Windows
Analysis Report
Offer 2024-30496.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Offer 2024-30496.exe (PID: 6212 cmdline:
"C:\Users\ user\Deskt op\Offer 2 024-30496. exe" MD5: AB64DB1F849B146E66310AE4533BAE41) - RegSvcs.exe (PID: 6408 cmdline:
"C:\Users\ user\Deskt op\Offer 2 024-30496. exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Username": "directora@grg.com.mx", "Password": "34(fgj5n]hjE", "Host": "dot1n2002.servwingu.mx", "Port": "587", "Version": "5.1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
Click to see the 16 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen |
| |
Click to see the 15 entries |
Timestamp: | 2024-08-29T12:02:49.854492+0200 |
SID: | 2803274 |
Severity: | 2 |
Source Port: | 49711 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-08-29T12:02:48.932595+0200 |
SID: | 2803274 |
Severity: | 2 |
Source Port: | 49711 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-08-29T12:02:51.307595+0200 |
SID: | 2803274 |
Severity: | 2 |
Source Port: | 49714 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-08-29T12:02:59.756690+0200 |
SID: | 2803305 |
Severity: | 3 |
Source Port: | 49726 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Unknown Traffic |
Timestamp: | 2024-08-29T12:02:50.601139+0200 |
SID: | 2803305 |
Severity: | 3 |
Source Port: | 49713 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Unknown Traffic |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Location Tracking |
---|
Source: | DNS query: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_009BDBBE | |
Source: | Code function: | 0_2_0098C2A2 | |
Source: | Code function: | 0_2_009C68EE | |
Source: | Code function: | 0_2_009C698F | |
Source: | Code function: | 0_2_009BD076 | |
Source: | Code function: | 0_2_009BD3A9 | |
Source: | Code function: | 0_2_009C9642 | |
Source: | Code function: | 0_2_009C979D | |
Source: | Code function: | 0_2_009C9B2B | |
Source: | Code function: | 0_2_009C5C97 |
Source: | Code function: | 2_2_0112E938 | |
Source: | Code function: | 2_2_0112E938 | |
Source: | Code function: | 2_2_0112F880 | |
Source: | Code function: | 2_2_0112E48B | |
Source: | Code function: | 2_2_0112DE58 |
Networking |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_009CCE44 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Code function: | 0_2_009CEAFF |
Source: | Code function: | 0_2_009CED6A |
Source: | Code function: | 0_2_009CEAFF |
Source: | Code function: | 0_2_009BAA57 |
Source: | Code function: | 0_2_009E9576 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_64b53bec-5 | |
Source: | String found in binary or memory: | memstr_1eab6e4b-4 | |
Source: | String found in binary or memory: | memstr_a4e8ee32-7 | |
Source: | String found in binary or memory: | memstr_cc1c3864-a |
Source: | Code function: | 0_2_009BD5EB |
Source: | Code function: | 0_2_009B1201 |
Source: | Code function: | 0_2_009BE8F6 |
Source: | Code function: | 0_2_009C2046 | |
Source: | Code function: | 0_2_00958060 | |
Source: | Code function: | 0_2_009B8298 | |
Source: | Code function: | 0_2_0098E4FF | |
Source: | Code function: | 0_2_0098676B | |
Source: | Code function: | 0_2_009E4873 | |
Source: | Code function: | 0_2_0097CAA0 | |
Source: | Code function: | 0_2_0095CAF0 | |
Source: | Code function: | 0_2_0096CC39 | |
Source: | Code function: | 0_2_00986DD9 | |
Source: | Code function: | 0_2_009591C0 | |
Source: | Code function: | 0_2_0096B119 | |
Source: | Code function: | 0_2_00971394 | |
Source: | Code function: | 0_2_00971706 | |
Source: | Code function: | 0_2_0097781B | |
Source: | Code function: | 0_2_009719B0 | |
Source: | Code function: | 0_2_00957920 | |
Source: | Code function: | 0_2_0096997D | |
Source: | Code function: | 0_2_00977A4A | |
Source: | Code function: | 0_2_00977CA7 | |
Source: | Code function: | 0_2_00971C77 | |
Source: | Code function: | 0_2_00989EEE | |
Source: | Code function: | 0_2_009DBE44 | |
Source: | Code function: | 0_2_00971F32 | |
Source: | Code function: | 0_2_00BD35D0 | |
Source: | Code function: | 2_2_01126120 | |
Source: | Code function: | 2_2_0112C1A8 | |
Source: | Code function: | 2_2_0112C488 | |
Source: | Code function: | 2_2_0112B740 | |
Source: | Code function: | 2_2_0112C76B | |
Source: | Code function: | 2_2_0112E938 | |
Source: | Code function: | 2_2_01129868 | |
Source: | Code function: | 2_2_01126898 | |
Source: | Code function: | 2_2_0112F880 | |
Source: | Code function: | 2_2_0112BBEB | |
Source: | Code function: | 2_2_0112CA4B | |
Source: | Code function: | 2_2_01124ABA | |
Source: | Code function: | 2_2_0112BEC8 | |
Source: | Code function: | 2_2_01123573 | |
Source: | Code function: | 2_2_0112DE58 | |
Source: | Code function: | 2_2_0112DE47 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | 0_2_009C37B5 |
Source: | Code function: | 0_2_009B10BF | |
Source: | Code function: | 0_2_009B16C3 |
Source: | Code function: | 0_2_009C51CD |
Source: | Code function: | 0_2_009DA67C |
Source: | Code function: | 0_2_009C648E |
Source: | Code function: | 0_2_009542A2 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_009542DE |
Source: | Code function: | 0_2_00970A89 | |
Source: | Code function: | 2_2_011242DA | |
Source: | Code function: | 2_2_011224BF | |
Source: | Code function: | 2_2_01129721 |
Source: | Code function: | 0_2_0096F98E | |
Source: | Code function: | 0_2_009E1C41 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Sandbox detection routine: | graph_0-99947 |
Source: | API/Special instruction interceptor: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Code function: | 0_2_009BDBBE | |
Source: | Code function: | 0_2_0098C2A2 | |
Source: | Code function: | 0_2_009C68EE | |
Source: | Code function: | 0_2_009C698F | |
Source: | Code function: | 0_2_009BD076 | |
Source: | Code function: | 0_2_009BD3A9 | |
Source: | Code function: | 0_2_009C9642 | |
Source: | Code function: | 0_2_009C979D | |
Source: | Code function: | 0_2_009C9B2B | |
Source: | Code function: | 0_2_009C5C97 |
Source: | Code function: | 0_2_009542DE |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_009CEAA2 |
Source: | Code function: | 0_2_00982622 |
Source: | Code function: | 0_2_009542DE |
Source: | Code function: | 0_2_00974CE8 | |
Source: | Code function: | 0_2_00BD34C0 | |
Source: | Code function: | 0_2_00BD3460 | |
Source: | Code function: | 0_2_00BD1E70 |
Source: | Code function: | 0_2_009B0B62 |
Source: | Code function: | 0_2_00982622 | |
Source: | Code function: | 0_2_0097083F | |
Source: | Code function: | 0_2_009709D5 | |
Source: | Code function: | 0_2_00970C21 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 0_2_009B1201 |
Source: | Code function: | 0_2_00992BA5 |
Source: | Code function: | 0_2_009BB226 |
Source: | Code function: | 0_2_009D22DA |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_009B0B62 |
Source: | Code function: | 0_2_009B1663 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00970698 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_009C8195 |
Source: | Code function: | 0_2_009AD27A |
Source: | Code function: | 0_2_0098B952 |
Source: | Code function: | 0_2_009542DE |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_009D1204 | |
Source: | Code function: | 0_2_009D1806 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 2 Valid Accounts | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 21 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 2 Valid Accounts | 3 Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 127 System Information Discovery | Distributed Component Object Model | 21 Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 2 Valid Accounts | LSA Secrets | 221 Security Software Discovery | SSH | 3 Clipboard Data | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 111 Virtualization/Sandbox Evasion | Cached Domain Credentials | 111 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 21 Access Token Manipulation | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 212 Process Injection | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | HTML Smuggling | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 System Network Configuration Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
55% | Virustotal | Browse | ||
50% | ReversingLabs | Win32.Trojan.AgentTesla | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
reallyfreegeoip.org | 188.114.97.3 | true | true |
| unknown |
checkip.dyndns.com | 193.122.6.168 | true | false |
| unknown |
checkip.dyndns.org | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.114.97.3 | reallyfreegeoip.org | European Union | 13335 | CLOUDFLARENETUS | true | |
193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1501080 |
Start date and time: | 2024-08-29 12:01:25 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Offer 2024-30496.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/4@2/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target RegSvcs.exe, PID 6408 because it is empty
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
06:02:48 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
188.114.97.3 | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Nitol | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
193.122.6.168 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
reallyfreegeoip.org | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Azorult | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, DarkTortilla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Process: | C:\Users\user\Desktop\Offer 2024-30496.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 135168 |
Entropy (8bit): | 6.784760282767791 |
Encrypted: | false |
SSDEEP: | 3072:5pK0886gkpsimP2C+wDGnql0N5cogJBDPwd3Z1G4b:af0kPuogJBLw/A4b |
MD5: | 9F7A82B397BCA50BA439B9BBCFEF0EE9 |
SHA1: | 70E268BBDBF5D0DC7675C9522DA13B9CCF7A5D4C |
SHA-256: | 87154983949ED44BD0A224338185711AA615721F101A652617F26F1843F06B98 |
SHA-512: | 290D1FFEF51239FC4F19CB4024BA3A8A375D36B6E2896E68855A03585368338730FF4452E07031673F9D3FF0D2861394687A370580CD7D433D0CB66EB096745D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\Offer 2024-30496.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 88398 |
Entropy (8bit): | 7.912635002456745 |
Encrypted: | false |
SSDEEP: | 1536:h6Ptvk6OZeOFF2eyDQ8GjkivpOP/PecH+Ud2/qgJ/Bhj28ui90cV:EPtv5OwFeyDQ3jvOP3eO+UdJgf28ui9T |
MD5: | 43AB157343F22E4439BB9918497F03BB |
SHA1: | AD188704741D693C46532C77B8481DCC31AB4A00 |
SHA-256: | 455C4E78539B2B4BCCBECD478E3617DEDD02BD09BAD89F4FA2F09DDE344C7EBB |
SHA-512: | A329AB84C1AD037D75801B82A174F921EDA24A5C034FEA38C7513160D1734F4FF0A0398F52C4FF49642CE6CF8522005857DF29D0725857719733B1EDD632B205 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\Offer 2024-30496.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 43580 |
Entropy (8bit): | 7.818095769091543 |
Encrypted: | false |
SSDEEP: | 768:MSvSxC8TemadpQZaunCduBaFISx2tEVDUQaOhFd:MGSQnvpQcea6y2SVDDa0z |
MD5: | 878530CC86543A8771F41F6C891DDF2A |
SHA1: | 3F2726B7E2AF472BA6910808ABE1877184BA41BF |
SHA-256: | C568E6B7B279C5A22DC5AFF145A9B02D0AAF7C1311E6400FE778C5E0DC6B0D2A |
SHA-512: | 106798220E5C83D1262A927CCD6D1F8E9F2FC591CB0AB289E3A5582BD323936E77EACE7266CB47697AEEF67F98A717065DF597A72570CA83110F4447F4EBACE9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\Offer 2024-30496.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86022 |
Entropy (8bit): | 4.178837296097941 |
Encrypted: | false |
SSDEEP: | 1536:jKq5ajZwcez04TTAo/CgXwS3AFkqkY4TG+:j+lwcnF2DnqkHf |
MD5: | 1B3AFDCC863D12EFBB3DD606A11AD349 |
SHA1: | 6A3B2FCB28923421E7F2CCD7B27444F682F66BD5 |
SHA-256: | 445E5D81D305C251A51B65A7276A7C095C93323056DB114D0A53F5B2820F98B5 |
SHA-512: | EDBE8070AB3EDE27BED76BDC57288FE6DC04EA132B8B7FCA0953BC40F7A5416203F81AD4BC0A81419CBD181D6994A10C53A68E24716FB56D52FA42561D83E97A |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 0.19431788377763193 |
TrID: |
|
File name: | Offer 2024-30496.exe |
File size: | 73'400'320 bytes |
MD5: | ab64db1f849b146e66310ae4533bae41 |
SHA1: | dfeddf8068abf927b764f81759ca840e9dfaf52d |
SHA256: | b1b41226d170c28b22a37e77ae8c81accdd3c192fc5847bbde50b48a4fbb34c6 |
SHA512: | b4df4dbcac88cb96baea463624ab8eeabc64a5ef04128bea479814b882b241d4eab923ac4c77b9b29ae8e65911c9ad9633aec2ccc35de0695a5ce731820809f5 |
SSDEEP: | 24576:EqDEvCTbMWu7rQYlBQcBiT6rprG8aE1/XkV/+:ETvC/MTQYxsWR7aE1/X |
TLSH: | 9FF7BF0273C1D062FF9B92334B5AF6515BBC69260123E61F13A81DB9BE701B1563E7A3 |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z.... |
Icon Hash: | aaf3e3e3938382a0 |
Entrypoint: | 0x420577 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66C2E21C [Mon Aug 19 06:11:40 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 948cc502fe9226992dce9417f952fce3 |
Instruction |
---|
call 00007F6CF8D1A1E3h |
jmp 00007F6CF8D19AEFh |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F6CF8D19CCDh |
mov dword ptr [esi], 0049FDF0h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FDF8h |
mov dword ptr [ecx], 0049FDF0h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F6CF8D19C9Ah |
mov dword ptr [esi], 0049FE0Ch |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FE14h |
mov dword ptr [ecx], 0049FE0Ch |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
and dword ptr [eax], 00000000h |
and dword ptr [eax+04h], 00000000h |
push eax |
mov eax, dword ptr [ebp+08h] |
add eax, 04h |
push eax |
call 00007F6CF8D1C88Dh |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
lea eax, dword ptr [ecx+04h] |
mov dword ptr [ecx], 0049FDD0h |
push eax |
call 00007F6CF8D1C8D8h |
pop ecx |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
push eax |
call 00007F6CF8D1C8C1h |
test byte ptr [ebp+08h], 00000001h |
pop ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc8e64 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd4000 | 0x37120 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x10c000 | 0x7594 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb0ff0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xc3400 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xb1010 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9c000 | 0x894 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x9ab1d | 0x9ac00 | 0a1473f3064dcbc32ef93c5c8a90f3a6 | False | 0.565500681542811 | data | 6.668273581389308 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x9c000 | 0x2fb82 | 0x2fc00 | c9cf2468b60bf4f80f136ed54b3989fb | False | 0.35289185209424084 | data | 5.691811547483722 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xcc000 | 0x706c | 0x4800 | 53b9025d545d65e23295e30afdbd16d9 | False | 0.04356553819444445 | DOS executable (block device driver @\273\) | 0.5846666986982398 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xd4000 | 0x37120 | 0x37200 | 124f9d2a6393d50089c3b5799d1a429a | False | 0.8807132227891157 | data | 7.777200669057321 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x10c000 | 0x7594 | 0x7600 | c68ee8931a32d45eb82dc450ee40efc3 | False | 0.7628111758474576 | data | 6.7972128181359786 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xd45a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xd46d0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xd47f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xd4920 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | Great Britain | 0.3333333333333333 |
RT_ICON | 0xd4c08 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | Great Britain | 0.5 |
RT_ICON | 0xd4d30 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | Great Britain | 0.2835820895522388 |
RT_ICON | 0xd5bd8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | Great Britain | 0.37906137184115524 |
RT_ICON | 0xd6480 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | Great Britain | 0.23699421965317918 |
RT_ICON | 0xd69e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | Great Britain | 0.13858921161825727 |
RT_ICON | 0xd8f90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | Great Britain | 0.25070356472795496 |
RT_ICON | 0xda038 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | Great Britain | 0.3173758865248227 |
RT_MENU | 0xda4a0 | 0x50 | data | English | Great Britain | 0.9 |
RT_STRING | 0xda4f0 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
RT_STRING | 0xdaa84 | 0x68a | data | English | Great Britain | 0.2735961768219833 |
RT_STRING | 0xdb110 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
RT_STRING | 0xdb5a0 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0xdbb9c | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0xdc1f8 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
RT_STRING | 0xdc660 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
RT_RCDATA | 0xdc7b8 | 0x2e3e6 | data | 1.0003484430929075 | ||
RT_GROUP_ICON | 0x10aba0 | 0x76 | data | English | Great Britain | 0.6610169491525424 |
RT_GROUP_ICON | 0x10ac18 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0x10ac2c | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0x10ac40 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0x10ac54 | 0xdc | data | English | Great Britain | 0.6181818181818182 |
RT_MANIFEST | 0x10ad30 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
DLL | Import |
---|---|
WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
PSAPI.DLL | GetProcessMemoryInfo |
IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
UxTheme.dll | IsThemeActive |
KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW |
USER32.dll | GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient |
GDI32.dll | EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW |
SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
OLEAUT32.dll | CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Timestamp | Protocol | SID | Signature | Severity | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|---|
2024-08-29T12:02:49.854492+0200 | TCP | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 49711 | 80 | 192.168.2.12 | 193.122.6.168 |
2024-08-29T12:02:48.932595+0200 | TCP | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 49711 | 80 | 192.168.2.12 | 193.122.6.168 |
2024-08-29T12:02:51.307595+0200 | TCP | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 49714 | 80 | 192.168.2.12 | 193.122.6.168 |
2024-08-29T12:02:59.756690+0200 | TCP | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 49726 | 443 | 192.168.2.12 | 188.114.97.3 |
2024-08-29T12:02:50.601139+0200 | TCP | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 49713 | 443 | 192.168.2.12 | 188.114.97.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 29, 2024 12:02:48.052588940 CEST | 49711 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:48.057894945 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:48.057976961 CEST | 49711 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:48.058279037 CEST | 49711 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:48.063173056 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:48.688955069 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:48.692909002 CEST | 49711 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:48.697798967 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:48.878734112 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:48.927973032 CEST | 49712 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:48.928005934 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:48.928103924 CEST | 49712 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:48.932595015 CEST | 49711 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:48.944508076 CEST | 49712 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:48.944526911 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:49.428215981 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:49.428369999 CEST | 49712 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:49.432329893 CEST | 49712 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:49.432343960 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:49.432718992 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:49.479495049 CEST | 49712 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:49.504528999 CEST | 49712 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:49.552496910 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:49.614602089 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:49.614686966 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:49.614763975 CEST | 49712 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:49.621176958 CEST | 49712 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:49.624428988 CEST | 49711 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:49.629384041 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:49.813554049 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:49.815965891 CEST | 49713 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:49.816025972 CEST | 443 | 49713 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:49.816124916 CEST | 49713 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:49.816466093 CEST | 49713 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:49.816493988 CEST | 443 | 49713 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:49.854491949 CEST | 49711 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:50.272708893 CEST | 443 | 49713 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:50.275229931 CEST | 49713 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:50.275255919 CEST | 443 | 49713 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:50.601114035 CEST | 443 | 49713 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:50.601217985 CEST | 443 | 49713 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:50.601284027 CEST | 49713 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:50.601799965 CEST | 49713 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:50.605084896 CEST | 49711 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:50.606180906 CEST | 49714 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:50.610471010 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:50.610539913 CEST | 49711 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:50.610981941 CEST | 80 | 49714 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:50.611051083 CEST | 49714 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:50.611121893 CEST | 49714 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:50.616677046 CEST | 80 | 49714 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:51.266522884 CEST | 80 | 49714 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:51.267936945 CEST | 49715 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:51.267975092 CEST | 443 | 49715 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:51.268073082 CEST | 49715 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:51.268337011 CEST | 49715 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:51.268361092 CEST | 443 | 49715 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:51.307595015 CEST | 49714 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:51.747037888 CEST | 443 | 49715 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:51.748924971 CEST | 49715 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:51.748960018 CEST | 443 | 49715 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:51.899684906 CEST | 443 | 49715 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:51.899797916 CEST | 443 | 49715 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:51.899851084 CEST | 49715 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:51.900295973 CEST | 49715 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:51.904984951 CEST | 49716 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:51.910031080 CEST | 80 | 49716 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:51.910229921 CEST | 49716 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:51.910367012 CEST | 49716 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:51.915235043 CEST | 80 | 49716 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:53.034179926 CEST | 80 | 49716 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:53.035618067 CEST | 49717 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:53.035664082 CEST | 443 | 49717 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:53.035757065 CEST | 49717 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:53.036034107 CEST | 49717 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:53.036050081 CEST | 443 | 49717 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:53.088875055 CEST | 49716 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:53.488631964 CEST | 443 | 49717 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:53.490777969 CEST | 49717 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:53.490814924 CEST | 443 | 49717 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:53.621119022 CEST | 443 | 49717 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:53.621218920 CEST | 443 | 49717 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:53.621279955 CEST | 49717 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:53.621752977 CEST | 49717 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:53.625233889 CEST | 49716 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:53.626318932 CEST | 49718 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:53.630290031 CEST | 80 | 49716 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:53.630381107 CEST | 49716 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:53.631166935 CEST | 80 | 49718 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:53.631225109 CEST | 49718 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:53.631305933 CEST | 49718 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:53.638359070 CEST | 80 | 49718 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:54.784492016 CEST | 80 | 49718 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:54.786045074 CEST | 49719 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:54.786089897 CEST | 443 | 49719 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:54.786195993 CEST | 49719 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:54.786472082 CEST | 49719 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:54.786488056 CEST | 443 | 49719 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:54.838886976 CEST | 49718 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:55.245644093 CEST | 443 | 49719 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:55.247364044 CEST | 49719 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:55.247389078 CEST | 443 | 49719 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:55.381707907 CEST | 443 | 49719 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:55.381835938 CEST | 443 | 49719 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:55.381907940 CEST | 49719 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:55.382865906 CEST | 49719 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:55.386285067 CEST | 49718 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:55.387455940 CEST | 49720 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:55.391501904 CEST | 80 | 49718 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:55.391587019 CEST | 49718 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:55.392302990 CEST | 80 | 49720 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:55.392388105 CEST | 49720 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:55.392509937 CEST | 49720 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:55.398046017 CEST | 80 | 49720 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:56.448390007 CEST | 80 | 49720 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:56.449847937 CEST | 49722 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:56.449914932 CEST | 443 | 49722 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:56.449992895 CEST | 49722 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:56.450298071 CEST | 49722 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:56.450330973 CEST | 443 | 49722 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:56.495157003 CEST | 49720 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:56.928852081 CEST | 443 | 49722 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:56.930639029 CEST | 49722 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:56.930707932 CEST | 443 | 49722 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:57.056986094 CEST | 443 | 49722 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:57.057073116 CEST | 443 | 49722 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:57.057138920 CEST | 49722 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:57.057876110 CEST | 49722 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:57.061455965 CEST | 49720 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:57.062766075 CEST | 49723 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:57.066606998 CEST | 80 | 49720 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:57.066734076 CEST | 49720 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:57.067570925 CEST | 80 | 49723 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:57.067651033 CEST | 49723 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:57.067789078 CEST | 49723 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:57.072525978 CEST | 80 | 49723 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:57.709995031 CEST | 80 | 49723 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:57.711570024 CEST | 49724 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:57.711613894 CEST | 443 | 49724 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:57.711684942 CEST | 49724 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:57.711925030 CEST | 49724 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:57.711937904 CEST | 443 | 49724 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:57.760741949 CEST | 49723 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:58.174885988 CEST | 443 | 49724 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:58.176711082 CEST | 49724 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:58.176737070 CEST | 443 | 49724 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:58.305331945 CEST | 443 | 49724 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:58.305458069 CEST | 443 | 49724 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:58.305507898 CEST | 49724 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:58.306010008 CEST | 49724 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:58.309732914 CEST | 49723 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:58.311012030 CEST | 49725 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:58.315102100 CEST | 80 | 49723 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:58.315182924 CEST | 49723 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:58.315788984 CEST | 80 | 49725 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:58.315870047 CEST | 49725 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:58.316023111 CEST | 49725 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:58.322469950 CEST | 80 | 49725 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:59.156929016 CEST | 80 | 49725 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:02:59.158521891 CEST | 49726 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:59.158585072 CEST | 443 | 49726 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:59.158770084 CEST | 49726 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:59.158994913 CEST | 49726 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:59.159015894 CEST | 443 | 49726 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:59.198293924 CEST | 49725 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:02:59.616931915 CEST | 443 | 49726 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:59.619013071 CEST | 49726 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:59.619031906 CEST | 443 | 49726 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:59.756700993 CEST | 443 | 49726 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:59.756795883 CEST | 443 | 49726 | 188.114.97.3 | 192.168.2.12 |
Aug 29, 2024 12:02:59.756851912 CEST | 49726 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:02:59.757426977 CEST | 49726 | 443 | 192.168.2.12 | 188.114.97.3 |
Aug 29, 2024 12:03:56.267182112 CEST | 80 | 49714 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:03:56.267241001 CEST | 49714 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:04:04.157393932 CEST | 80 | 49725 | 193.122.6.168 | 192.168.2.12 |
Aug 29, 2024 12:04:04.157454014 CEST | 49725 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:04:39.167150021 CEST | 49725 | 80 | 192.168.2.12 | 193.122.6.168 |
Aug 29, 2024 12:04:39.172257900 CEST | 80 | 49725 | 193.122.6.168 | 192.168.2.12 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 29, 2024 12:02:48.038615942 CEST | 61249 | 53 | 192.168.2.12 | 1.1.1.1 |
Aug 29, 2024 12:02:48.046637058 CEST | 53 | 61249 | 1.1.1.1 | 192.168.2.12 |
Aug 29, 2024 12:02:48.919070005 CEST | 62031 | 53 | 192.168.2.12 | 1.1.1.1 |
Aug 29, 2024 12:02:48.927376032 CEST | 53 | 62031 | 1.1.1.1 | 192.168.2.12 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Aug 29, 2024 12:02:48.038615942 CEST | 192.168.2.12 | 1.1.1.1 | 0xb789 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Aug 29, 2024 12:02:48.919070005 CEST | 192.168.2.12 | 1.1.1.1 | 0x6c9b | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Aug 29, 2024 12:02:48.046637058 CEST | 1.1.1.1 | 192.168.2.12 | 0xb789 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:48.046637058 CEST | 1.1.1.1 | 192.168.2.12 | 0xb789 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:48.046637058 CEST | 1.1.1.1 | 192.168.2.12 | 0xb789 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:48.046637058 CEST | 1.1.1.1 | 192.168.2.12 | 0xb789 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:48.046637058 CEST | 1.1.1.1 | 192.168.2.12 | 0xb789 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:48.046637058 CEST | 1.1.1.1 | 192.168.2.12 | 0xb789 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:48.927376032 CEST | 1.1.1.1 | 192.168.2.12 | 0x6c9b | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:48.927376032 CEST | 1.1.1.1 | 192.168.2.12 | 0x6c9b | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.12 | 49711 | 193.122.6.168 | 80 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:48.058279037 CEST | 151 | OUT | |
Aug 29, 2024 12:02:48.688955069 CEST | 320 | IN | |
Aug 29, 2024 12:02:48.692909002 CEST | 127 | OUT | |
Aug 29, 2024 12:02:48.878734112 CEST | 320 | IN | |
Aug 29, 2024 12:02:49.624428988 CEST | 127 | OUT | |
Aug 29, 2024 12:02:49.813554049 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.12 | 49714 | 193.122.6.168 | 80 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:50.611121893 CEST | 127 | OUT | |
Aug 29, 2024 12:02:51.266522884 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.12 | 49716 | 193.122.6.168 | 80 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:51.910367012 CEST | 151 | OUT | |
Aug 29, 2024 12:02:53.034179926 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.12 | 49718 | 193.122.6.168 | 80 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:53.631305933 CEST | 151 | OUT | |
Aug 29, 2024 12:02:54.784492016 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.12 | 49720 | 193.122.6.168 | 80 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:55.392509937 CEST | 151 | OUT | |
Aug 29, 2024 12:02:56.448390007 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.12 | 49723 | 193.122.6.168 | 80 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:57.067789078 CEST | 151 | OUT | |
Aug 29, 2024 12:02:57.709995031 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.12 | 49725 | 193.122.6.168 | 80 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:58.316023111 CEST | 151 | OUT | |
Aug 29, 2024 12:02:59.156929016 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.12 | 49712 | 188.114.97.3 | 443 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:49 UTC | 84 | OUT | |
2024-08-29 10:02:49 UTC | 706 | IN | |
2024-08-29 10:02:49 UTC | 340 | IN | |
2024-08-29 10:02:49 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.12 | 49713 | 188.114.97.3 | 443 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:50 UTC | 60 | OUT | |
2024-08-29 10:02:50 UTC | 712 | IN | |
2024-08-29 10:02:50 UTC | 340 | IN | |
2024-08-29 10:02:50 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.12 | 49715 | 188.114.97.3 | 443 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:51 UTC | 84 | OUT | |
2024-08-29 10:02:51 UTC | 708 | IN | |
2024-08-29 10:02:51 UTC | 340 | IN | |
2024-08-29 10:02:51 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.12 | 49717 | 188.114.97.3 | 443 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:53 UTC | 84 | OUT | |
2024-08-29 10:02:53 UTC | 712 | IN | |
2024-08-29 10:02:53 UTC | 340 | IN | |
2024-08-29 10:02:53 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.12 | 49719 | 188.114.97.3 | 443 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:55 UTC | 84 | OUT | |
2024-08-29 10:02:55 UTC | 706 | IN | |
2024-08-29 10:02:55 UTC | 340 | IN | |
2024-08-29 10:02:55 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.12 | 49722 | 188.114.97.3 | 443 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:56 UTC | 84 | OUT | |
2024-08-29 10:02:57 UTC | 704 | IN | |
2024-08-29 10:02:57 UTC | 340 | IN | |
2024-08-29 10:02:57 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.12 | 49724 | 188.114.97.3 | 443 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:58 UTC | 84 | OUT | |
2024-08-29 10:02:58 UTC | 706 | IN | |
2024-08-29 10:02:58 UTC | 340 | IN | |
2024-08-29 10:02:58 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.12 | 49726 | 188.114.97.3 | 443 | 6408 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:59 UTC | 60 | OUT | |
2024-08-29 10:02:59 UTC | 718 | IN | |
2024-08-29 10:02:59 UTC | 340 | IN | |
2024-08-29 10:02:59 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 06:02:44 |
Start date: | 29/08/2024 |
Path: | C:\Users\user\Desktop\Offer 2024-30496.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x950000 |
File size: | 73'400'320 bytes |
MD5 hash: | AB64DB1F849B146E66310AE4533BAE41 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 06:02:45 |
Start date: | 29/08/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8f0000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 3.2% |
Dynamic/Decrypted Code Coverage: | 0.4% |
Signature Coverage: | 3% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 40 |
Graph
Function 009542DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095D730 Relevance: 21.6, APIs: 14, Instructions: 619windowsleeptimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00952CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0099065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00952B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00953170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD25B0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD23B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133fileCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00953B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00953923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009D7F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009510F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00953837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00956D9E Relevance: 2.6, APIs: 2, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00954ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00988402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0097E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00959CB3 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00984C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00983820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00954F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00952DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C2693 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00952B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00951CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096FC70 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD22A0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009CED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0098B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009D22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00958060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0097CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009709D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0097781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00986DD9 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096CC39 Relevance: .6, Instructions: 635COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00957920 Relevance: .6, Instructions: 563COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009591C0 Relevance: .5, Instructions: 475COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00971C77 Relevance: .3, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009719B0 Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00977A4A Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00977CA7 Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00971706 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD35D0 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C2046 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD3460 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD34C0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD1E70 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009D2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00968D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009D2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00968891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009DC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009CC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009DB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009D255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009DCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00968BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00969838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009D3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009D055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009D372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00982C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00951410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00955BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E8B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009CC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0098CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00991522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0098542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009801B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009861FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009AF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009A7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00974D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00954E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00954E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009DA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009D0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0098CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00969639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096990E Relevance: 7.6, APIs: 5, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009822A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009695C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00980F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009D304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009AD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009D342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0098B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0097D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00983073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009BB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009698B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009AD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009AD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009C4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009CD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009CCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009B0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009E2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|