Edit tour
Windows
Analysis Report
2lfV6QiE6j
Overview
General Information
| Sample Name: | 2lfV6QiE6j (renamed file extension from none to exe) |
| Analysis ID: | 563792 |
| MD5: | 00e84b6fa4bc44283827fdfed408acb2 |
| SHA1: | b0f0e79d324a769b9b52be8896c8d150fbbaf7d2 |
| SHA256: | 4dfcffc647f3ad92ed307b8896b270b36634a5da12a3fea4ac89b51243e2b02f |
| Tags: | 32exetrojan |
| Infos: |   |
 | |
Detection
| Score: | 60 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Yara detected Costura Assembly Loader
Machine Learning detection for sample
.NET source code contains potential unpacker
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Binary contains a suspicious time stamp
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
2lfV6QiE6j.exe (PID: 6788 cmdline: "C:\Users\ user\Deskt op\2lfV6Qi E6j.exe" MD5: 00E84B6FA4BC44283827FDFED408ACB2) 
powershell.exe (PID: 6880 cmdline: "C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" cmd /c tim eout 20 MD5: DBA3E6449E97D4E3DF64527EF7012A10) 
conhost.exe (PID: 6900 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - cmd.exe (PID: 7084 cmdline:
"C:\Window s\system32 \cmd.exe" /c timeout 20 MD5: F3BDBE3BB6F734E357235F4D5898582D) 
timeout.exe (PID: 4900 cmdline: timeout 20 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security |
| Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): | ||
| Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): | ||
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | JA3 fingerprint: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_05989207 | |
| Source: | Code function: | 0_2_05982E6F | |
| Source: | Code function: | 0_2_05A20ED8 | |
| Source: | Code function: | 0_2_05A20159 | |
| Source: | Code function: | 0_2_05A21390 | |
| Source: | Code function: | 0_2_05A20F9A | |
| Source: | Code function: | 0_2_05A266A0 | |
| Source: | Code function: | 0_2_05A20910 | |
| Source: | Code function: | 0_2_05A2088D | |
| Source: | Code function: | 0_2_05A2081E | |
| Source: | Code function: | 0_2_05B0DFEF | |
| Source: | Code function: | 0_2_05B076F0 | |
| Source: | Code function: | 0_2_05B0E839 | |
| Source: | Code function: | 0_2_05B0B3E8 | |
| Source: | Code function: | 0_2_05B0FAC0 | |
| Source: | Code function: | 0_2_05B0C468 | |
| Source: | Code function: | 0_2_05B0B718 | |
| Source: | Code function: | 2_2_0310EBA0 | |
| Source: | Code function: | 2_2_03109AD0 | |
| Source: | Code function: | 2_2_0310B150 | |
| Source: | Code function: | 2_2_0310C9CA | |
| Source: | Code function: | 2_2_0310C9E0 | |
| Source: | Code function: | 2_2_0310A070 | |
| Source: | Code function: | 2_2_03107E08 | |
| Source: | Code function: | 2_2_0310B570 | |
| Source: | Code function: | 2_2_03131A60 | |
| Source: | Process Stats: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | Code function: | 0_2_05A2D501 | |
| Source: | Code function: | 0_2_05A2D501 | |
| Source: | Code function: | 0_2_05A22189 | |
| Source: | Code function: | 0_2_05B065B9 | |
| Source: | Code function: | 0_2_05B05C91 | |
| Source: | Code function: | 0_2_05B08409 | |
| Source: | Code function: | 2_2_0310B55B | |
| Source: | Static PE information: | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | 1 Input Capture | 1 Query Registry | Remote Services | 1 Input Capture | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 21 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 11 Process Injection | NTDS | 21 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Scheduled Transfer | 3 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Software Packing | Cached Domain Credentials | 1 Remote System Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Timestomp | DCSync | 1 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | 12 System Information Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 19% | ReversingLabs | Win32.Dropper.Generic | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| cdn.discordapp.com | 162.159.129.233 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 162.159.129.233 | cdn.discordapp.com | United States | 13335 | CLOUDFLARENETUS | false | |
| 162.159.134.233 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox Version: | 34.0.0 Boulder Opal |
| Analysis ID: | 563792 |
| Start date: | 01.02.2022 |
| Start time: | 02:03:56 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 9m 5s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | 2lfV6QiE6j (renamed file extension from none to exe) |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 24 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal60.evad.winEXE@8/4@2/2 |
| EGA Information: |
|
| HDC Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 23.211.6.115
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Execution Graph export aborted for target 2lfV6QiE6j.exe, PID 6788 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: 2lfV6QiE6j.exe
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 162.159.129.233 | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| cdn.discordapp.com | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
⊘No context
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 13036 |
| Entropy (8bit): | 5.5248307259596485 |
| Encrypted: | false |
| SSDEEP: | 192:mtHdavqWZbyO2mw97VwnPrVPv+8M02MSBuJs5mwR50XvulKH07fEjKFM5r0:mt9DibVK7VADF+RMSBKn5ulWOECC0 |
| MD5: | 116965338FEB378092150E47027F6ED6 |
| SHA1: | A9431B9D644937683D0269057C49AE26757737B7 |
| SHA-256: | 09EF6FECFD4141CAFC8A6545A8628CD9704752A680B099BA8B36C365544D848D |
| SHA-512: | 2F0690A7E0EF2EAEE7F03BEF679234203FF6BF856D6DCFF43C925A7C4380ADADDFEB49DF46CBBF12CDEB71E0581E4F0149C4719D48FC18B8D18B92DA5924A09B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
C:\Users\user\Documents\20220201\PowerShell_transcript.088753.yBBMHBlq.20220201020510.txt
Download File
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1000 |
| Entropy (8bit): | 5.013679533046794 |
| Encrypted: | false |
| SSDEEP: | 24:BxSAY7vBVLVvx2DOXUW8WWOHjeTKKjX4CIym1ZJXAvsFnnxSAZ8:BZMvTLVvoOUOqDYB1Z+8ZZ8 |
| MD5: | 22EC96EEB48E03EDCF7B38677935D256 |
| SHA1: | D4AB630796A95183B3C0B3DB5958C99D7C612FC3 |
| SHA-256: | CB732D63F8E4CD3C57A70AA6E51744273BE2DEF2D32B6A51676E8AE4EB4B0822 |
| SHA-512: | 7B56C4E774E70960EA3AA58ABEC0C9FD1981DE63A44A5B931D665E1FA7F6EBC6D33DB6916C1D7D8AC80813B29E228F624DE2FF10AFC9BA97C743F5A8A75A3116 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 4.9150239564523375 |
| TrID: |
|
| File name: | 2lfV6QiE6j.exe |
| File size: | 9728 |
| MD5: | 00e84b6fa4bc44283827fdfed408acb2 |
| SHA1: | b0f0e79d324a769b9b52be8896c8d150fbbaf7d2 |
| SHA256: | 4dfcffc647f3ad92ed307b8896b270b36634a5da12a3fea4ac89b51243e2b02f |
| SHA512: | 2953a471e11601250f9433d49fc09ad8be70671f5bcaa65c5cc2a930505a34e55b41e315c33f63223838acd1c34ee57cf460531096959d593b9f3cdcada51b09 |
| SSDEEP: | 192:Ss5AD3o9L8bnjpqTd/LnLAt7RPI1Rqwsv9WvT8:f5ADY9L8b9qTd/LnLmZrwslWvT |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:................0..............5... ...@....@.. ....................................@................................ |
 | |
| Icon Hash: | c9ccccc5a6a8cec6 |
| Entrypoint: | 0x4035ba |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
| DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
| Time Stamp: | 0xDB843ABB [Sat Sep 14 21:08:11 2086 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | v4.0.30319 |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3568 | 0x4f | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4000 | 0xc00 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x354c | 0x1c | .text |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0x15c0 | 0x1600 | False | 0.546519886364 | data | 5.4495209717 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x4000 | 0xc00 | 0xc00 | False | 0.407552083333 | data | 4.24983140413 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x6000 | 0xc | 0x200 | False | 0.044921875 | data | 0.0815394123432 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_ICON | 0x4120 | 0x2e8 | data | ||
| RT_ICON | 0x4418 | 0x128 | GLS_BINARY_LSB_FIRST | ||
| RT_GROUP_ICON | 0x4550 | 0x22 | data | ||
| RT_VERSION | 0x4584 | 0x47a | data | ||
| RT_MANIFEST | 0x4a10 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
| Description | Data |
|---|---|
| Translation | 0x0000 0x04b0 |
| LegalCopyright | 2011 Microsoft Corporation. All rights reserved. |
| Assembly Version | 12.0.6612.1000 |
| InternalName | macwx.exe |
| FileVersion | 12.0.6612.1000 |
| CompanyName | Microsoft Corporation |
| LegalTrademarks | |
| Comments | 2007 Microsoft Office Suite Service Pack 3 Setup |
| ProductName | 2007 Microsoft Office Suite |
| ProductVersion | 12.0.6612.1000 |
| FileDescription | 2007 Microsoft Office Suite Service Pack 3 Setup |
| OriginalFilename | macwx.exe |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 1, 2022 02:06:34.799700022 CET | 49793 | 80 | 192.168.2.6 | 162.159.129.233 |
| Feb 1, 2022 02:06:34.815913916 CET | 80 | 49793 | 162.159.129.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:34.819752932 CET | 49793 | 80 | 192.168.2.6 | 162.159.129.233 |
| Feb 1, 2022 02:06:34.820791006 CET | 49793 | 80 | 192.168.2.6 | 162.159.129.233 |
| Feb 1, 2022 02:06:34.837183952 CET | 80 | 49793 | 162.159.129.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:34.841675997 CET | 80 | 49793 | 162.159.129.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:34.875379086 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:34.875415087 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:34.875499964 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:34.910908937 CET | 49793 | 80 | 192.168.2.6 | 162.159.129.233 |
| Feb 1, 2022 02:06:35.110972881 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.111012936 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.161753893 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.162326097 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.166068077 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.166080952 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.166393042 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.317142963 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.424400091 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.460169077 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.460452080 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.460540056 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.460632086 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.460721970 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.460803986 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.460880041 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.460977077 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.461069107 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.461158991 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.461968899 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.461996078 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.462009907 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.462057114 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.462080956 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.462138891 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.462150097 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.462301970 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.462315083 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.462326050 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.462363005 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.462374926 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.463289976 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.463308096 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.463319063 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.463350058 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.463363886 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.463392973 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.463433027 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.463442087 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.463562965 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.463584900 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.477087021 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.477112055 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.477225065 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.477225065 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.477248907 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.477336884 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.477520943 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.477538109 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.477549076 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.477576017 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.477888107 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.478068113 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.478241920 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.478270054 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.478286982 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.478317022 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.478472948 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.478486061 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.478526115 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.478852987 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.478862047 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.479209900 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.493971109 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.494069099 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.494071007 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.494095087 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.494179010 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.494261026 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.494358063 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.494437933 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.494438887 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.494462013 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.494539976 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.494606018 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.494957924 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.495042086 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.495084047 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.495101929 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.495121956 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.495204926 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.495279074 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.495460987 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.495656013 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.495672941 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.495714903 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.496402025 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.497009039 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.497024059 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.510922909 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.511032104 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.511132956 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.511234045 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.511301994 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.514126062 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.514156103 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.514170885 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.514488935 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.514774084 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.514791012 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.514803886 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.514868975 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.514878035 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.514889002 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.514909029 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.514914989 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.514971018 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.514980078 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.515001059 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.515022993 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.515027046 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.515039921 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.515094995 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.515122890 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.515125036 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.515139103 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.515186071 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.515253067 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.515279055 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.515590906 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.515669107 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.515697002 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.515758991 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.515769005 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.515783072 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.515834093 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.516299009 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.516326904 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.516390085 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.516405106 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.516418934 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.516446114 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.516632080 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.516938925 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.516956091 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.516968012 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.517040968 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.517054081 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.517079115 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.517101049 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.517594099 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.517802954 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.537358046 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.537440062 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.537486076 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.537512064 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.537538052 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.537561893 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.553705931 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.553761959 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.553879976 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.553900003 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.554042101 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.554073095 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.554147005 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.554162979 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.554191113 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.554239035 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.554584026 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.554584026 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.554605961 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.555063009 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.555078983 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.555485010 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.555496931 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.555767059 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.555775881 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.556236029 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.556248903 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.556706905 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.556721926 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.556987047 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.556996107 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.557435036 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.557442904 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.558324099 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.558342934 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.558357954 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.558362961 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.558758020 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.558765888 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.559185028 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.559191942 CET | 443 | 49794 | 162.159.134.233 | 192.168.2.6 |
| Feb 1, 2022 02:06:35.559612989 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.559896946 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.560328960 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Feb 1, 2022 02:06:35.561831951 CET | 49794 | 443 | 192.168.2.6 | 162.159.134.233 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 1, 2022 02:06:34.760256052 CET | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
| Feb 1, 2022 02:06:34.781784058 CET | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
| Feb 1, 2022 02:06:34.854823112 CET | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
| Feb 1, 2022 02:06:34.874133110 CET | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| Feb 1, 2022 02:06:34.760256052 CET | 192.168.2.6 | 8.8.8.8 | 0xd7e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 1, 2022 02:06:34.854823112 CET | 192.168.2.6 | 8.8.8.8 | 0x8073 | Standard query (0) | A (IP address) | IN (0x0001) |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| Feb 1, 2022 02:06:34.781784058 CET | 8.8.8.8 | 192.168.2.6 | 0xd7e | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | ||
| Feb 1, 2022 02:06:34.781784058 CET | 8.8.8.8 | 192.168.2.6 | 0xd7e | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | ||
| Feb 1, 2022 02:06:34.781784058 CET | 8.8.8.8 | 192.168.2.6 | 0xd7e | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | ||
| Feb 1, 2022 02:06:34.781784058 CET | 8.8.8.8 | 192.168.2.6 | 0xd7e | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | ||
| Feb 1, 2022 02:06:34.781784058 CET | 8.8.8.8 | 192.168.2.6 | 0xd7e | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | ||
| Feb 1, 2022 02:06:34.874133110 CET | 8.8.8.8 | 192.168.2.6 | 0x8073 | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | ||
| Feb 1, 2022 02:06:34.874133110 CET | 8.8.8.8 | 192.168.2.6 | 0x8073 | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | ||
| Feb 1, 2022 02:06:34.874133110 CET | 8.8.8.8 | 192.168.2.6 | 0x8073 | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | ||
| Feb 1, 2022 02:06:34.874133110 CET | 8.8.8.8 | 192.168.2.6 | 0x8073 | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | ||
| Feb 1, 2022 02:06:34.874133110 CET | 8.8.8.8 | 192.168.2.6 | 0x8073 | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49794 | 162.159.134.233 | 443 | C:\Users\user\Desktop\2lfV6QiE6j.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 1 | 192.168.2.6 | 49793 | 162.159.129.233 | 80 | C:\Users\user\Desktop\2lfV6QiE6j.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| Feb 1, 2022 02:06:34.820791006 CET | 18026 | OUT | |
| Feb 1, 2022 02:06:34.841675997 CET | 18026 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49794 | 162.159.134.233 | 443 | C:\Users\user\Desktop\2lfV6QiE6j.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-02-01 01:06:35 UTC | 0 | OUT | |
| 2022-02-01 01:06:35 UTC | 0 | IN | |
| 2022-02-01 01:06:35 UTC | 1 | IN | |
| 2022-02-01 01:06:35 UTC | 1 | IN | |
| 2022-02-01 01:06:35 UTC | 2 | IN | |
| 2022-02-01 01:06:35 UTC | 4 | IN | |
| 2022-02-01 01:06:35 UTC | 5 | IN | |
| 2022-02-01 01:06:35 UTC | 6 | IN | |
| 2022-02-01 01:06:35 UTC | 8 | IN | |
| 2022-02-01 01:06:35 UTC | 9 | IN | |
| 2022-02-01 01:06:35 UTC | 10 | IN | |
| 2022-02-01 01:06:35 UTC | 12 | IN | |
| 2022-02-01 01:06:35 UTC | 13 | IN | |
| 2022-02-01 01:06:35 UTC | 14 | IN | |
| 2022-02-01 01:06:35 UTC | 16 | IN | |
| 2022-02-01 01:06:35 UTC | 17 | IN | |
| 2022-02-01 01:06:35 UTC | 18 | IN | |
| 2022-02-01 01:06:35 UTC | 20 | IN | |
| 2022-02-01 01:06:35 UTC | 21 | IN | |
| 2022-02-01 01:06:35 UTC | 22 | IN | |
| 2022-02-01 01:06:35 UTC | 24 | IN | |
| 2022-02-01 01:06:35 UTC | 25 | IN | |
| 2022-02-01 01:06:35 UTC | 26 | IN | |
| 2022-02-01 01:06:35 UTC | 28 | IN | |
| 2022-02-01 01:06:35 UTC | 29 | IN | |
| 2022-02-01 01:06:35 UTC | 30 | IN | |
| 2022-02-01 01:06:35 UTC | 32 | IN | |
| 2022-02-01 01:06:35 UTC | 33 | IN | |
| 2022-02-01 01:06:35 UTC | 34 | IN | |
| 2022-02-01 01:06:35 UTC | 36 | IN | |
| 2022-02-01 01:06:35 UTC | 37 | IN | |
| 2022-02-01 01:06:35 UTC | 38 | IN | |
| 2022-02-01 01:06:35 UTC | 40 | IN | |
| 2022-02-01 01:06:35 UTC | 41 | IN | |
| 2022-02-01 01:06:35 UTC | 42 | IN | |
| 2022-02-01 01:06:35 UTC | 44 | IN | |
| 2022-02-01 01:06:35 UTC | 45 | IN | |
| 2022-02-01 01:06:35 UTC | 46 | IN | |
| 2022-02-01 01:06:35 UTC | 48 | IN | |
| 2022-02-01 01:06:35 UTC | 49 | IN | |
| 2022-02-01 01:06:35 UTC | 50 | IN | |
| 2022-02-01 01:06:35 UTC | 52 | IN | |
| 2022-02-01 01:06:35 UTC | 53 | IN | |
| 2022-02-01 01:06:35 UTC | 57 | IN | |
| 2022-02-01 01:06:35 UTC | 61 | IN | |
| 2022-02-01 01:06:35 UTC | 65 | IN | |
| 2022-02-01 01:06:35 UTC | 69 | IN | |
| 2022-02-01 01:06:35 UTC | 73 | IN | |
| 2022-02-01 01:06:35 UTC | 77 | IN | |
| 2022-02-01 01:06:35 UTC | 82 | IN | |
| 2022-02-01 01:06:35 UTC | 86 | IN | |
| 2022-02-01 01:06:35 UTC | 90 | IN | |
| 2022-02-01 01:06:35 UTC | 94 | IN | |
| 2022-02-01 01:06:35 UTC | 97 | IN | |
| 2022-02-01 01:06:35 UTC | 101 | IN | |
| 2022-02-01 01:06:35 UTC | 105 | IN | |
| 2022-02-01 01:06:35 UTC | 109 | IN | |
| 2022-02-01 01:06:35 UTC | 114 | IN | |
| 2022-02-01 01:06:35 UTC | 118 | IN | |
| 2022-02-01 01:06:35 UTC | 122 | IN | |
| 2022-02-01 01:06:35 UTC | 126 | IN | |
| 2022-02-01 01:06:35 UTC | 129 | IN | |
| 2022-02-01 01:06:35 UTC | 133 | IN | |
| 2022-02-01 01:06:35 UTC | 137 | IN | |
| 2022-02-01 01:06:35 UTC | 141 | IN | |
| 2022-02-01 01:06:35 UTC | 146 | IN | |
| 2022-02-01 01:06:35 UTC | 150 | IN | |
| 2022-02-01 01:06:35 UTC | 154 | IN | |
| 2022-02-01 01:06:35 UTC | 158 | IN | |
| 2022-02-01 01:06:35 UTC | 161 | IN | |
| 2022-02-01 01:06:35 UTC | 165 | IN | |
| 2022-02-01 01:06:35 UTC | 169 | IN | |
| 2022-02-01 01:06:35 UTC | 173 | IN | |
| 2022-02-01 01:06:35 UTC | 178 | IN | |
| 2022-02-01 01:06:35 UTC | 182 | IN | |
| 2022-02-01 01:06:35 UTC | 186 | IN | |
| 2022-02-01 01:06:35 UTC | 190 | IN | |
| 2022-02-01 01:06:35 UTC | 193 | IN | |
| 2022-02-01 01:06:35 UTC | 197 | IN | |
| 2022-02-01 01:06:35 UTC | 201 | IN | |
| 2022-02-01 01:06:35 UTC | 205 | IN | |
| 2022-02-01 01:06:35 UTC | 210 | IN | |
| 2022-02-01 01:06:35 UTC | 214 | IN | |
| 2022-02-01 01:06:35 UTC | 225 | IN | |
| 2022-02-01 01:06:35 UTC | 230 | IN | |
| 2022-02-01 01:06:35 UTC | 246 | IN | |
| 2022-02-01 01:06:35 UTC | 257 | IN | |
| 2022-02-01 01:06:35 UTC | 273 | IN | |
| 2022-02-01 01:06:35 UTC | 289 | IN | |
| 2022-02-01 01:06:35 UTC | 305 | IN | |
| 2022-02-01 01:06:35 UTC | 321 | IN | |
| 2022-02-01 01:06:35 UTC | 337 | IN | |
| 2022-02-01 01:06:35 UTC | 353 | IN | |
| 2022-02-01 01:06:35 UTC | 369 | IN | |
| 2022-02-01 01:06:35 UTC | 385 | IN | |
| 2022-02-01 01:06:35 UTC | 401 | IN | |
| 2022-02-01 01:06:35 UTC | 417 | IN | |
| 2022-02-01 01:06:35 UTC | 433 | IN | |
| 2022-02-01 01:06:35 UTC | 449 | IN | |
| 2022-02-01 01:06:35 UTC | 465 | IN | |
| 2022-02-01 01:06:35 UTC | 481 | IN | |
| 2022-02-01 01:06:35 UTC | 497 | IN | |
| 2022-02-01 01:06:35 UTC | 513 | IN | |
| 2022-02-01 01:06:35 UTC | 529 | IN | |
| 2022-02-01 01:06:35 UTC | 545 | IN | |
| 2022-02-01 01:06:35 UTC | 561 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 02:05:03 |
| Start date: | 01/02/2022 |
| Path: | C:\Users\user\Desktop\2lfV6QiE6j.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x3b0000 |
| File size: | 9728 bytes |
| MD5 hash: | 00E84B6FA4BC44283827FDFED408ACB2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Yara matches: |
|
| Reputation: | low |
| Target ID: | 2 |
| Start time: | 02:05:05 |
| Start date: | 01/02/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xd30000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Reputation: | high |
| Target ID: | 3 |
| Start time: | 02:05:06 |
| Start date: | 01/02/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61de10000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 13 |
| Start time: | 02:06:00 |
| Start date: | 01/02/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2a0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 15 |
| Start time: | 02:06:01 |
| Start date: | 01/02/2022 |
| Path: | C:\Windows\SysWOW64\timeout.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xf0000 |
| File size: | 26112 bytes |
| MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
Function 05B0B3E8 Relevance: 2.4, Strings: 1, Instructions: 1196COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0B718 Relevance: 1.8, Strings: 1, Instructions: 507COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B076F0 Relevance: 1.7, Strings: 1, Instructions: 419COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A21390 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0DFEF Relevance: .6, Instructions: 550COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0E839 Relevance: .5, Instructions: 538COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A20ED8 Relevance: .2, Instructions: 248COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0FAC0 Relevance: .2, Instructions: 217COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A20F9A Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A20159 Relevance: .2, Instructions: 187COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A27C7F Relevance: 1.4, Strings: 1, Instructions: 115COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2B8B0 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B076E0 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A25A18 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A27D58 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2F1C8 Relevance: .9, Instructions: 892COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A10708 Relevance: .6, Instructions: 604COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2F1B0 Relevance: .5, Instructions: 539COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0D420 Relevance: .5, Instructions: 525COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2F271 Relevance: .5, Instructions: 481COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0F105 Relevance: .5, Instructions: 459COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A28F48 Relevance: .4, Instructions: 435COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A288A0 Relevance: .4, Instructions: 405COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B01B40 Relevance: .4, Instructions: 398COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2D8B8 Relevance: .4, Instructions: 383COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2AAD8 Relevance: .4, Instructions: 357COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B05CC0 Relevance: .3, Instructions: 342COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B03298 Relevance: .3, Instructions: 331COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2B2D0 Relevance: .3, Instructions: 299COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A28990 Relevance: .3, Instructions: 289COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A233E0 Relevance: .3, Instructions: 277COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A27968 Relevance: .3, Instructions: 276COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A10398 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A29710 Relevance: .3, Instructions: 270COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B09FE8 Relevance: .3, Instructions: 263COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A289E0 Relevance: .3, Instructions: 262COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2BFA0 Relevance: .3, Instructions: 261COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A244C0 Relevance: .2, Instructions: 234COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A25B60 Relevance: .2, Instructions: 233COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B02B88 Relevance: .2, Instructions: 228COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B03AF0 Relevance: .2, Instructions: 216COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2D8AA Relevance: .2, Instructions: 207COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A25188 Relevance: .2, Instructions: 199COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A273E0 Relevance: .2, Instructions: 196COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2AF80 Relevance: .2, Instructions: 192COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2E890 Relevance: .2, Instructions: 190COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2824F Relevance: .2, Instructions: 190COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0CDC9 Relevance: .2, Instructions: 176COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A23780 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B08848 Relevance: .2, Instructions: 152COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A226F7 Relevance: .2, Instructions: 152COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B01799 Relevance: .2, Instructions: 150COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B09880 Relevance: .1, Instructions: 148COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A22194 Relevance: .1, Instructions: 146COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0F838 Relevance: .1, Instructions: 144COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B09261 Relevance: .1, Instructions: 139COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A294F8 Relevance: .1, Instructions: 137COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A23E78 Relevance: .1, Instructions: 133COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B05550 Relevance: .1, Instructions: 128COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B05CBA Relevance: .1, Instructions: 127COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2AF70 Relevance: .1, Instructions: 124COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B056E0 Relevance: .1, Instructions: 119COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0A8B0 Relevance: .1, Instructions: 115COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B064A0 Relevance: .1, Instructions: 110COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B090F0 Relevance: .1, Instructions: 107COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0A4D0 Relevance: .1, Instructions: 106COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A25A78 Relevance: .1, Instructions: 103COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B01DC8 Relevance: .1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A22208 Relevance: .1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B01668 Relevance: .1, Instructions: 98COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2BE68 Relevance: .1, Instructions: 96COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B03188 Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2346C Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A28368 Relevance: .1, Instructions: 94COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A254A0 Relevance: .1, Instructions: 92COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2CF50 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A20D00 Relevance: .1, Instructions: 84COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0D340 Relevance: .1, Instructions: 82COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A235A4 Relevance: .1, Instructions: 82COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2E880 Relevance: .1, Instructions: 82COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0A610 Relevance: .1, Instructions: 81COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A24468 Relevance: .1, Instructions: 81COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A28760 Relevance: .1, Instructions: 81COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2CE00 Relevance: .1, Instructions: 81COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A235B0 Relevance: .1, Instructions: 80COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A21258 Relevance: .1, Instructions: 79COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0A4C0 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2888E Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B08578 Relevance: .1, Instructions: 73COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B020E0 Relevance: .1, Instructions: 73COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B08BE8 Relevance: .1, Instructions: 73COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A24EB8 Relevance: .1, Instructions: 71COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0976D Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A243F0 Relevance: .1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A294EA Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A233D0 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0553F Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B07648 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2CD49 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2B9A1 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B09A10 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2CD58 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A23DC0 Relevance: .1, Instructions: 58COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2F09B Relevance: .1, Instructions: 58COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2B26B Relevance: .1, Instructions: 58COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A25E50 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A26050 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A24D48 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2A979 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2A8B0 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A24359 Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B04190 Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2A8AE Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A21249 Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0AF2A Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B09628 Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A23430 Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2344C Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A21777 Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B074C8 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B07230 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2A939 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A24360 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B03DB8 Relevance: .0, Instructions: 48COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B041A0 Relevance: .0, Instructions: 48COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0A2B8 Relevance: .0, Instructions: 48COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A23900 Relevance: .0, Instructions: 48COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2A988 Relevance: .0, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2BAFF Relevance: .0, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A23EB0 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2D86F Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A23908 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A24A6F Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B03DC8 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0DBB0 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A21788 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B019E0 Relevance: .0, Instructions: 43COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0A9F8 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A24F70 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0499F Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A25591 Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A22690 Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A28670 Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2EFC5 Relevance: .0, Instructions: 40COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A24400 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A21698 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B09188 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B08A30 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B09618 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A28680 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A23198 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A259C8 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2A8A0 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2180F Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A20EC8 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2D810 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B036CF Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A255A0 Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A27C30 Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A253B0 Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2B210 Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A24F80 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A25970 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A23140 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2D820 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B049B0 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0AED0 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2A2F8 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B06DD0 Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B036E0 Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A27C40 Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A27958 Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B07568 Relevance: .0, Instructions: 29COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A23150 Relevance: .0, Instructions: 29COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2B220 Relevance: .0, Instructions: 29COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2DD3B Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B06570 Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A25980 Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B02B38 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A27910 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B07578 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A23108 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0CFD8 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2BAA0 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A236C8 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A230D8 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B08518 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2BAB0 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B080C8 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B01418 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A286C1 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A23118 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2B0F3 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2AF48 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B02188 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B01428 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B07D7B Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A24D28 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A230E0 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A24F50 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2BA90 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2B1C0 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B04988 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A294C1 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2AF58 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2E868 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2E85A Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A21230 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B02198 Relevance: .0, Instructions: 10COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B07D88 Relevance: .0, Instructions: 10COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B04170 Relevance: .0, Instructions: 10COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B03AC8 Relevance: .0, Instructions: 10COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A294D0 Relevance: .0, Instructions: 9COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A236AD Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A21370 Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2A880 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A266A0 Relevance: 1.1, Instructions: 1077COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05982E6F Relevance: .8, Instructions: 774COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05989207 Relevance: .7, Instructions: 684COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05B0C468 Relevance: .4, Instructions: 371COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2088D Relevance: .3, Instructions: 310COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A2081E Relevance: .3, Instructions: 260COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05A20910 Relevance: .2, Instructions: 231COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
| Execution Coverage: | 5.2% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 89 |
| Total number of Limit Nodes: | 6 |
Graph
Function 0310EBA0 Relevance: .5, Instructions: 484COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 034B3FEC Relevance: 1.6, APIs: 1, Instructions: 56COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 031333B1 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 03132D3C Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 03102320 Relevance: .2, Instructions: 232COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0310EA30 Relevance: .1, Instructions: 109COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0310FE53 Relevance: .1, Instructions: 71COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0310E708 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0310E718 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0310299F Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 031029B0 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0310297E Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0310FE30 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 03102990 Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |