sample name: | 1.exe |
| Analysis ID: | 1582637 |
| MD5: | a2eccd0ac68e32f1763ff60e5b151304 |
| SHA1: | ee8cb670f183d9c38a8c2b40085d160f11fd547b |
| SHA256: | f29ac22ca60872b1edd94e2411007f37b5cf814a3b3a85df6b162c94c92a3dd5 |
| Tags: | DonutLoaderexeValleyRATuser-lontze7 |
| Infos: |   |
 | |
Detection
GhostRat
| Score: | 92 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected GhostRat
AI detected suspicious sample
Contain functionality to detect virtual machines
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
Found evasive API chain (may stop execution after checking mutex)
Found stalling execution ending in API Sleep call
Sigma detected: Potentially Suspicious Malware Callback Communication
AV process strings found (often used to terminate AV products)
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found decision node followed by non-executed suspicious APIs
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a global mouse hook
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
- System is w10x64
1.exe (PID: 7380 cmdline: "C:\Users\ user\Deskt op\1.exe" MD5: A2ECCD0AC68E32F1763FF60E5B151304) 
WerFault.exe (PID: 7608 cmdline: C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 380 -s 142 4 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
| Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
| JoeSecurity_GhostRat | Yara detected GhostRat | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
| Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
|
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems): | ||
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Code function: | 0_2_0018939A | |
| Source: | TCP traffic: | ||
| Source: | ASN Name: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 0_2_02AF15C0 | |
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_001D6712 | |
| Source: | Code function: | 0_2_02AFAA00 | |
| Source: | Code function: | 0_2_02AF7F30 | |
| Source: | Code function: | 0_2_0021C056 | |
| Source: | Code function: | 0_2_02AFA6D0 | |
| Source: | Windows user hook set: | Jump to behavior | ||
| Source: | Code function: | 0_2_00208144 | |
| Source: | Code function: | 0_2_001A05D8 | |
| Source: | Code function: | 0_2_001F87A3 | |
| Source: | Code function: | 0_2_001CC98F | |
| Source: | Code function: | 0_2_001AAB3A | |
| Source: | Code function: | 0_2_001E4C24 | |
| Source: | Code function: | 0_2_001A8CC8 | |
| Source: | Code function: | 0_2_0017F717 | |
| Source: | Code function: | 0_2_0021373B | |
| Source: | Code function: | 0_2_001F7C12 | |
| Source: | Code function: | 0_2_001FDC2D | |
| Source: | Code function: | 0_2_001CBDCF | |
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_02AF4110 | |
| Source: | Code function: | 0_2_02AF79A3 | |
| Source: | Code function: | 0_2_02AF7972 | |
| Source: | Code function: | 0_2_02AF7941 | |
| Source: | Code function: | 0_2_0026C0F3 | |
| Source: | Code function: | 0_2_001EE3B0 | |
| Source: | Code function: | 0_2_001B0A4A | |
| Source: | Code function: | 0_2_00196D33 | |
| Source: | Code function: | 0_2_00202E0B | |
| Source: | Code function: | 0_2_001E0EBB | |
| Source: | Code function: | 0_2_001BF174 | |
| Source: | Code function: | 0_2_00269416 | |
| Source: | Code function: | 0_2_001EF621 | |
| Source: | Code function: | 0_2_0027798C | |
| Source: | Code function: | 0_2_001DFE1F | |
| Source: | Code function: | 0_2_0018DE82 | |
| Source: | Code function: | 0_2_001EFF70 | |
| Source: | Code function: | 0_2_02AF3D60 | |
| Source: | Code function: | 0_2_02B103A1 | |
| Source: | Code function: | 0_2_02B10A7D | |
| Source: | Code function: | 0_2_02B0AF11 | |
| Source: | Code function: | 0_2_02AF5530 | |
| Source: | Code function: | 0_2_02B09A63 | |
| Source: | Code function: | 0_2_02B0F8FF | |
| Source: | Code function: | 0_2_02AFD850 | |
| Source: | Code function: | 0_2_02B0FE50 | |
| Source: | Code function: | 0_2_02B11DB1 | |
| Source: | Code function: | 0_2_028A6AB0 | |
| Source: | Code function: | 0_2_028A29A0 | |
| Source: | Process created: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_02AF4640 | |
| Source: | Code function: | 0_2_02AF4520 | |
| Source: | Code function: | 0_2_02AF4A70 | |
| Source: | Code function: | 0_2_02AF3D60 | |
| Source: | Code function: | 0_2_00171410 | |
| Source: | Code function: | 0_2_00186D30 | |
| Source: | Code function: | 0_2_0017810C | |
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0026FAAC | |
| Source: | Code function: | 0_2_00268C1E | |
| Source: | Code function: | 0_2_00268D78 | |
| Source: | Code function: | 0_2_02B144F4 | |
| Source: | Code function: | 0_2_02B144F4 | |
| Source: | Code function: | 0_2_02B04DA8 | |
| Source: | Code function: | 0_2_001A6268 | |
| Source: | Code function: | 0_2_001A630C | |
| Source: | Code function: | 0_2_001E659B | |
| Source: | Code function: | 0_2_001A0DD9 | |
| Source: | Code function: | 0_2_001E7160 | |
| Source: | Code function: | 0_2_001E51EF | |
| Source: | Code function: | 0_2_00191906 | |
| Source: | Code function: | 0_2_001E5C7E | |
| Source: | Code function: | 0_2_001E5C7E | |
| Source: | Code function: | 0_2_001E5C7E | |
| Source: | Code function: | 0_2_001E5F7E | |
| Source: | Code function: | 0_2_001BBFF7 | |
| Source: | Code function: | 0_2_02AF7893 | |
| Source: | Code function: | 0_2_00187E35 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | Code function: | 0_2_02AF4420 | |
| Source: | Evasive API call chain: | graph_0-104222 | ||
| Source: | Stalling execution: | graph_0-103912 | ||
| Source: | Registry key queried: | Jump to behavior | ||
| Source: | Decision node followed by non-executed suspicious API: | graph_0-103682 | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_0018939A | |
| Source: | Code function: | 0_2_0026CA47 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-102715 | ||
| Source: | API call chain: | graph_0-104387 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_0026F4CB | |
| Source: | Code function: | 0_2_0026CA47 | |
| Source: | Code function: | 0_2_0026FAAC | |
| Source: | Code function: | 0_2_02B137A9 | |
| Source: | Code function: | 0_2_0026F4CB | |
| Source: | Code function: | 0_2_00267629 | |
| Source: | Code function: | 0_2_02B0403B | |
| Source: | Code function: | 0_2_02AF9DF0 | |
| Source: | Code function: | 0_2_02B0112F | |
| Source: | Code function: | 0_2_028A3840 | |
| Source: | Code function: | 0_2_028AA37F | |
| Source: | Code function: | 0_2_028AC8AB | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Code function: | 0_2_02AF46E0 | |
| Source: | Code function: | 0_2_02AF46E0 | |
| Source: | Code function: | 0_2_02AF46E0 | |
| Source: | Code function: | 0_2_02AF46E0 | |
| Source: | Code function: | 0_2_02AF2320 | |
| Source: | Code function: | 0_2_001749C6 | |
| Source: | Code function: | 0_2_001C18C0 | |
| Source: | Code function: | 0_2_02AF2320 | |
| Source: | Code function: | 0_2_0026E528 | |
| Source: | Code function: | 0_2_002747F0 | |
| Source: | Code function: | 0_2_00187E35 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_02AFEBA0 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 1 Replication Through Removable Media | 11 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 41 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 11 Peripheral Device Discovery | Remote Desktop Protocol | 1 Screen Capture | 1 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 211 Process Injection | 2 Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 41 Input Capture | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 16 System Information Discovery | Distributed Component Object Model | 2 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 131 Virtualization/Sandbox Evasion | LSA Secrets | 151 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Access Token Manipulation | Cached Domain Credentials | 131 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 211 Process Injection | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Indicator Removal | Proc Filesystem | 1 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 45% | Virustotal | Browse | ||
| 63% | ReversingLabs | Win32.Exploit.DonutMarte |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 124.156.117.13 | unknown | Singapore | 132203 | TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN | true |
| IP |
|---|
| 192.168.1.2 |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1582637 |
| Start date and time: | 2024-12-31 08:25:57 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 20s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Run with higher sleep bypass |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | 1.exe |
| Detection: | MAL |
| Classification: | mal92.troj.evad.winEXE@2/5@0/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.22, 20.190.159.0, 172.202.163.200, 13.107.246.45
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
⊘No simulations
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1.exe_2262233b1c4a664c14445ff2c18db8ed6a66_c1a861f5_ca6121c6-1511-4226-8e9b-14ee799fea8e\Report.wer 
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 1.0635643467685238 |
| Encrypted: | false |
| SSDEEP: | 192:b+jnhd6bc0HR6iCj8H+ZrQkFrAKzuiFWZ24IO8Y:UnhgbXHR6iCj8KzuiFWY4IO8Y |
| MD5: | DF09B12D9B76ADFBFF27179EDA49559C |
| SHA1: | F5AD83C0353F250EAB642CE9C44FE15789B146AE |
| SHA-256: | 3A36FBE0A7C7BDC517BBDA6108DA142FC10D86D696C53FA634AB1E78F83DE3F8 |
| SHA-512: | B6129E1A5D945CD62FD9DEBAC09EBF80CDDE25C4F022DCD2586882FAE0D3971D0ADA2763486728EF1FF026D43FC3666B297D3E80A85BE3A44E43B50CF7DDCCCC |
| Malicious: | true |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 150270 |
| Entropy (8bit): | 1.8366810947333396 |
| Encrypted: | false |
| SSDEEP: | 1536:iRWMVNeGOBhcX2dgKcEQUFILb4TEsYz2j:i5NePBSXogKE |
| MD5: | 0C5589C00EFE72332CA6C13427F08262 |
| SHA1: | 44995D3F105ED735F8E708BA1FE71F15B96544F1 |
| SHA-256: | EB6C3F1F14ABCF195E4E0BD86D58CB4CCFFCBD45A405AD9852E7F024A02F2939 |
| SHA-512: | 25151A8D3F7B54B9AE6E9085E19F45C9908F870B7DAD075C48D05041CF9128063B9BA2D00CFCC954F2ED118E47FCF04F0805080E142ABF699239B6A35A7ED719 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8388 |
| Entropy (8bit): | 3.696438391082311 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJcC6/6Y9cSU9YCmgmf2twprG89b5Q9sfNzWm:R6lXJB6/6YGSU9YCmgmf2ta5Q2fpf |
| MD5: | 20BE5B50F0519F1751FBFD477A91A632 |
| SHA1: | DF1F238DF7DB66D06AA3721A4B1209CB2F68F48B |
| SHA-256: | C7F9F849D2E50A74D88713A575C4B942842C625C92AF1736C3FA477225B699BA |
| SHA-512: | 7445E770A4496E9916EDFFC5EE132DF40EE8D90A8794BE94CD00B5D96BC67D3176300A41A3E3AADB998E41732DD5087E789879B1F519740860208104167D82B9 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4745 |
| Entropy (8bit): | 4.465701223822374 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsnGJg77aI9pOWpW8VY8Ym8M4JuoF++q8vGn0G8qT1WEd:uIjfcI7Xv7V8JAKA0G8eEEd |
| MD5: | 68662BA8D546325B642E3F92E93717F5 |
| SHA1: | 42F567DB9A3F6492AE52E7A9482F474843A934A4 |
| SHA-256: | 824FEBFBD5FFD8AB970561718A6E03339155B399F8F2DE1E2F600FB1FF59F046 |
| SHA-512: | A73009B2275163E76F77958C38B161803A292C5DC9D452E0A66537E558EEA0EC671397E4F31619FE956ED9F3F5769A54CD7B5D7EE0EA8B36A66C292FB2C18CA2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1835008 |
| Entropy (8bit): | 4.465507130746226 |
| Encrypted: | false |
| SSDEEP: | 6144:ZIXfpi67eLPU9skLmb0b46WSPKaJG8nAgejZMMhA2gX4WABl0uNkdwBCswSb2:qXD946WlLZMM6YFH6+2 |
| MD5: | C0D58D6BD7792B312F11B1083DD691FF |
| SHA1: | 1D142F1A97EAEEED6A74C244EC58C8698FD36C8C |
| SHA-256: | 36431120EB147104DFDDBC900312EAFDE9C9FF42AA764667D0833146C9919E2E |
| SHA-512: | 76CC2AE48F9D0F22897FB316D9956CCCEE53904F8FBB3960FA55F3041679A94C2032188C0B6562F5C3D1DA3698A274FA87B3F9F243ABD0158185566C3D38CB4F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.649482194453071 |
| TrID: |
|
| File name: | 1.exe |
| File size: | 1'874'432 bytes |
| MD5: | a2eccd0ac68e32f1763ff60e5b151304 |
| SHA1: | ee8cb670f183d9c38a8c2b40085d160f11fd547b |
| SHA256: | f29ac22ca60872b1edd94e2411007f37b5cf814a3b3a85df6b162c94c92a3dd5 |
| SHA512: | 86de5d8f3d9fef2a436bc36c9178f6f030ba006a71a86bb30ce9df0e4eefb4b9fa71fa596c64bde7d231417c75d33410dde2c2855e45809b9b727b54a03e8985 |
| SSDEEP: | 49152:RrwObw+yBXDMjmS/vVLdVlxl/z5MP/m2Y8H9W0AORUbwLwA6/TFmSfy:2ObwnBsmEVLdfxl/z5MPO8H9W7ORUbXd |
| TLSH: | 0A85AE3A3A919077C1333234558DF3BAF2AEA5314D38565766911F3C3E358A2992C3AF |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................................(.......).................U.....-.....................Rich....................PE..L....vkg... |
 | |
| Icon Hash: | 9e1f191f6777733a |
| Entrypoint: | 0x4f761f |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x676B7696 [Wed Dec 25 03:05:58 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 1 |
| File Version Major: | 5 |
| File Version Minor: | 1 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 1 |
| Import Hash: | 1d827ad5ca3aef28dfe0cea19c081a23 |
| Instruction |
|---|
| call 00007F030CFBF5A9h |
| jmp 00007F030CFB852Eh |
| cmp ecx, dword ptr [005625E0h] |
| jne 00007F030CFB86A4h |
| rep ret |
| jmp 00007F030CFBF630h |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| push ecx |
| push ebx |
| push esi |
| mov esi, dword ptr [0051C290h] |
| push edi |
| push dword ptr [005957A8h] |
| call esi |
| push dword ptr [005957A4h] |
| mov ebx, eax |
| mov dword ptr [ebp-04h], ebx |
| call esi |
| mov esi, eax |
| cmp esi, ebx |
| jc 00007F030CFB8727h |
| mov edi, esi |
| sub edi, ebx |
| lea eax, dword ptr [edi+04h] |
| cmp eax, 04h |
| jc 00007F030CFB8717h |
| push ebx |
| call 00007F030CFBBF14h |
| mov ebx, eax |
| lea eax, dword ptr [edi+04h] |
| pop ecx |
| cmp ebx, eax |
| jnc 00007F030CFB86EAh |
| mov eax, 00000800h |
| cmp ebx, eax |
| jnc 00007F030CFB86A4h |
| mov eax, ebx |
| add eax, ebx |
| cmp eax, ebx |
| jc 00007F030CFB86B1h |
| push eax |
| push dword ptr [ebp-04h] |
| call 00007F030CFBF763h |
| pop ecx |
| pop ecx |
| test eax, eax |
| jne 00007F030CFB86B8h |
| lea eax, dword ptr [ebx+10h] |
| cmp eax, ebx |
| jc 00007F030CFB86E0h |
| push eax |
| push dword ptr [ebp-04h] |
| call 00007F030CFBF74Dh |
| pop ecx |
| pop ecx |
| test eax, eax |
| je 00007F030CFB86D1h |
| sar edi, 02h |
| push eax |
| lea esi, dword ptr [eax+edi*4] |
| call dword ptr [0051C294h] |
| mov dword ptr [005957A8h], eax |
| push dword ptr [ebp+08h] |
| mov edi, dword ptr [0051C294h] |
| call edi |
| mov dword ptr [esi], eax |
| add esi, 04h |
| push esi |
| call edi |
| mov dword ptr [005957A4h], eax |
| mov eax, dword ptr [ebp+08h] |
| jmp 00007F030CFB86A4h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x15ab58 | 0x17c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x196000 | 0x14020 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1ab000 | 0x19964 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x11ccd0 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1457b0 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x11c000 | 0x908 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x11ab56 | 0x11ac00 | 81f07ad9401bb030f6fd4b22bfc8020d | False | 0.5604173574270557 | data | 6.522543309935167 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x11c000 | 0x41c80 | 0x41e00 | 53ba3f6835c1465c9f6599c95a09247d | False | 0.2668665500474383 | data | 4.99171438264604 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x15e000 | 0x377bc | 0x30200 | 0925c3d4d81457481990a402b0e891aa | False | 0.896190137987013 | data | 7.817358833843515 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x196000 | 0x14020 | 0x14200 | 0d1402167d2e62a9452ff3195ff8375e | False | 0.7321549883540373 | data | 6.846851273620952 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x1ab000 | 0x28678 | 0x28800 | b766fbb210faa4b699434a30410c6ed0 | False | 0.26442539544753085 | data | 4.952802281401289 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0x196d78 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.4805194805194805 |
| RT_CURSOR | 0x196eac | 0xb4 | Targa image data - Map 32 x 65536 x 1 +16 "\001" | Chinese | China | 0.7 |
| RT_CURSOR | 0x196f60 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | Chinese | China | 0.36363636363636365 |
| RT_CURSOR | 0x197094 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.35714285714285715 |
| RT_CURSOR | 0x1971c8 | 0x134 | data | Chinese | China | 0.37337662337662336 |
| RT_CURSOR | 0x1972fc | 0x134 | data | Chinese | China | 0.37662337662337664 |
| RT_CURSOR | 0x197430 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.36688311688311687 |
| RT_CURSOR | 0x197564 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.37662337662337664 |
| RT_CURSOR | 0x197698 | 0x134 | Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.36688311688311687 |
| RT_CURSOR | 0x1977cc | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.38636363636363635 |
| RT_CURSOR | 0x197900 | 0x134 | data | Chinese | China | 0.44155844155844154 |
| RT_CURSOR | 0x197a34 | 0x134 | data | Chinese | China | 0.4155844155844156 |
| RT_CURSOR | 0x197b68 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | Chinese | China | 0.5422077922077922 |
| RT_CURSOR | 0x197c9c | 0x134 | data | Chinese | China | 0.2662337662337662 |
| RT_CURSOR | 0x197dd0 | 0x134 | data | Chinese | China | 0.2824675324675325 |
| RT_CURSOR | 0x197f04 | 0x134 | data | Chinese | China | 0.3246753246753247 |
| RT_BITMAP | 0x198038 | 0xb8 | Device independent bitmap graphic, 12 x 10 x 4, image size 80 | Chinese | China | 0.44565217391304346 |
| RT_BITMAP | 0x1980f0 | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | Chinese | China | 0.37962962962962965 |
| RT_ICON | 0x198234 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | Chinese | China | 0.5335365853658537 |
| RT_ICON | 0x19889c | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | Chinese | China | 0.646505376344086 |
| RT_ICON | 0x198b84 | 0x1e8 | Device independent bitmap graphic, 24 x 48 x 4, image size 288 | Chinese | China | 0.6598360655737705 |
| RT_ICON | 0x198d6c | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | Chinese | China | 0.6385135135135135 |
| RT_ICON | 0x198e94 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Chinese | China | 0.6260660980810234 |
| RT_ICON | 0x199d3c | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Chinese | China | 0.7793321299638989 |
| RT_ICON | 0x19a5e4 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Chinese | China | 0.8231566820276498 |
| RT_ICON | 0x19acac | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Chinese | China | 0.6575144508670521 |
| RT_ICON | 0x19b214 | 0x93cb | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | Chinese | China | 0.9988106250825954 |
| RT_ICON | 0x1a45e0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Chinese | China | 0.5116182572614107 |
| RT_ICON | 0x1a6b88 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Chinese | China | 0.6109287054409006 |
| RT_ICON | 0x1a7c30 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Chinese | China | 0.6221311475409836 |
| RT_ICON | 0x1a85b8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Chinese | China | 0.7402482269503546 |
| RT_DIALOG | 0x1a8a20 | 0x120 | data | Chinese | China | 0.6145833333333334 |
| RT_DIALOG | 0x1a8b40 | 0xd8 | data | Chinese | China | 0.7268518518518519 |
| RT_DIALOG | 0x1a8c18 | 0xe2 | data | Chinese | China | 0.6769911504424779 |
| RT_DIALOG | 0x1a8cfc | 0x34 | data | Chinese | China | 0.8653846153846154 |
| RT_STRING | 0x1a8d30 | 0x44 | data | Chinese | China | 0.6764705882352942 |
| RT_STRING | 0x1a8d74 | 0x4e | data | Chinese | China | 0.8461538461538461 |
| RT_STRING | 0x1a8dc4 | 0x2c | data | Chinese | China | 0.5909090909090909 |
| RT_STRING | 0x1a8df0 | 0x84 | data | Chinese | China | 0.9166666666666666 |
| RT_STRING | 0x1a8e74 | 0x1c4 | data | Chinese | China | 0.8053097345132744 |
| RT_STRING | 0x1a9038 | 0x14e | data | Chinese | China | 0.5179640718562875 |
| RT_STRING | 0x1a9188 | 0x10e | data | Chinese | China | 0.7037037037037037 |
| RT_STRING | 0x1a9298 | 0x50 | data | Chinese | China | 0.7125 |
| RT_STRING | 0x1a92e8 | 0x44 | data | Chinese | China | 0.6764705882352942 |
| RT_STRING | 0x1a932c | 0x68 | data | Chinese | China | 0.7019230769230769 |
| RT_STRING | 0x1a9394 | 0x1b2 | data | Chinese | China | 0.6474654377880185 |
| RT_STRING | 0x1a9548 | 0xf4 | data | Chinese | China | 0.6065573770491803 |
| RT_STRING | 0x1a963c | 0x24 | data | Chinese | China | 0.4722222222222222 |
| RT_STRING | 0x1a9660 | 0x1a6 | data | Chinese | China | 0.6658767772511849 |
| RT_GROUP_CURSOR | 0x1a9808 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | Chinese | China | 1.0294117647058822 |
| RT_GROUP_CURSOR | 0x1a982c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a9840 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a9854 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a9868 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a987c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a9890 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a98a4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a98b8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a98cc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a98e0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a98f4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a9908 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a991c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_CURSOR | 0x1a9930 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.3 |
| RT_GROUP_ICON | 0x1a9944 | 0xbc | data | Chinese | China | 0.6117021276595744 |
| RT_VERSION | 0x1a9a00 | 0x2bc | data | Chinese | China | 0.4542857142857143 |
| RT_MANIFEST | 0x1a9cbc | 0x362 | ASCII text, with very long lines (866), with no line terminators | English | United States | 0.4515011547344111 |
| DLL | Import |
|---|---|
| KERNEL32.dll | IsDebuggerPresent, IsProcessorFeaturePresent, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetStringTypeW, GetTimeZoneInformation, LCMapStringW, GetConsoleCP, GetConsoleMode, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, HeapCreate, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStdHandle, SetUnhandledExceptionFilter, GetFileType, SetStdHandle, VirtualQuery, GetSystemInfo, WriteConsoleW, SetEnvironmentVariableA, FindResourceW, LoadResource, LockResource, SizeofResource, GetModuleFileNameW, CreateThread, VirtualAlloc, GetSystemTimeAsFileTime, HeapSize, HeapQueryInformation, HeapReAlloc, RaiseException, ExitThread, RtlUnwind, ExitProcess, HeapAlloc, HeapFree, DecodePointer, EncodePointer, GetStartupInfoW, HeapSetInformation, GetCommandLineW, FindResourceExW, SearchPathW, GetProfileIntW, GetTickCount, InitializeCriticalSectionAndSpinCount, GetNumberFormatW, GetWindowsDirectoryW, GetTempPathW, GetTempFileNameW, GetFileTime, GetFileSizeEx, GetFileAttributesW, FileTimeToLocalFileTime, GetFileAttributesExW, SetErrorMode, FileTimeToSystemTime, lstrlenA, GlobalGetAtomNameW, GetFullPathNameW, GetVolumeInformationW, FindFirstFileW, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileW, lstrcmpiW, lstrcpyW, DeleteFileW, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalFlags, GetCurrentDirectoryW, GlobalFindAtomW, GetVersionExW, CompareStringW, InterlockedDecrement, ReleaseActCtx, CreateActCtxW, CopyFileW, GlobalSize, FormatMessageW, LocalFree, MulDiv, GlobalUnlock, GlobalFree, FreeResource, GetCurrentProcessId, GlobalAddAtomW, GetPrivateProfileStringW, lstrlenW, WritePrivateProfileStringW, GetPrivateProfileIntW, WaitForSingleObject, ResumeThread, SetThreadPriority, lstrcmpA, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, GetUserDefaultUILanguage, ConvertDefaultLocale, GetSystemDefaultUILanguage, GetLocaleInfoW, ActivateActCtx, LoadLibraryW, GetLastError, DeactivateActCtx, SetLastError, MultiByteToWideChar, WideCharToMultiByte, GlobalLock, lstrcmpW, GlobalAlloc, GetModuleHandleW, GetProcAddress, InterlockedExchange, FreeLibrary, TerminateThread, Sleep, CloseHandle, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, VirtualProtect |
| USER32.dll | RegisterClipboardFormatW, FrameRect, CopyIcon, CharUpperBuffW, PostThreadMessageW, GetKeyNameTextW, DefFrameProcW, DefMDIChildProcW, DrawMenuBar, HideCaret, InvertRect, LockWindowUpdate, SetCursorPos, SetRect, CreateAcceleratorTableW, GetKeyboardState, GetKeyboardLayout, MapVirtualKeyW, ToUnicodeEx, CopyAcceleratorTableW, TranslateMDISysAccel, DrawFrameControl, DrawIconEx, SetClassLongW, DestroyAcceleratorTable, SetParent, UnpackDDElParam, ReuseDDElParam, LoadImageW, LoadAcceleratorsW, InsertMenuItemW, BringWindowToTop, TranslateAcceleratorW, UnregisterClassW, GetMenuDefaultItem, SetMenuDefaultItem, CreatePopupMenu, IsMenu, MonitorFromPoint, UpdateLayeredWindow, EnableScrollBar, EmptyClipboard, IsRectEmpty, IsZoomed, GetAsyncKeyState, NotifyWinEvent, MessageBeep, RedrawWindow, SetWindowRgn, LoadMenuW, OffsetRect, IntersectRect, CharUpperW, DestroyIcon, GetSysColorBrush, SetLayeredWindowAttributes, EnumDisplayMonitors, SetRectEmpty, KillTimer, SetTimer, RealChildWindowFromPoint, DeleteMenu, WaitMessage, ReleaseCapture, LoadCursorW, WindowFromPoint, SetCapture, ShowWindow, MoveWindow, SetWindowTextW, IsDialogMessageW, CheckDlgButton, RegisterWindowMessageW, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, CloseClipboard, SetClipboardData, OpenClipboard, GetNextDlgGroupItem, CopyImage, UnionRect, GetIconInfo, CreateMenu, IsClipboardFormatAvailable, GetUpdateRect, GetDoubleClickTime, IsCharLowerW, MapVirtualKeyExW, SubtractRect, DestroyCursor, MapDialogRect, DrawFocusRect, GetCapture, GetClassLongW, SetPropW, GetPropW, RemovePropW, GetWindowRgn, DrawEdge, GetKeyState, EnableWindow, DrawIcon, GetClientRect, GetSystemMetrics, IsIconic, SendMessageW, AppendMenuW, GetSystemMenu, LoadIconW, PostMessageW, PostQuitMessage, CheckMenuItem, EnableMenuItem, GetMenuState, ModifyMenuW, GetParent, GetFocus, LoadBitmapW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, ValidateRect, GetCursorPos, PeekMessageW, IsWindowVisible, GetActiveWindow, DispatchMessageW, TranslateMessage, GetMessageW, CallNextHookEx, SetWindowsHookExW, SetCursor, ShowOwnedPopups, MessageBoxW, IsWindowEnabled, GetLastActivePopup, GetWindowLongW, GetWindowThreadProcessId, DrawStateW, FillRect, UpdateWindow, InvalidateRect, GetClassNameW, EndDialog, GetNextDlgTabItem, GetDlgItem, IsWindow, DestroyWindow, CreateDialogIndirectParamW, SetActiveWindow, GetDesktopWindow, RemoveMenu, GetSubMenu, GetMenuItemCount, InsertMenuW, GetMenuItemID, GetMenuStringW, TabbedTextOutW, DrawTextW, DrawTextExW, GrayStringW, ScreenToClient, ClientToScreen, GetDC, ReleaseDC, GetWindowDC, BeginPaint, EndPaint, GetSysColor, PtInRect, GetWindowRect, UnhookWindowsHookEx, CopyRect, InflateRect, GetMenuItemInfoW, DestroyMenu, SystemParametersInfoW, GetWindow, SetWindowPos, SetWindowLongW, GetMenu, CallWindowProcW, DefWindowProcW, GetDlgCtrlID, GetWindowPlacement, SetWindowPlacement, SetScrollInfo, GetScrollInfo, DeferWindowPos, EqualRect, AdjustWindowRectEx, RegisterClassW, GetClassInfoW, GetClassInfoExW, CreateWindowExW, ShowScrollBar, SetForegroundWindow, GetScrollPos, SetScrollPos, GetScrollRange, SetScrollRange, SetMenu, TrackPopupMenu, ScrollWindow, MapWindowPoints, GetMonitorInfoW, MonitorFromWindow, GetMessagePos, GetMessageTime, GetTopWindow, EndDeferWindowPos, BeginDeferWindowPos, GetForegroundWindow, GetWindowTextW, GetWindowTextLengthW, SetFocus |
| GDI32.dll | GetStockObject, GetDeviceCaps, CopyMetaFileW, CreateDCW, SaveDC, RestoreDC, SetBkColor, SetBkMode, SetPolyFillMode, SetROP2, SetTextColor, SetMapMode, GetClipBox, ExcludeClipRect, IntersectClipRect, LineTo, MoveToEx, SetTextAlign, GetLayout, SetLayout, SelectClipRgn, CreateRectRgn, GetViewportExtEx, GetWindowExtEx, BitBlt, GetPixel, PtVisible, RectVisible, TextOutW, ExtTextOutW, Escape, SelectObject, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, ExtSelectClipRgn, DeleteDC, GetObjectW, CreatePatternBrush, CreateCompatibleDC, CreateSolidBrush, GetObjectType, CreatePen, CreateHatchBrush, CreateFontIndirectW, GetTextExtentPoint32W, CreateDIBitmap, CreateCompatibleBitmap, CreateRectRgnIndirect, GetTextMetricsW, EnumFontFamiliesW, GetTextCharsetInfo, SetRectRgn, CombineRgn, PatBlt, DPtoLP, CreateRoundRectRgn, CreateDIBSection, CreatePolygonRgn, GetBkColor, GetTextColor, CreateEllipticRgn, Polyline, Ellipse, Polygon, CreatePalette, GetPaletteEntries, GetNearestPaletteIndex, RealizePalette, GetSystemPaletteEntries, OffsetRgn, GetRgnBox, SetDIBColorTable, StretchBlt, SetPixel, Rectangle, EnumFontFamiliesExW, ExtFloodFill, SetPaletteEntries, LPtoDP, GetWindowOrgEx, GetViewportOrgEx, PtInRegion, FillRgn, FrameRgn, GetBoundsRect, GetTextFaceW, SetPixelV, DeleteObject, CreateBitmap, SelectPalette |
| MSIMG32.dll | AlphaBlend, TransparentBlt |
| COMDLG32.dll | GetFileTitleW |
| WINSPOOL.DRV | OpenPrinterW, DocumentPropertiesW, ClosePrinter |
| ADVAPI32.dll | RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyW, RegQueryValueW, RegCloseKey, RegEnumValueW, RegEnumKeyExW |
| SHELL32.dll | SHBrowseForFolderW, SHAppBarMessage, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetDesktopFolder, ShellExecuteW, DragQueryFileW, DragFinish, SHGetFileInfoW |
| COMCTL32.dll | ImageList_GetIconSize, InitCommonControlsEx |
| SHLWAPI.dll | PathFindExtensionW, PathFindFileNameW, PathStripToRootW, PathIsUNCW, PathRemoveFileSpecW |
| ole32.dll | OleCreateMenuDescriptor, OleDestroyMenuDescriptor, OleTranslateAccelerator, IsAccelerator, OleLockRunning, OleGetClipboard, RegisterDragDrop, CoLockObjectExternal, RevokeDragDrop, CoCreateGuid, CoTaskMemFree, DoDragDrop, CreateStreamOnHGlobal, CoInitializeEx, CoInitialize, CoCreateInstance, CoUninitialize, OleDuplicateData, CoTaskMemAlloc, ReleaseStgMedium |
| OLEAUT32.dll | SysFreeString, SysAllocString, SysAllocStringLen, VariantClear, VariantChangeType, VariantInit, SysStringLen, VarBstrFromDate, SystemTimeToVariantTime, VariantTimeToSystemTime |
| gdiplus.dll | GdipGetImagePaletteSize, GdipGetImagePalette, GdipCreateBitmapFromStream, GdipCreateBitmapFromScan0, GdipGetImagePixelFormat, GdipBitmapUnlockBits, GdipGetImageGraphicsContext, GdipDrawImageI, GdipCreateFromHDC, GdiplusShutdown, GdiplusStartup, GdipGetImageHeight, GdipCloneImage, GdipGetImageWidth, GdipCreateBitmapFromHBITMAP, GdipDisposeImage, GdipDeleteGraphics, GdipAlloc, GdipDrawImageRectI, GdipBitmapLockBits, GdipFree, GdipSetInterpolationMode |
| IPHLPAPI.DLL | GetTcpTable2, SetTcpEntry |
| WS2_32.dll | htonl, inet_ntop |
| OLEACC.dll | AccessibleObjectFromWindow, CreateStdAccessibleObject, LresultFromObject |
| IMM32.dll | ImmGetOpenStatus, ImmReleaseContext, ImmGetContext |
| WINMM.dll | PlaySoundW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Chinese | China |  |
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 31, 2024 08:26:59.612432957 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:26:59.617337942 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:26:59.617418051 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:26:59.617727995 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:26:59.622481108 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.525938034 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.526187897 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:00.531095982 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.531110048 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.531117916 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.861836910 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.861857891 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.861865997 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.861906052 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:00.861941099 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.861953020 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.861962080 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.861972094 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.861984015 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.861984968 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:00.861994028 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.862005949 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.862010002 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:00.862015963 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.862030029 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:00.862046957 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:00.866882086 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.866892099 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.866899967 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:00.866930008 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:00.866946936 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.084624052 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.084636927 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.084645987 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.084656000 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.084675074 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.084702969 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.084887028 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.084896088 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.084929943 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.084954977 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.084965944 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.084975004 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.084985018 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.084996939 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.085016966 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.085772038 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.085782051 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.085787058 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.085791111 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.085794926 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.085799932 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.085854053 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.086675882 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.086685896 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.086694956 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.086705923 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.086713076 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.086715937 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.086726904 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.086743116 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.086759090 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.087471008 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.087493896 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.087528944 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.307775021 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.307794094 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.307801962 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.307842970 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.307843924 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.307853937 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.307863951 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.307876110 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.307887077 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.307904005 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.308244944 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.308254004 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.308263063 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.308274031 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.308279991 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.308284044 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.308296919 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.308299065 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.308309078 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.308320045 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.308326006 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.308363914 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.309094906 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.309104919 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.309114933 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.309127092 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.309128046 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.309138060 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.309146881 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.309158087 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.309159994 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.309168100 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.309181929 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.309201002 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.309966087 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.309976101 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.309986115 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.309994936 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.310005903 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.310010910 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.310017109 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.310025930 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.310039043 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.310043097 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.310056925 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.310859919 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.310868979 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.310878992 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.310889959 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.310895920 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.310900927 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.310913086 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.310914040 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.310923100 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.310937881 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.310957909 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.530795097 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.530826092 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.530834913 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.530869007 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.530875921 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.530879021 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.530893087 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.530905008 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.530913115 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.530931950 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.531025887 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531049013 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531059980 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531064034 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.531091928 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.531117916 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531136990 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531146049 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531151056 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531157017 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531188965 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.531661034 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531685114 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531697035 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531698942 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.531708002 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531717062 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531728983 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531730890 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.531738997 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531750917 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531754017 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.531760931 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531773090 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531776905 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.531783104 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.531804085 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.531827927 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.532442093 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.532453060 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.532461882 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.532473087 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.532480001 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.532483101 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.532491922 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.532502890 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.532510996 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.532514095 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.532521963 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.532525063 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.532536030 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.532541037 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.532546997 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.532561064 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.532581091 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.532603979 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.533334970 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.533344984 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.533355951 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.533365011 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.533375025 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.533381939 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.533386946 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.533387899 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.533396959 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.533416033 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.533420086 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.533426046 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.533437967 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.533447981 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.533451080 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.533457994 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.533471107 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.533497095 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.534265041 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.534275055 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.534282923 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.534292936 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.534305096 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.534305096 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.534313917 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.534322977 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.534334898 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.534338951 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.534346104 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.534354925 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.534365892 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.534379959 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.534390926 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.754057884 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754071951 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754081964 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754091024 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754101038 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754112005 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754143953 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754153967 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754163027 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754172087 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754183054 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754182100 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.754213095 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754223108 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754226923 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.754231930 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754240990 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754251003 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754292011 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.754292011 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.754303932 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754313946 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754323006 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754333973 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754343033 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754343987 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.754379034 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.754945040 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754955053 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754964113 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754972935 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754981995 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754990101 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.754995108 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755004883 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755006075 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.755018950 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755043030 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.755064011 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.755518913 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755527973 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755537987 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755546093 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755557060 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755565882 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.755565882 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755573034 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755580902 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755589962 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755594015 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.755599022 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755609035 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755614042 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.755619049 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755630016 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.755640984 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.755660057 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.756122112 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.756131887 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.756141901 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.756151915 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.756160975 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.756161928 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.756170034 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.756180048 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.756181002 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.756189108 CET | 7777 | 49730 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:01.756210089 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.756228924 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:01.759438992 CET | 49730 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:03.778707027 CET | 49731 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:03.783535004 CET | 7777 | 49731 | 124.156.117.13 | 192.168.2.4 |
| Dec 31, 2024 08:27:03.783608913 CET | 49731 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Dec 31, 2024 08:27:53.946475983 CET | 49731 | 7777 | 192.168.2.4 | 124.156.117.13 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 31, 2024 08:26:59.613339901 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:26:59.613390923 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:26:59.643448114 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:26:59.693531036 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:26:59.758982897 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:26:59.832403898 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:26:59.942410946 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:00.072438955 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:00.222424030 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:00.382404089 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:00.572406054 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:00.783428907 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:01.002394915 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:01.253408909 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:01.532686949 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:01.812422037 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:02.123460054 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:02.453526974 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:02.802423954 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:03.173448086 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:03.552423954 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:03.951925039 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:04.387423038 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
| Dec 31, 2024 08:27:19.326793909 CET | 55677 | 6341 | 192.168.2.4 | 192.168.1.2 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 02:26:48 |
| Start date: | 31/12/2024 |
| Path: | C:\Users\user\Desktop\1.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x170000 |
| File size: | 1'874'432 bytes |
| MD5 hash: | A2ECCD0AC68E32F1763FF60E5B151304 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 02:27:03 |
| Start date: | 31/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xcf0000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 2.8% |
| Dynamic/Decrypted Code Coverage: | 79.3% |
| Signature Coverage: | 12.5% |
| Total number of Nodes: | 1546 |
| Total number of Limit Nodes: | 33 |
Graph
Function 00187E35 Relevance: 105.6, APIs: 48, Strings: 12, Instructions: 557libraryloaderstringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF2320 Relevance: 89.7, APIs: 38, Strings: 13, Instructions: 447stringnetworklibraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF9DF0 Relevance: 47.6, APIs: 20, Strings: 7, Instructions: 330sleepsynchronizationtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A3840 Relevance: 16.5, APIs: 11, Instructions: 43threadsleepsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF4110 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75comstringnativeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00171410 Relevance: 7.5, APIs: 5, Instructions: 49processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF15C0 Relevance: 3.1, APIs: 2, Instructions: 71networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001D6E09 Relevance: 40.7, APIs: 22, Strings: 1, Instructions: 421windowCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFA2E0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 223sleepsynchronizationtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF3E70 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 165registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF2D40 Relevance: 24.7, APIs: 2, Strings: 12, Instructions: 164windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A2310 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 120memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF2FC0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 99sleepstringsynchronizationCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF1410 Relevance: 21.2, APIs: 14, Instructions: 157networkstringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A1410 Relevance: 21.2, APIs: 14, Instructions: 157networkstringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF4290 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 99registrylibraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00171660 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 128threadsleepCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0018386E Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A3140 Relevance: 10.7, APIs: 7, Instructions: 203sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A5F70 Relevance: 10.7, APIs: 7, Instructions: 152COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A2190 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 82sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B017EF Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028AAA21 Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001714C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF4210 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B0178A Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028AA9BC Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A3460 Relevance: 9.1, APIs: 6, Instructions: 149sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A9950 Relevance: 9.1, APIs: 6, Instructions: 102timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A85F0 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A7CA0 Relevance: 9.1, APIs: 6, Instructions: 72networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028AA9B0 Relevance: 9.0, APIs: 6, Instructions: 29threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFB2E0 Relevance: 7.6, APIs: 5, Instructions: 147COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF13B0 Relevance: 7.5, APIs: 5, Instructions: 32COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A13B0 Relevance: 7.5, APIs: 5, Instructions: 32COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF19A0 Relevance: 6.1, APIs: 4, Instructions: 102timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A1BE0 Relevance: 6.1, APIs: 4, Instructions: 101synchronizationtimeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A1190 Relevance: 6.1, APIs: 4, Instructions: 76memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A10E0 Relevance: 6.1, APIs: 4, Instructions: 66memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 028A5550 Relevance: 4.6, APIs: 3, Instructions: 96COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00268212 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 028A58D0 Relevance: 4.5, APIs: 3, Instructions: 39networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFA620 Relevance: 4.5, APIs: 3, Instructions: 32threadsynchronizationCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A8DA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 028A4550 Relevance: 3.1, APIs: 2, Instructions: 147COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A1840 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A19B0 Relevance: 3.1, APIs: 2, Instructions: 102timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A15C0 Relevance: 3.1, APIs: 2, Instructions: 71networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A7B90 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 028A1750 Relevance: 3.1, APIs: 2, Instructions: 60networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A7100 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A42B0 Relevance: 3.0, APIs: 2, Instructions: 49COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFB0D0 Relevance: 3.0, APIs: 2, Instructions: 43memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A4340 Relevance: 3.0, APIs: 2, Instructions: 43memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001A277F Relevance: 3.0, APIs: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 028A5630 Relevance: 3.0, APIs: 2, Instructions: 33networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A8130 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001748E0 Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 028A17F0 Relevance: 3.0, APIs: 2, Instructions: 21sleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A9610 Relevance: 3.0, APIs: 2, Instructions: 16timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00176385 Relevance: 3.0, APIs: 2, Instructions: 15threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 028AA97B Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF40F4 Relevance: 3.0, APIs: 2, Instructions: 8registryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFBAD0 Relevance: 1.6, APIs: 1, Instructions: 67timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A4D30 Relevance: 1.6, APIs: 1, Instructions: 67timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 028A1040 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028AA290 Relevance: 1.6, APIs: 1, Instructions: 50timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00174010 Relevance: 1.5, APIs: 1, Instructions: 37memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001791AE Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 028BAB70 Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B01749 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00186BCB Relevance: 1.5, APIs: 1, Instructions: 17COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 028A4020 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 028A4030 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001713E0 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 028A56E0 Relevance: 1.5, APIs: 1, Instructions: 10networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00171270 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00171590 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF46E0 Relevance: 68.5, APIs: 30, Strings: 9, Instructions: 240libraryloaderinjectionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF7F30 Relevance: 58.1, APIs: 29, Strings: 4, Instructions: 354windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFAA00 Relevance: 58.0, APIs: 31, Strings: 2, Instructions: 216filesynchronizationstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001E659B Relevance: 42.5, APIs: 28, Instructions: 452windowkeyboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001F87A3 Relevance: 37.1, APIs: 20, Strings: 1, Instructions: 325windowkeyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF4D50 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 127threadinjectionprocessCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFA6D0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 130synchronizationfilestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001AAB3A Relevance: 21.3, APIs: 14, Instructions: 280keyboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF4520 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 69libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001EE3B0 Relevance: 16.9, APIs: 11, Instructions: 446COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001D6712 Relevance: 13.6, APIs: 9, Instructions: 141clipboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001749C6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0017810C Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001A6268 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFEBA0 Relevance: 4.6, APIs: 3, Instructions: 84networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001A630C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B137A9 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF5530 Relevance: .6, Instructions: 608COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001D6908 Relevance: 51.1, APIs: 28, Strings: 1, Instructions: 323fileCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B0479B Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF8670 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 170stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFFC80 Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 324threadtimenetworkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF66A0 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 308windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF3B70 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 146memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0017E64D Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 191windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF4B80 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 141libraryloaderfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001C4685 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 230windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF31E0 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 222stringcomregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0019E3EF Relevance: 25.0, APIs: 11, Strings: 3, Instructions: 469windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001D63CB Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 318windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00174A92 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 132libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF9910 Relevance: 22.8, APIs: 15, Instructions: 254COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00198914 Relevance: 22.7, APIs: 15, Instructions: 232timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001F2990 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 410windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF88B0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 164registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF39A0 Relevance: 19.7, APIs: 13, Instructions: 169COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001860FA Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 334windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF3520 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 144registrystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00202A14 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 137COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001C6AF0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 137windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF3346 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 125stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFEC80 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 113networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001A677B Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 111windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001BA815 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 286keyboardCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001CE9E0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 234windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001C099F Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFF570 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 154networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF6C90 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 150windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001B073B Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 138windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF3820 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 116memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF8B30 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 66registrystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001C81C1 Relevance: 16.9, APIs: 11, Instructions: 392COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001783B9 Relevance: 16.6, APIs: 11, Instructions: 139COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001E6193 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 239windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF8BE0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88processstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFA8E0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 74stringtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001F80E2 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 51sleepthreadCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0024AB90 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 36windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001F67C4 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 325windowstringCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00200A63 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 114windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF8540 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0018097D Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 69windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001A68D0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B009B0 Relevance: 13.7, APIs: 9, Instructions: 168COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF1BD0 Relevance: 13.6, APIs: 9, Instructions: 101synchronizationtimeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B00470 Relevance: 13.6, APIs: 9, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFF3A0 Relevance: 13.6, APIs: 9, Instructions: 81memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B00700 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001C40F7 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001C493D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 79windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001D4C1A Relevance: 12.2, APIs: 8, Instructions: 240windowCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 002569DF Relevance: 12.1, APIs: 8, Instructions: 134COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFB930 Relevance: 12.1, APIs: 8, Instructions: 121synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0018E78F Relevance: 12.1, APIs: 8, Instructions: 111COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0019CA6F Relevance: 12.1, APIs: 8, Instructions: 100COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001A843A Relevance: 12.1, APIs: 8, Instructions: 80windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00178717 Relevance: 12.1, APIs: 8, Instructions: 74windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0018687A Relevance: 12.1, APIs: 8, Instructions: 64COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00178945 Relevance: 12.1, APIs: 8, Instructions: 52memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00188809 Relevance: 12.0, APIs: 8, Instructions: 39COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0019A6F8 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 367stringwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0020E250 Relevance: 10.8, APIs: 7, Instructions: 348COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001DC7D7 Relevance: 10.7, APIs: 7, Instructions: 233COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFCD10 Relevance: 10.7, APIs: 7, Instructions: 152COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0018EAD5 Relevance: 10.6, APIs: 7, Instructions: 126COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001EC7C7 Relevance: 10.6, APIs: 7, Instructions: 120COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFC2F0 Relevance: 10.6, APIs: 7, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFEF50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001EE943 Relevance: 10.6, APIs: 7, Instructions: 90windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001765A3 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0017E135 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00174630 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001745C4 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFA860 Relevance: 10.5, APIs: 7, Instructions: 42filesynchronizationstringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B044B7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001887C3 Relevance: 10.5, APIs: 7, Instructions: 30COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001907E8 Relevance: 9.3, APIs: 6, Instructions: 299COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001BA2AE Relevance: 9.2, APIs: 6, Instructions: 221COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001FC579 Relevance: 9.2, APIs: 6, Instructions: 208windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001C2223 Relevance: 9.2, APIs: 6, Instructions: 177windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0019226D Relevance: 9.2, APIs: 6, Instructions: 155windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001781F5 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 002126D7 Relevance: 9.1, APIs: 6, Instructions: 138COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001C6166 Relevance: 9.1, APIs: 6, Instructions: 137windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001F4767 Relevance: 9.1, APIs: 6, Instructions: 120windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF6520 Relevance: 9.1, APIs: 6, Instructions: 107COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFC6E0 Relevance: 9.1, APIs: 6, Instructions: 99networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00196AD4 Relevance: 9.1, APIs: 6, Instructions: 95windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF30E0 Relevance: 9.1, APIs: 6, Instructions: 86processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001D213D Relevance: 9.1, APIs: 6, Instructions: 82windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001CC613 Relevance: 9.1, APIs: 6, Instructions: 77COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFEA50 Relevance: 9.1, APIs: 6, Instructions: 72networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0019A343 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 294keyboardCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF6490 Relevance: 9.0, APIs: 6, Instructions: 42COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF1EC0 Relevance: 9.0, APIs: 6, Instructions: 39synchronizationsleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001C4220 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 143memorywindowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001A6BD8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B086CE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001E89DA Relevance: 7.8, APIs: 5, Instructions: 316COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0020445E Relevance: 7.7, APIs: 5, Instructions: 226windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0019C0AC Relevance: 7.7, APIs: 5, Instructions: 196COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFCF10 Relevance: 7.7, APIs: 5, Instructions: 181COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001E2823 Relevance: 7.7, APIs: 5, Instructions: 171windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001CC42D Relevance: 7.7, APIs: 5, Instructions: 169COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001E880C Relevance: 7.7, APIs: 5, Instructions: 168COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001FC9CF Relevance: 7.7, APIs: 5, Instructions: 166windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001C0BA2 Relevance: 7.7, APIs: 5, Instructions: 162stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00224323 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00198BDB Relevance: 7.6, APIs: 5, Instructions: 123COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001BC894 Relevance: 7.6, APIs: 5, Instructions: 113windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001CE4E3 Relevance: 7.6, APIs: 5, Instructions: 111windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001BCB9C Relevance: 7.6, APIs: 5, Instructions: 106COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001EE1B1 Relevance: 7.6, APIs: 5, Instructions: 102windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0019206B Relevance: 7.6, APIs: 5, Instructions: 99COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001AC2F3 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001B84D4 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001D0062 Relevance: 7.6, APIs: 5, Instructions: 94windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001AA15A Relevance: 7.6, APIs: 5, Instructions: 94windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFC850 Relevance: 7.6, APIs: 5, Instructions: 87stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0017E4C7 Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 002102B6 Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001D29F5 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001E4999 Relevance: 7.6, APIs: 5, Instructions: 68windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001A0226 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001AE797 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF1270 Relevance: 7.6, APIs: 6, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001C247D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001B4B13 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001CCAE7 Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001F813A Relevance: 7.6, APIs: 5, Instructions: 53threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFB040 Relevance: 7.5, APIs: 6, Instructions: 49COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF43B0 Relevance: 7.5, APIs: 5, Instructions: 33processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF78EE Relevance: 7.5, APIs: 5, Instructions: 26processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B0177E Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001B000B Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 201windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001B4BCC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161keyboardCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0021C793 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109keyboardCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00186941 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72windowCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF2CA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001C25EF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00180770 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00176521 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001764C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001EA573 Relevance: 6.4, APIs: 4, Instructions: 435COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF9710 Relevance: 6.4, APIs: 5, Instructions: 140COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFE690 Relevance: 6.3, APIs: 5, Instructions: 80stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B00410 Relevance: 6.3, APIs: 5, Instructions: 34COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001B6245 Relevance: 6.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001DE396 Relevance: 6.2, APIs: 4, Instructions: 187windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0019CBE4 Relevance: 6.2, APIs: 4, Instructions: 187COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001FC0C7 Relevance: 6.2, APIs: 4, Instructions: 173COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001E80DF Relevance: 6.2, APIs: 4, Instructions: 159COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001A41B0 Relevance: 6.2, APIs: 4, Instructions: 155timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 002466C6 Relevance: 6.2, APIs: 4, Instructions: 155windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001DE80F Relevance: 6.2, APIs: 4, Instructions: 151windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0018215C Relevance: 6.1, APIs: 4, Instructions: 132windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0019636C Relevance: 6.1, APIs: 4, Instructions: 120COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001A8185 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001EC250 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001DC6FE Relevance: 6.1, APIs: 4, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFF060 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001C6303 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF1190 Relevance: 6.1, APIs: 4, Instructions: 76memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001CE8AB Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001F8BF1 Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF10E0 Relevance: 6.1, APIs: 4, Instructions: 66memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00178894 Relevance: 6.1, APIs: 4, Instructions: 62windowCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF9D50 Relevance: 6.1, APIs: 4, Instructions: 59memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00206375 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFE1B0 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFB150 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001A00E2 Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001C2AD5 Relevance: 6.1, APIs: 4, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001F8410 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001DC4DB Relevance: 6.1, APIs: 4, Instructions: 51COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0020A37E Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001B43D4 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0018EA50 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0018265C Relevance: 6.0, APIs: 4, Instructions: 45COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AF6E40 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001829EF Relevance: 6.0, APIs: 4, Instructions: 39windowCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001785B8 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00178524 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 002568F7 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 001DE317 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02AFA680 Relevance: 6.0, APIs: 4, Instructions: 27threadsleepsynchronizationCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AF17F0 Relevance: 6.0, APIs: 4, Instructions: 21synchronizationsleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00250136 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AFEDD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B08447 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|