Windows
Analysis Report
EACore.dll
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll32.exe (PID: 7472 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\EAC ore.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618) - conhost.exe (PID: 7480 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 7520 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\EAC ore.dll",# 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - rundll32.exe (PID: 7548 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7532 cmdline:
rundll32.e xe C:\User s\user\Des ktop\EACor e.dll,Agen tAdd MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7596 cmdline:
rundll32.e xe C:\User s\user\Des ktop\EACor e.dll,Agen tRemove MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7620 cmdline:
rundll32.e xe C:\User s\user\Des ktop\EACor e.dll,Agen tTaskAdd MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7644 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Ag entAdd MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7652 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Ag entRemove MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7660 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Ag entTaskAdd MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7668 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Vi ewSetConte ntFilters MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7684 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Us erLogout MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7692 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Us erLogin MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7712 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Us erIsLogged In MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7724 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Us erGetNames MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7736 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Us erGetEntit lements MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7748 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Us erEnumCont ent MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7760 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",St ateSetTag MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7772 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",St ateSetProp erty MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7784 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",St ateGet MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7836 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",It emUse MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7844 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",It emUnpackSt art MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7860 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",It emUnpackCa ncel MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7872 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",It emInstallS tartBatch MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7904 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",It emInstallS tart MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7916 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",It emGetStatu s MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7924 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",It emEnumPatc hes MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7932 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",It emDownload TogglePaus eState MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7940 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",It emDownload Start MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7948 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",It emDownload Cancel MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7960 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",It emDecryptS tart MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7972 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",It emDecryptC ancel MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8000 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",It emClearCac he MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8012 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Is Connected MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8024 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Di sconnect MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8040 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Co nnect3 MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8052 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Co nnect MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8060 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Co mmand MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8124 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Ag entTaskSta tusSet MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8136 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Ag entTaskSta tusGet MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8164 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\EACo re.dll",Ag entTaskRem ove MD5: 889B99C52A60DD49227C5E485A016679)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | DNS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 33_2_6E349A60 |
Source: | DNS traffic detected: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 33_2_6E343915 | |
Source: | Code function: | 33_2_6E342E03 | |
Source: | Code function: | 33_2_6E351E53 | |
Source: | Code function: | 33_2_6E344EA2 | |
Source: | Code function: | 33_2_6E342EF3 | |
Source: | Code function: | 33_2_6E34E4D3 | |
Source: | Code function: | 33_2_6E342F63 | |
Source: | Code function: | 33_2_6E349585 |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | Thread delayed: | Jump to behavior |
Source: | Decision node followed by non-executed suspicious API: | graph_33-6222 |
Source: | API coverage: |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | API call chain: | graph_33-5453 |
Source: | Code function: | 33_2_6E352F3A |
Source: | Code function: | 33_2_6E352F3A | |
Source: | Code function: | 33_2_6E3527F0 |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 33_2_6E353127 |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 33_2_6E352BC6 |
Source: | Code function: | 33_2_6E349F20 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 21 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 System Time Discovery | Remote Services | Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Process Injection | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Rundll32 | NTDS | 1 Account Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Software Packing | LSA Secrets | 1 System Owner/User Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 22 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | ReversingLabs | Win32.Trojan.Generic | ||
100% | Avira | TR/Agent.tcdnf |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.toptipvideo.com | unknown | unknown | false | unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524375 |
Start date and time: | 2024-10-02 18:24:26 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 42 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | EACore.dll |
Detection: | MAL |
Classification: | mal56.winDLL@80/0@35/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- VT rate limit hit for: EACore.dll
Time | Type | Description |
---|---|---|
12:25:28 | API Interceptor | |
12:25:34 | API Interceptor |
File type: | |
Entropy (8bit): | 6.7858962988515925 |
TrID: |
|
File name: | EACore.dll |
File size: | 90'624 bytes |
MD5: | 2554e4864294dc96a5b4548dd42c7189 |
SHA1: | 8e3b3c600ab812537a84409adfc5169518862fd3 |
SHA256: | b25c79ba507a256c9ca12a9bd34def6a33f9c087578c03d083d7863c708eca21 |
SHA512: | d8074bb68791560027d6e391110a36b6de604d6b73829bd1b1b89476f2e0a53398d6611129f3782a92b935115589763248fb90b6ba74ec5abb6d81dec3c12c1a |
SSDEEP: | 1536:9gSxD3zFkkt0h0BJVSIKMDSiAJtaNQ2hyAr+u6IHnQz0SuRPeJPqHO4LyFffbGqS:9gSNxkka0BRKMDSiAJtChyAr+u6IHnQq |
TLSH: | DB934C8676C3B0FBD38F40F5102AD22BA7256A309B101EF3E694DD7899A13C15971B7B |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...*..d...........!.....&...8......X+....................................................@.........................$O.......R..... |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x10012b58 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x64EEB12A [Wed Aug 30 03:02:02 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | d7b40c7a58929630429c343781a071bd |
Instruction |
---|
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007F13D4ABADF7h |
call 00007F13D4ABAE0Ah |
push dword ptr [ebp+10h] |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp+08h] |
call 00007F13D4ABACCEh |
add esp, 0Ch |
pop ebp |
retn 000Ch |
mov ecx, dword ptr [10017330h] |
push esi |
push edi |
mov edi, BB40E64Eh |
mov esi, FFFF0000h |
cmp ecx, edi |
je 00007F13D4ABADF6h |
test esi, ecx |
jne 00007F13D4ABAE18h |
call 00007F13D4ABAE21h |
mov ecx, eax |
cmp ecx, edi |
jne 00007F13D4ABADF9h |
mov ecx, BB40E64Fh |
jmp 00007F13D4ABAE00h |
test esi, ecx |
jne 00007F13D4ABADFCh |
or eax, 00004711h |
shl eax, 10h |
or ecx, eax |
mov dword ptr [10017330h], ecx |
not ecx |
pop edi |
mov dword ptr [1001732Ch], ecx |
pop esi |
ret |
push ebp |
mov ebp, esp |
sub esp, 14h |
and dword ptr [ebp-0Ch], 00000000h |
lea eax, dword ptr [ebp-0Ch] |
and dword ptr [ebp-08h], 00000000h |
push eax |
call dword ptr [10015540h] |
mov eax, dword ptr [ebp-08h] |
xor eax, dword ptr [ebp-0Ch] |
mov dword ptr [ebp-04h], eax |
call dword ptr [10015538h] |
xor dword ptr [ebp-04h], eax |
call dword ptr [10015534h] |
xor dword ptr [ebp-04h], eax |
lea eax, dword ptr [ebp-14h] |
push eax |
call dword ptr [10015560h] |
mov eax, dword ptr [ebp-10h] |
lea ecx, dword ptr [ebp-04h] |
xor eax, dword ptr [ebp-14h] |
xor eax, dword ptr [ebp-04h] |
xor eax, ecx |
leave |
ret |
push 10017698h |
call dword ptr [1001554Ch] |
ret |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x14f24 | 0x386 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x152aa | 0xc8 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x19000 | 0xe8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1a000 | 0x740 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x14e54 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x147d8 | 0xbc | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x15514 | 0x1a0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x12470 | 0x12600 | 9165d72b02e63e520899156da7d23d1f | False | 0.5031090561224489 | data | 6.9068504888777 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x14000 | 0x262c | 0x2800 | b90072950bf4f3684e5e89fb65cf945d | False | 0.34951171875 | data | 5.066255958576898 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x17000 | 0x6ec | 0x400 | 0ade64011f16b75e4e262084d81defc4 | False | 0.2451171875 | data | 3.955903511120874 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.00cfg | 0x18000 | 0x4 | 0x200 | 55b14440e19e0e31e878405a13dfbbf9 | False | 0.033203125 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x19000 | 0xe8 | 0x200 | d8d5560c7c0e8b679ab25180f1113416 | False | 0.306640625 | data | 2.344915704357875 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1a000 | 0x740 | 0x800 | f2064fe2de19efe9376d521d83d87cbf | False | 0.775390625 | data | 6.016678031703543 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_MANIFEST | 0x19060 | 0x87 | XML 1.0 document, ASCII text | English | United States | 0.8222222222222222 |
DLL | Import |
---|---|
KERNEL32.dll | CloseHandle, CreateMutexA, CreateProcessW, DeleteCriticalSection, EnterCriticalSection, ExitProcess, GetComputerNameA, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetModuleFileNameW, GetSystemTimeAsFileTime, GetVolumeInformationA, InitializeCriticalSection, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, LeaveCriticalSection, OpenMutexA, QueryPerformanceCounter, SetUnhandledExceptionFilter, Sleep, TerminateProcess, UnhandledExceptionFilter, WaitForSingleObject, lstrlenA |
ADVAPI32.dll | GetUserNameA |
MSVCP140.dll | ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ, ??0ios_base@std@@IAE@XZ, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ, ??1ios_base@std@@UAE@XZ, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z, ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ, ?_Random_device@std@@YAIXZ, ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ, ?_Xinvalid_argument@std@@YAXPBD@Z, ?_Xlength_error@std@@YAXPBD@Z, ?_Xout_of_range@std@@YAXPBD@Z, ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ, ?good@ios_base@std@@QBE_NXZ, ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z, ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z, ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z, ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ, ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ, ?uncaught_exception@std@@YA_NXZ, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z |
WS2_32.dll | WSAStartup, closesocket, connect, gethostbyname, htons, inet_addr, inet_ntoa, recv, send, setsockopt, shutdown, socket |
VCRUNTIME140.dll | _CxxThrowException, __CxxFrameHandler3, __std_exception_copy, __std_exception_destroy, __std_terminate, __std_type_info_destroy_list, _except_handler4_common, _purecall, memchr, memcmp, memcpy, memmove, memset |
api-ms-win-crt-heap-l1-1-0.dll | _callnewh, free, malloc |
api-ms-win-crt-runtime-l1-1-0.dll | _beginthread, _cexit, _configure_narrow_argv, _endthread, _errno, _execute_onexit_table, _initialize_narrow_environment, _initialize_onexit_table, _initterm, _initterm_e, _invalid_parameter_noinfo_noreturn, _seh_filter_dll |
api-ms-win-crt-convert-l1-1-0.dll | strtol |
api-ms-win-crt-string-l1-1-0.dll | strlen, wcslen |
Name | Ordinal | Address |
---|---|---|
AgentAdd | 1 | 0x10001000 |
AgentRemove | 2 | 0x10001000 |
AgentTaskAdd | 3 | 0x10001000 |
AgentTaskRemove | 4 | 0x10001000 |
AgentTaskStatusGet | 5 | 0x10001000 |
AgentTaskStatusSet | 6 | 0x10001000 |
Command | 7 | 0x10001000 |
Connect | 8 | 0x10001000 |
Connect3 | 9 | 0x10001000 |
Disconnect | 10 | 0x10001000 |
IsConnected | 11 | 0x10001010 |
ItemClearCache | 12 | 0x10001000 |
ItemDecryptCancel | 13 | 0x10001000 |
ItemDecryptStart | 14 | 0x10001000 |
ItemDownloadCancel | 15 | 0x10001000 |
ItemDownloadStart | 16 | 0x10001000 |
ItemDownloadTogglePauseState | 17 | 0x10001000 |
ItemEnumPatches | 18 | 0x10001000 |
ItemGetStatus | 19 | 0x10001000 |
ItemInstallStart | 20 | 0x10001000 |
ItemInstallStartBatch | 21 | 0x10001000 |
ItemUnpackCancel | 22 | 0x10001000 |
ItemUnpackStart | 23 | 0x10001000 |
ItemUse | 24 | 0x10001000 |
StateGet | 25 | 0x10001000 |
StateSetProperty | 26 | 0x10001000 |
StateSetTag | 27 | 0x10001000 |
UserEnumContent | 28 | 0x10001000 |
UserGetEntitlements | 29 | 0x10001000 |
UserGetNames | 30 | 0x10001000 |
UserIsLoggedIn | 31 | 0x10001000 |
UserLogin | 32 | 0x10001000 |
UserLogout | 33 | 0x10001000 |
ViewSetContentFilters | 34 | 0x10001000 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 18:25:29.308029890 CEST | 64297 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:25:29.321520090 CEST | 53 | 64297 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 18:25:35.491889000 CEST | 52067 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:25:35.502222061 CEST | 53 | 52067 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 18:25:41.648597956 CEST | 51037 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:25:41.659759998 CEST | 53 | 51037 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 18:25:47.804610968 CEST | 65327 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:25:47.822385073 CEST | 53 | 65327 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 18:25:53.977952003 CEST | 53236 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:25:53.990899086 CEST | 53 | 53236 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 18:26:00.172275066 CEST | 49524 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:00.202981949 CEST | 53 | 49524 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 18:26:04.226437092 CEST | 52108 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:04.342066050 CEST | 53 | 52108 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 18:26:10.492182970 CEST | 54794 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:10.502648115 CEST | 53 | 54794 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 18:26:16.648518085 CEST | 59636 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:17.039787054 CEST | 53 | 59636 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 18:26:23.195262909 CEST | 56951 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:24.211215973 CEST | 56951 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:25.210892916 CEST | 56951 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:27.231678009 CEST | 56951 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:31.226234913 CEST | 56951 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:35.243419886 CEST | 55369 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:36.257520914 CEST | 55369 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:36.361794949 CEST | 53 | 55369 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 18:26:37.368302107 CEST | 58159 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:38.382728100 CEST | 58159 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:39.398127079 CEST | 58159 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:41.413738012 CEST | 58159 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:45.429389000 CEST | 58159 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:49.430061102 CEST | 52683 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:50.445240021 CEST | 52683 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:51.445679903 CEST | 52683 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:53.445229053 CEST | 52683 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:53.670322895 CEST | 53 | 52683 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 18:26:57.804871082 CEST | 56073 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:58.804619074 CEST | 56073 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:26:59.804692984 CEST | 56073 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:27:01.804570913 CEST | 56073 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:27:05.820949078 CEST | 56073 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:27:09.836880922 CEST | 63904 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:27:10.836477995 CEST | 63904 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:27:11.852399111 CEST | 63904 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:27:11.910135031 CEST | 53 | 63904 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 18:27:18.056669950 CEST | 63941 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:27:18.123241901 CEST | 53 | 63941 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 18:27:22.259082079 CEST | 56838 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 18:27:22.290612936 CEST | 53 | 56838 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 2, 2024 18:25:29.308029890 CEST | 192.168.2.4 | 1.1.1.1 | 0xa2f7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:25:35.491889000 CEST | 192.168.2.4 | 1.1.1.1 | 0xacc5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:25:41.648597956 CEST | 192.168.2.4 | 1.1.1.1 | 0x9cd1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:25:47.804610968 CEST | 192.168.2.4 | 1.1.1.1 | 0x91d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:25:53.977952003 CEST | 192.168.2.4 | 1.1.1.1 | 0xada6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:00.172275066 CEST | 192.168.2.4 | 1.1.1.1 | 0xacea | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:04.226437092 CEST | 192.168.2.4 | 1.1.1.1 | 0xe08d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:10.492182970 CEST | 192.168.2.4 | 1.1.1.1 | 0x16ed | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:16.648518085 CEST | 192.168.2.4 | 1.1.1.1 | 0x3878 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:23.195262909 CEST | 192.168.2.4 | 1.1.1.1 | 0x1779 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:24.211215973 CEST | 192.168.2.4 | 1.1.1.1 | 0x1779 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:25.210892916 CEST | 192.168.2.4 | 1.1.1.1 | 0x1779 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:27.231678009 CEST | 192.168.2.4 | 1.1.1.1 | 0x1779 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:31.226234913 CEST | 192.168.2.4 | 1.1.1.1 | 0x1779 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:35.243419886 CEST | 192.168.2.4 | 1.1.1.1 | 0x5cbf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:36.257520914 CEST | 192.168.2.4 | 1.1.1.1 | 0x5cbf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:37.368302107 CEST | 192.168.2.4 | 1.1.1.1 | 0xd52e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:38.382728100 CEST | 192.168.2.4 | 1.1.1.1 | 0xd52e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:39.398127079 CEST | 192.168.2.4 | 1.1.1.1 | 0xd52e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:41.413738012 CEST | 192.168.2.4 | 1.1.1.1 | 0xd52e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:45.429389000 CEST | 192.168.2.4 | 1.1.1.1 | 0xd52e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:49.430061102 CEST | 192.168.2.4 | 1.1.1.1 | 0xd9ff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:50.445240021 CEST | 192.168.2.4 | 1.1.1.1 | 0xd9ff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:51.445679903 CEST | 192.168.2.4 | 1.1.1.1 | 0xd9ff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:53.445229053 CEST | 192.168.2.4 | 1.1.1.1 | 0xd9ff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:57.804871082 CEST | 192.168.2.4 | 1.1.1.1 | 0x9c58 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:58.804619074 CEST | 192.168.2.4 | 1.1.1.1 | 0x9c58 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:59.804692984 CEST | 192.168.2.4 | 1.1.1.1 | 0x9c58 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:27:01.804570913 CEST | 192.168.2.4 | 1.1.1.1 | 0x9c58 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:27:05.820949078 CEST | 192.168.2.4 | 1.1.1.1 | 0x9c58 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:27:09.836880922 CEST | 192.168.2.4 | 1.1.1.1 | 0x6bde | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:27:10.836477995 CEST | 192.168.2.4 | 1.1.1.1 | 0x6bde | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:27:11.852399111 CEST | 192.168.2.4 | 1.1.1.1 | 0x6bde | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:27:18.056669950 CEST | 192.168.2.4 | 1.1.1.1 | 0x4808 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:27:22.259082079 CEST | 192.168.2.4 | 1.1.1.1 | 0x7ddb | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 2, 2024 18:25:29.321520090 CEST | 1.1.1.1 | 192.168.2.4 | 0xa2f7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:25:35.502222061 CEST | 1.1.1.1 | 192.168.2.4 | 0xacc5 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:25:41.659759998 CEST | 1.1.1.1 | 192.168.2.4 | 0x9cd1 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:25:47.822385073 CEST | 1.1.1.1 | 192.168.2.4 | 0x91d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:25:53.990899086 CEST | 1.1.1.1 | 192.168.2.4 | 0xada6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:00.202981949 CEST | 1.1.1.1 | 192.168.2.4 | 0xacea | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:04.342066050 CEST | 1.1.1.1 | 192.168.2.4 | 0xe08d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:10.502648115 CEST | 1.1.1.1 | 192.168.2.4 | 0x16ed | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:17.039787054 CEST | 1.1.1.1 | 192.168.2.4 | 0x3878 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:36.361794949 CEST | 1.1.1.1 | 192.168.2.4 | 0x5cbf | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:26:53.670322895 CEST | 1.1.1.1 | 192.168.2.4 | 0xd9ff | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:27:11.910135031 CEST | 1.1.1.1 | 192.168.2.4 | 0x6bde | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:27:18.123241901 CEST | 1.1.1.1 | 192.168.2.4 | 0x4808 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:27:22.290612936 CEST | 1.1.1.1 | 192.168.2.4 | 0x7ddb | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 12:25:17 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x340000 |
File size: | 126'464 bytes |
MD5 hash: | 51E6071F9CBA48E79F10C84515AAE618 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 12:25:17 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 12:25:17 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 12:25:17 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 12:25:17 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 12:25:20 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 12:25:23 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 12:25:26 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 12:25:26 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 12:25:26 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 12:25:26 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 12:25:26 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 12:25:26 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 14 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 15 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 16 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 17 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 18 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 19 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 20 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 21 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 22 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 23 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 24 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 25 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 26 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 27 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 28 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 29 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 30 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 31 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 32 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 33 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | false |
Target ID: | 34 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 35 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 36 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 37 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 38 |
Start time: | 12:25:27 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 39 |
Start time: | 12:25:28 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 40 |
Start time: | 12:25:28 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x690000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Execution Graph
Execution Coverage: | 2.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 2% |
Total number of Nodes: | 840 |
Total number of Limit Nodes: | 5 |
Graph
Function 6E349F20 Relevance: 3.0, APIs: 2, Instructions: 40stringCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E3525CA Relevance: 9.1, APIs: 6, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E3410D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80synchronizationCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E349680 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79networkCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E341010 Relevance: 3.0, APIs: 2, Instructions: 3COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E3497C0 Relevance: 1.5, APIs: 1, Instructions: 46networkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E343910 Relevance: 1.3, APIs: 1, Instructions: 60sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E349A60 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E349930 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 81networkCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E348E60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 125stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E34D9E0 Relevance: 9.2, APIs: 6, Instructions: 153stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E347810 Relevance: 8.0, APIs: 5, Instructions: 475stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E349FB0 Relevance: 7.7, APIs: 5, Instructions: 234COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E352190 Relevance: 7.6, APIs: 5, Instructions: 136COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E344020 Relevance: 6.4, APIs: 5, Instructions: 155COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E34DC40 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6E3523C0 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|