Windows
Analysis Report
114mCZlpa3.exe
Overview
General Information
Sample name: | 114mCZlpa3.exerenamed because original name is a hash value |
Original sample name: | 5c73d9378bca7a5eecefe91b7999cae483e2aa31ee49f46b21d6c97a7eabaad8.exe |
Analysis ID: | 1529034 |
MD5: | a5b62d982db9a3841c9c3f381f25146e |
SHA1: | f9c714ccd984e7f7bfef5964ae761b968ee74828 |
SHA256: | 5c73d9378bca7a5eecefe91b7999cae483e2aa31ee49f46b21d6c97a7eabaad8 |
Tags: | exeSnakeKeyloggeruser-adrian__luca |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 114mCZlpa3.exe (PID: 3440 cmdline:
"C:\Users\ user\Deskt op\114mCZl pa3.exe" MD5: A5B62D982DB9A3841C9C3F381F25146E) - RegSvcs.exe (PID: 6348 cmdline:
"C:\Users\ user\Deskt op\114mCZl pa3.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Username": "asadek@al-subai.com", "Password": "A_Sadek1962", "Host": "mail.al-subai.com", "Port": "587", "Version": "5.1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MALWARE_Win_SnakeKeylogger | Detects Snake Keylogger | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 16 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
Click to see the 15 entries |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-08T15:27:52.487317+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.5 | 49706 | 188.114.97.3 | 443 | TCP |
2024-10-08T15:27:54.027764+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.5 | 49708 | 188.114.97.3 | 443 | TCP |
2024-10-08T15:28:02.049651+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.5 | 49718 | 188.114.97.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-08T15:27:50.986935+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49704 | 193.122.6.168 | 80 | TCP |
2024-10-08T15:27:51.929021+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49704 | 193.122.6.168 | 80 | TCP |
2024-10-08T15:27:53.190128+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49707 | 193.122.6.168 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Location Tracking |
---|
Source: | DNS query: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00452492 | |
Source: | Code function: | 0_2_00442886 | |
Source: | Code function: | 0_2_004788BD | |
Source: | Code function: | 0_2_004339B6 | |
Source: | Code function: | 0_2_0045CAFA | |
Source: | Code function: | 0_2_00431A86 | |
Source: | Code function: | 0_2_0044BD27 | |
Source: | Code function: | 0_2_0045DE8F | |
Source: | Code function: | 0_2_0044BF8B |
Source: | Code function: | 2_2_0257F788 | |
Source: | Code function: | 2_2_0257E440 | |
Source: | Code function: | 2_2_0257E440 | |
Source: | Code function: | 2_2_0257D7F0 | |
Source: | Code function: | 2_2_061885B0 | |
Source: | Code function: | 2_2_06185E70 | |
Source: | Code function: | 2_2_06183676 | |
Source: | Code function: | 2_2_06186720 | |
Source: | Code function: | 2_2_06186FF8 | |
Source: | Code function: | 2_2_06187450 | |
Source: | Code function: | 2_2_06180498 | |
Source: | Code function: | 2_2_06187D00 | |
Source: | Code function: | 2_2_061855C0 | |
Source: | Code function: | 2_2_06185A18 | |
Source: | Code function: | 2_2_061862C8 | |
Source: | Code function: | 2_2_06183350 | |
Source: | Code function: | 2_2_06186B78 | |
Source: | Code function: | 2_2_06183360 | |
Source: | Code function: | 2_2_06180040 | |
Source: | Code function: | 2_2_061878A8 | |
Source: | Code function: | 2_2_061808F0 | |
Source: | Code function: | 2_2_06188158 | |
Source: | Code function: | 2_2_06185140 |
Networking |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_004422FE |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Code function: | 0_2_0045A10F |
Source: | Code function: | 0_2_0045A10F |
Source: | Code function: | 0_2_0046DC80 |
Source: | Code function: | 0_2_0044C37A |
Source: | Code function: | 0_2_0047C81C |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00431BE8 |
Source: | Code function: | 0_2_00446313 |
Source: | Code function: | 0_2_004333BE |
Source: | Code function: | 0_2_004096A0 | |
Source: | Code function: | 0_2_0042200C | |
Source: | Code function: | 0_2_0041A217 | |
Source: | Code function: | 0_2_00412216 | |
Source: | Code function: | 0_2_0042435D | |
Source: | Code function: | 0_2_004033C0 | |
Source: | Code function: | 0_2_0044F430 | |
Source: | Code function: | 0_2_004125E8 | |
Source: | Code function: | 0_2_0044663B | |
Source: | Code function: | 0_2_00413801 | |
Source: | Code function: | 0_2_0042096F | |
Source: | Code function: | 0_2_004129D0 | |
Source: | Code function: | 0_2_004119E3 | |
Source: | Code function: | 0_2_0041C9AE | |
Source: | Code function: | 0_2_0047EA6F | |
Source: | Code function: | 0_2_0040FA10 | |
Source: | Code function: | 0_2_0044EB5F | |
Source: | Code function: | 0_2_00423C81 | |
Source: | Code function: | 0_2_00411E78 | |
Source: | Code function: | 0_2_00442E0C | |
Source: | Code function: | 0_2_00420EC0 | |
Source: | Code function: | 0_2_0044CF17 | |
Source: | Code function: | 0_2_00444FD2 | |
Source: | Code function: | 0_2_03F1B630 | |
Source: | Code function: | 2_2_0257B328 | |
Source: | Code function: | 2_2_02576148 | |
Source: | Code function: | 2_2_0257C751 | |
Source: | Code function: | 2_2_0257F788 | |
Source: | Code function: | 2_2_0257E440 | |
Source: | Code function: | 2_2_0257C470 | |
Source: | Code function: | 2_2_02573580 | |
Source: | Code function: | 2_2_0257CA31 | |
Source: | Code function: | 2_2_02574AD9 | |
Source: | Code function: | 2_2_0257BEB0 | |
Source: | Code function: | 2_2_0257F778 | |
Source: | Code function: | 2_2_0257D7F0 | |
Source: | Code function: | 2_2_0257D7E2 | |
Source: | Code function: | 2_2_0257E431 | |
Source: | Code function: | 2_2_0257B4F2 | |
Source: | Code function: | 2_2_0257BBB8 | |
Source: | Code function: | 2_2_0618A600 | |
Source: | Code function: | 2_2_0618BF30 | |
Source: | Code function: | 2_2_06189FB0 | |
Source: | Code function: | 2_2_06188C08 | |
Source: | Code function: | 2_2_0618AC48 | |
Source: | Code function: | 2_2_06180D48 | |
Source: | Code function: | 2_2_0618C580 | |
Source: | Code function: | 2_2_061885B0 | |
Source: | Code function: | 2_2_0618D218 | |
Source: | Code function: | 2_2_0618B290 | |
Source: | Code function: | 2_2_0618CBD0 | |
Source: | Code function: | 2_2_0618B8E0 | |
Source: | Code function: | 2_2_06185E70 | |
Source: | Code function: | 2_2_06185E60 | |
Source: | Code function: | 2_2_061836D8 | |
Source: | Code function: | 2_2_06186710 | |
Source: | Code function: | 2_2_06186720 | |
Source: | Code function: | 2_2_0618BF20 | |
Source: | Code function: | 2_2_06189FA0 | |
Source: | Code function: | 2_2_06186FF8 | |
Source: | Code function: | 2_2_06186FE8 | |
Source: | Code function: | 2_2_0618743F | |
Source: | Code function: | 2_2_0618AC37 | |
Source: | Code function: | 2_2_06187450 | |
Source: | Code function: | 2_2_06180498 | |
Source: | Code function: | 2_2_06180488 | |
Source: | Code function: | 2_2_06187CF5 | |
Source: | Code function: | 2_2_06187D00 | |
Source: | Code function: | 2_2_06180D39 | |
Source: | Code function: | 2_2_0618C570 | |
Source: | Code function: | 2_2_061855B2 | |
Source: | Code function: | 2_2_061885A4 | |
Source: | Code function: | 2_2_061855C0 | |
Source: | Code function: | 2_2_0618A5F0 | |
Source: | Code function: | 2_2_06185A18 | |
Source: | Code function: | 2_2_06185A08 | |
Source: | Code function: | 2_2_0618D20B | |
Source: | Code function: | 2_2_0618B283 | |
Source: | Code function: | 2_2_061862C8 | |
Source: | Code function: | 2_2_061862C1 | |
Source: | Code function: | 2_2_06183350 | |
Source: | Code function: | 2_2_06186B78 | |
Source: | Code function: | 2_2_06186B6C | |
Source: | Code function: | 2_2_06183360 | |
Source: | Code function: | 2_2_061843D8 | |
Source: | Code function: | 2_2_0618CBC0 | |
Source: | Code function: | 2_2_06188BFD | |
Source: | Code function: | 2_2_06180031 | |
Source: | Code function: | 2_2_06182858 | |
Source: | Code function: | 2_2_06182848 | |
Source: | Code function: | 2_2_06180040 | |
Source: | Code function: | 2_2_0618789D | |
Source: | Code function: | 2_2_061878A8 | |
Source: | Code function: | 2_2_0618B8D0 | |
Source: | Code function: | 2_2_061808F0 | |
Source: | Code function: | 2_2_061808E1 | |
Source: | Code function: | 2_2_06185132 | |
Source: | Code function: | 2_2_06188158 | |
Source: | Code function: | 2_2_0618814D | |
Source: | Code function: | 2_2_06185140 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | 0_2_0044AF6C |
Source: | Code function: | 0_2_004333BE | |
Source: | Code function: | 0_2_00464EAE |
Source: | Code function: | 0_2_0045D619 |
Source: | Code function: | 0_2_004755C4 |
Source: | Code function: | 0_2_0047839D |
Source: | Code function: | 0_2_0043305F |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0040EBD0 |
Source: | Static PE information: |
Source: | Code function: | 0_2_00416CC8 |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Icon embedded in binary file: |
Source: | Code function: | 0_2_0047A330 | |
Source: | Code function: | 0_2_00434418 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | API/Special instruction interceptor: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Evasive API call chain: | graph_0-87523 |
Source: | API coverage: |
Source: | Code function: | 0_2_00452492 | |
Source: | Code function: | 0_2_00442886 | |
Source: | Code function: | 0_2_004788BD | |
Source: | Code function: | 0_2_004339B6 | |
Source: | Code function: | 0_2_0045CAFA | |
Source: | Code function: | 0_2_00431A86 | |
Source: | Code function: | 0_2_0044BD27 | |
Source: | Code function: | 0_2_0045DE8F | |
Source: | Code function: | 0_2_0044BF8B |
Source: | Code function: | 0_2_0040E500 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-86647 |
Source: | Code function: | 0_2_0045A370 |
Source: | Code function: | 0_2_0040D590 |
Source: | Code function: | 0_2_0040EBD0 |
Source: | Code function: | 0_2_03F1B520 | |
Source: | Code function: | 0_2_03F1B4C0 | |
Source: | Code function: | 0_2_03F19EB0 |
Source: | Code function: | 0_2_004238DA |
Source: | Code function: | 0_2_0041F250 | |
Source: | Code function: | 0_2_0041A208 | |
Source: | Code function: | 0_2_00417DAA |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 0_2_00436CD7 |
Source: | Code function: | 0_2_0040D590 |
Source: | Code function: | 0_2_00434418 |
Source: | Code function: | 0_2_0043333C |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00446124 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_004720DB |
Source: | Code function: | 0_2_00472C3F |
Source: | Code function: | 0_2_0041E364 |
Source: | Code function: | 0_2_0040E500 |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_004652BE | |
Source: | Code function: | 0_2_00476619 | |
Source: | Code function: | 0_2_0046CEF3 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 2 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 2 Valid Accounts | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 21 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 2 Valid Accounts | 3 Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 117 System Information Discovery | Distributed Component Object Model | 21 Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 1 Masquerading | LSA Secrets | 121 Security Software Discovery | SSH | 3 Clipboard Data | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Valid Accounts | Cached Domain Credentials | 11 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 11 Virtualization/Sandbox Evasion | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 21 Access Token Manipulation | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 212 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 System Network Configuration Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
76% | ReversingLabs | Win32.Spyware.Snakekeylogger | ||
100% | Avira | HEUR/AGEN.1321293 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
reallyfreegeoip.org | 188.114.97.3 | true | true | unknown | |
checkip.dyndns.com | 193.122.6.168 | true | false | unknown | |
checkip.dyndns.org | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.114.97.3 | reallyfreegeoip.org | European Union | 13335 | CLOUDFLARENETUS | true | |
193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1529034 |
Start date and time: | 2024-10-08 15:26:47 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 114mCZlpa3.exerenamed because original name is a hash value |
Original Sample Name: | 5c73d9378bca7a5eecefe91b7999cae483e2aa31ee49f46b21d6c97a7eabaad8.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/1@2/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target RegSvcs.exe, PID 6348 because it is empty
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: 114mCZlpa3.exe
Time | Type | Description |
---|---|---|
09:27:50 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
188.114.97.3 | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
193.122.6.168 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Cobalt Strike, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
reallyfreegeoip.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | NetSupport RAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
|
Process: | C:\Users\user\Desktop\114mCZlpa3.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 133632 |
Entropy (8bit): | 7.005377816215774 |
Encrypted: | false |
SSDEEP: | 3072:bHGvaMXOcDdkd9FFpRBfdA6eoVowXqAuJlj5N2PCH0Utn:bHGvaMXO4MFrAHmXq/vd0m |
MD5: | DB28B8E6848EBA32743A6B3CBC2B3DB8 |
SHA1: | BE3ED09C8364215D5CC00AC97C4DBD653D813C87 |
SHA-256: | 45AD21AFB36F1C76385AFDB108C1AB4FBCD3AEECF8BE94CFF826055CE8193028 |
SHA-512: | C30FD16A31A8DAF87F43429BCC19F01FA80F5E58BDD63E923D79F0C57C88421042DF9CC6FFDCA3D2E6F98DCB778E30FBC912093EB5E556F34036D4AE35454763 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.169406125795206 |
TrID: |
|
File name: | 114mCZlpa3.exe |
File size: | 1'066'779 bytes |
MD5: | a5b62d982db9a3841c9c3f381f25146e |
SHA1: | f9c714ccd984e7f7bfef5964ae761b968ee74828 |
SHA256: | 5c73d9378bca7a5eecefe91b7999cae483e2aa31ee49f46b21d6c97a7eabaad8 |
SHA512: | 5fe9b5cf77939688aa62713941d1bc4c419d1d4442d154bae03f4e950798a4772cd4396efba4e55f5d6f3baacf1f8fbf7ca9125dd4223c40ff5e1ad951f0fd25 |
SSDEEP: | 24576:pRmJkcoQricOIQxiZY1iaajQr1zoxHHLlI62zZbZVz:mJZoQrbTFZY1iaiEoZ0VDz |
TLSH: | 5B35D022F5C68075C1B327B19D7EF765963D6D2A0326D19B33C83E366EB01416B29B23 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L.. |
Icon Hash: | 0fd88dc89ea7861b |
Entrypoint: | 0x4165c1 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | d3bf8a7746a8d1ee8f6e5960c3f69378 |
Instruction |
---|
call 00007FECF4B720CBh |
jmp 00007FECF4B68F3Eh |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
push edi |
push esi |
mov esi, dword ptr [ebp+0Ch] |
mov ecx, dword ptr [ebp+10h] |
mov edi, dword ptr [ebp+08h] |
mov eax, ecx |
mov edx, ecx |
add eax, esi |
cmp edi, esi |
jbe 00007FECF4B690BAh |
cmp edi, eax |
jc 00007FECF4B69256h |
cmp ecx, 00000080h |
jc 00007FECF4B690CEh |
cmp dword ptr [004A9724h], 00000000h |
je 00007FECF4B690C5h |
push edi |
push esi |
and edi, 0Fh |
and esi, 0Fh |
cmp edi, esi |
pop esi |
pop edi |
jne 00007FECF4B690B7h |
jmp 00007FECF4B69492h |
test edi, 00000003h |
jne 00007FECF4B690C6h |
shr ecx, 02h |
and edx, 03h |
cmp ecx, 08h |
jc 00007FECF4B690DBh |
rep movsd |
jmp dword ptr [00416740h+edx*4] |
mov eax, edi |
mov edx, 00000003h |
sub ecx, 04h |
jc 00007FECF4B690BEh |
and eax, 03h |
add ecx, eax |
jmp dword ptr [00416654h+eax*4] |
jmp dword ptr [00416750h+ecx*4] |
nop |
jmp dword ptr [004166D4h+ecx*4] |
nop |
inc cx |
add byte ptr [eax-4BFFBE9Ah], dl |
inc cx |
add byte ptr [ebx], ah |
ror dword ptr [edx-75F877FAh], 1 |
inc esi |
add dword ptr [eax+468A0147h], ecx |
add al, cl |
jmp 00007FECF6FE18B7h |
add esi, 03h |
add edi, 03h |
cmp ecx, 08h |
jc 00007FECF4B6907Eh |
rep movsd |
jmp dword ptr [00000000h+edx*4] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8d41c | 0x154 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xab000 | 0x13778 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x82000 | 0x844 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x8061c | 0x80800 | 61ffce4768976fa0dd2a8f6a97b1417a | False | 0.5583182605787937 | data | 6.684690148171278 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x82000 | 0xdfc0 | 0xe000 | 0354bc5f2376b5e9a4a3ba38b682dff1 | False | 0.36085728236607145 | data | 4.799741132252136 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x90000 | 0x1a758 | 0x6800 | 8033f5a38941b4685bc2299e78f31221 | False | 0.15324519230769232 | data | 2.1500715391677487 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xab000 | 0x13778 | 0x13800 | 2ac39c9ceeb6104c0860a528ca24cba0 | False | 0.16701722756410256 | data | 4.016130089132254 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xab448 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xab570 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xab698 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xab7c0 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 60472 x 60472 px/m | English | Great Britain | 0.14468236129184905 |
RT_MENU | 0xbbfe8 | 0x50 | data | English | Great Britain | 0.9 |
RT_DIALOG | 0xbc038 | 0xfc | data | English | Great Britain | 0.6507936507936508 |
RT_STRING | 0xbc138 | 0x530 | data | English | Great Britain | 0.33960843373493976 |
RT_STRING | 0xbc668 | 0x690 | data | English | Great Britain | 0.26964285714285713 |
RT_STRING | 0xbccf8 | 0x4d0 | data | English | Great Britain | 0.36363636363636365 |
RT_STRING | 0xbd1c8 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0xbd7c8 | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0xbde28 | 0x388 | data | English | Great Britain | 0.377212389380531 |
RT_STRING | 0xbe1b0 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | United States | 0.502906976744186 |
RT_GROUP_ICON | 0xbe308 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0xbe320 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0xbe338 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0xbe350 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0xbe368 | 0x19c | data | English | Great Britain | 0.5339805825242718 |
RT_MANIFEST | 0xbe508 | 0x26c | ASCII text, with CRLF line terminators | English | United States | 0.5145161290322581 |
DLL | Import |
---|---|
WSOCK32.dll | __WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv |
VERSION.dll | VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy |
MPR.dll | WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW |
WININET.dll | InternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable |
PSAPI.DLL | EnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules |
USERENV.dll | CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW |
KERNEL32.dll | HeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA |
USER32.dll | GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId |
GDI32.dll | DeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey |
SHELL32.dll | DragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish |
ole32.dll | OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString |
OLEAUT32.dll | VariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain | |
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-08T15:27:50.986935+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49704 | 193.122.6.168 | 80 | TCP |
2024-10-08T15:27:51.929021+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49704 | 193.122.6.168 | 80 | TCP |
2024-10-08T15:27:52.487317+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.5 | 49706 | 188.114.97.3 | 443 | TCP |
2024-10-08T15:27:53.190128+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49707 | 193.122.6.168 | 80 | TCP |
2024-10-08T15:27:54.027764+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.5 | 49708 | 188.114.97.3 | 443 | TCP |
2024-10-08T15:28:02.049651+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.5 | 49718 | 188.114.97.3 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 15:27:50.059838057 CEST | 49704 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:50.064867020 CEST | 80 | 49704 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:50.064951897 CEST | 49704 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:50.069816113 CEST | 49704 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:50.074749947 CEST | 80 | 49704 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:50.702256918 CEST | 80 | 49704 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:50.747591972 CEST | 49704 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:50.752710104 CEST | 80 | 49704 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:50.935933113 CEST | 80 | 49704 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:50.986033916 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:50.986073017 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:50.986145020 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:50.986934900 CEST | 49704 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:50.993177891 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:50.993207932 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:51.484519005 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:51.484874964 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:51.491842031 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:51.491873026 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:51.492300987 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:51.533955097 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:51.544507027 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:51.591407061 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:51.674688101 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:51.674784899 CEST | 443 | 49705 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:51.674963951 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:51.688925028 CEST | 49705 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:51.692457914 CEST | 49704 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:51.697487116 CEST | 80 | 49704 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:51.880637884 CEST | 80 | 49704 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:51.884581089 CEST | 49706 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:51.884633064 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:51.884737968 CEST | 49706 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:51.885031939 CEST | 49706 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:51.885047913 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:51.929020882 CEST | 49704 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:52.346620083 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:52.349354982 CEST | 49706 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:52.349400043 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:52.487346888 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:52.487451077 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:52.487571001 CEST | 49706 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:52.488085032 CEST | 49706 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:52.491322994 CEST | 49704 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:52.492604971 CEST | 49707 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:52.497231960 CEST | 80 | 49704 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:52.497298956 CEST | 49704 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:52.497654915 CEST | 80 | 49707 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:52.497720003 CEST | 49707 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:52.497853994 CEST | 49707 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:52.503452063 CEST | 80 | 49707 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:53.139225006 CEST | 80 | 49707 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:53.140368938 CEST | 49708 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:53.140398979 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:53.140717983 CEST | 49708 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:53.140717983 CEST | 49708 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:53.140748024 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:53.190128088 CEST | 49707 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:53.619736910 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:53.621421099 CEST | 49708 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:53.621449947 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:54.027772903 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:54.027873993 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:54.028006077 CEST | 49708 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:54.028563023 CEST | 49708 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:54.032869101 CEST | 49709 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:54.324212074 CEST | 80 | 49709 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:54.324281931 CEST | 49709 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:54.324426889 CEST | 49709 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:54.329502106 CEST | 80 | 49709 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:54.956305027 CEST | 80 | 49709 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:54.957845926 CEST | 49710 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:54.957897902 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:54.957972050 CEST | 49710 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:54.958192110 CEST | 49710 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:54.958201885 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:55.002576113 CEST | 49709 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:55.423288107 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:55.425025940 CEST | 49710 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:55.425056934 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:55.575649977 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:55.575759888 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:55.575841904 CEST | 49710 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:55.576325893 CEST | 49710 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:55.579942942 CEST | 49709 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:55.580518007 CEST | 49711 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:55.585462093 CEST | 80 | 49709 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:55.585557938 CEST | 49709 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:55.585928917 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:55.585992098 CEST | 49711 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:55.586112976 CEST | 49711 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:55.591181993 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:56.392154932 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:56.393596888 CEST | 49712 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:56.393646002 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:56.393757105 CEST | 49712 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:56.394013882 CEST | 49712 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:56.394028902 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:56.440084934 CEST | 49711 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:56.866225958 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:56.867965937 CEST | 49712 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:56.867996931 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:57.022500992 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:57.022597075 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:57.022685051 CEST | 49712 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:57.023332119 CEST | 49712 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:57.026793003 CEST | 49711 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:57.027982950 CEST | 49713 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:57.032655954 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:57.032731056 CEST | 49711 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:57.033201933 CEST | 80 | 49713 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:57.033269882 CEST | 49713 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:57.033375025 CEST | 49713 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:57.038288116 CEST | 80 | 49713 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:57.671538115 CEST | 80 | 49713 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:57.673242092 CEST | 49714 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:57.673291922 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:57.673367023 CEST | 49714 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:57.673629999 CEST | 49714 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:57.673640013 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:57.721369982 CEST | 49713 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:58.137465954 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:58.153373957 CEST | 49714 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:58.153412104 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:58.285480976 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:58.285588026 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:27:58.285634041 CEST | 49714 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:58.286164999 CEST | 49714 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:27:58.289808035 CEST | 49713 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:58.290504932 CEST | 49715 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:58.295927048 CEST | 80 | 49713 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:58.295989990 CEST | 49713 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:58.296509027 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:27:58.296703100 CEST | 49715 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:58.296703100 CEST | 49715 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:27:58.302011967 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:28:00.097620964 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:28:00.098151922 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:28:00.098403931 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:28:00.098412037 CEST | 49715 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:28:00.098727942 CEST | 49715 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:28:00.099121094 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:28:00.099191904 CEST | 49716 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:28:00.099191904 CEST | 49715 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:28:00.099220991 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:28:00.099534988 CEST | 49716 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:28:00.099534988 CEST | 49716 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:28:00.099564075 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:28:00.604424000 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:28:00.607086897 CEST | 49716 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:28:00.607103109 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:28:00.760349989 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:28:00.760482073 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:28:00.760776997 CEST | 49716 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:28:00.761200905 CEST | 49716 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:28:00.764406919 CEST | 49715 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:28:00.765399933 CEST | 49717 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:28:00.770328999 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:28:00.770420074 CEST | 49715 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:28:00.771528006 CEST | 80 | 49717 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:28:00.771609068 CEST | 49717 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:28:00.771735907 CEST | 49717 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:28:00.777081966 CEST | 80 | 49717 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:28:01.409115076 CEST | 80 | 49717 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:28:01.410341024 CEST | 49718 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:28:01.410393000 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:28:01.410480976 CEST | 49718 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:28:01.410746098 CEST | 49718 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:28:01.410761118 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:28:01.455683947 CEST | 49717 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:28:01.891725063 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:28:01.893775940 CEST | 49718 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:28:01.893798113 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:28:02.049669981 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:28:02.049783945 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.5 |
Oct 8, 2024 15:28:02.049835920 CEST | 49718 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:28:02.050229073 CEST | 49718 | 443 | 192.168.2.5 | 188.114.97.3 |
Oct 8, 2024 15:28:58.137737036 CEST | 80 | 49707 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:28:58.137888908 CEST | 49707 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:29:06.409002066 CEST | 80 | 49717 | 193.122.6.168 | 192.168.2.5 |
Oct 8, 2024 15:29:06.410600901 CEST | 49717 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:29:41.425429106 CEST | 49717 | 80 | 192.168.2.5 | 193.122.6.168 |
Oct 8, 2024 15:29:41.430435896 CEST | 80 | 49717 | 193.122.6.168 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 15:27:50.043411970 CEST | 54913 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 8, 2024 15:27:50.052439928 CEST | 53 | 54913 | 1.1.1.1 | 192.168.2.5 |
Oct 8, 2024 15:27:50.977109909 CEST | 57142 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 8, 2024 15:27:50.985332012 CEST | 53 | 57142 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 8, 2024 15:27:50.043411970 CEST | 192.168.2.5 | 1.1.1.1 | 0x19aa | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 15:27:50.977109909 CEST | 192.168.2.5 | 1.1.1.1 | 0x28b5 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 8, 2024 15:27:50.052439928 CEST | 1.1.1.1 | 192.168.2.5 | 0x19aa | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 8, 2024 15:27:50.052439928 CEST | 1.1.1.1 | 192.168.2.5 | 0x19aa | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 15:27:50.052439928 CEST | 1.1.1.1 | 192.168.2.5 | 0x19aa | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 15:27:50.052439928 CEST | 1.1.1.1 | 192.168.2.5 | 0x19aa | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 15:27:50.052439928 CEST | 1.1.1.1 | 192.168.2.5 | 0x19aa | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 15:27:50.052439928 CEST | 1.1.1.1 | 192.168.2.5 | 0x19aa | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 15:27:50.985332012 CEST | 1.1.1.1 | 192.168.2.5 | 0x28b5 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 15:27:50.985332012 CEST | 1.1.1.1 | 192.168.2.5 | 0x28b5 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49704 | 193.122.6.168 | 80 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 8, 2024 15:27:50.069816113 CEST | 151 | OUT | |
Oct 8, 2024 15:27:50.702256918 CEST | 320 | IN | |
Oct 8, 2024 15:27:50.747591972 CEST | 127 | OUT | |
Oct 8, 2024 15:27:50.935933113 CEST | 320 | IN | |
Oct 8, 2024 15:27:51.692457914 CEST | 127 | OUT | |
Oct 8, 2024 15:27:51.880637884 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49707 | 193.122.6.168 | 80 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 8, 2024 15:27:52.497853994 CEST | 127 | OUT | |
Oct 8, 2024 15:27:53.139225006 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49709 | 193.122.6.168 | 80 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 8, 2024 15:27:54.324426889 CEST | 151 | OUT | |
Oct 8, 2024 15:27:54.956305027 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49711 | 193.122.6.168 | 80 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 8, 2024 15:27:55.586112976 CEST | 151 | OUT | |
Oct 8, 2024 15:27:56.392154932 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49713 | 193.122.6.168 | 80 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 8, 2024 15:27:57.033375025 CEST | 151 | OUT | |
Oct 8, 2024 15:27:57.671538115 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49715 | 193.122.6.168 | 80 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 8, 2024 15:27:58.296703100 CEST | 151 | OUT | |
Oct 8, 2024 15:28:00.097620964 CEST | 320 | IN | |
Oct 8, 2024 15:28:00.098151922 CEST | 320 | IN | |
Oct 8, 2024 15:28:00.098403931 CEST | 320 | IN | |
Oct 8, 2024 15:28:00.099121094 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49717 | 193.122.6.168 | 80 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 8, 2024 15:28:00.771735907 CEST | 151 | OUT | |
Oct 8, 2024 15:28:01.409115076 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49705 | 188.114.97.3 | 443 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-08 13:27:51 UTC | 84 | OUT | |
2024-10-08 13:27:51 UTC | 674 | IN | |
2024-10-08 13:27:51 UTC | 340 | IN | |
2024-10-08 13:27:51 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49706 | 188.114.97.3 | 443 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-08 13:27:52 UTC | 60 | OUT | |
2024-10-08 13:27:52 UTC | 684 | IN | |
2024-10-08 13:27:52 UTC | 340 | IN | |
2024-10-08 13:27:52 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49708 | 188.114.97.3 | 443 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-08 13:27:53 UTC | 60 | OUT | |
2024-10-08 13:27:54 UTC | 680 | IN | |
2024-10-08 13:27:54 UTC | 340 | IN | |
2024-10-08 13:27:54 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49710 | 188.114.97.3 | 443 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-08 13:27:55 UTC | 84 | OUT | |
2024-10-08 13:27:55 UTC | 678 | IN | |
2024-10-08 13:27:55 UTC | 340 | IN | |
2024-10-08 13:27:55 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49712 | 188.114.97.3 | 443 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-08 13:27:56 UTC | 84 | OUT | |
2024-10-08 13:27:57 UTC | 680 | IN | |
2024-10-08 13:27:57 UTC | 340 | IN | |
2024-10-08 13:27:57 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49714 | 188.114.97.3 | 443 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-08 13:27:58 UTC | 84 | OUT | |
2024-10-08 13:27:58 UTC | 672 | IN | |
2024-10-08 13:27:58 UTC | 340 | IN | |
2024-10-08 13:27:58 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49716 | 188.114.97.3 | 443 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-08 13:28:00 UTC | 84 | OUT | |
2024-10-08 13:28:00 UTC | 676 | IN | |
2024-10-08 13:28:00 UTC | 340 | IN | |
2024-10-08 13:28:00 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49718 | 188.114.97.3 | 443 | 6348 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-08 13:28:01 UTC | 60 | OUT | |
2024-10-08 13:28:02 UTC | 674 | IN | |
2024-10-08 13:28:02 UTC | 340 | IN | |
2024-10-08 13:28:02 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:27:47 |
Start date: | 08/10/2024 |
Path: | C:\Users\user\Desktop\114mCZlpa3.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'066'779 bytes |
MD5 hash: | A5B62D982DB9A3841C9C3F381F25146E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 09:27:48 |
Start date: | 08/10/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x430000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 3.5% |
Dynamic/Decrypted Code Coverage: | 1.3% |
Signature Coverage: | 9% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 36 |
Graph
Function 004096A0 Relevance: 33.9, APIs: 21, Instructions: 2413COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D590 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EBD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004091E0 Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004528BD Relevance: 19.7, APIs: 13, Instructions: 173COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410490 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 56windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410390 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401100 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowtimeregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03F1A610 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E4C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03F1A3F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 141fileCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F250 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004102B0 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00475077 Relevance: 4.9, APIs: 3, Instructions: 390COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00475300 Relevance: 4.6, APIs: 3, Instructions: 141COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E0C0 Relevance: 4.6, APIs: 3, Instructions: 82windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043213D Relevance: 4.5, APIs: 3, Instructions: 38COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004320F8 Relevance: 4.5, APIs: 3, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AFA0 Relevance: 3.3, APIs: 2, Instructions: 258COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00467897 Relevance: 3.2, APIs: 2, Instructions: 170COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00467AC4 Relevance: 3.1, APIs: 2, Instructions: 130COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F760 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D6B0 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F110 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414FE2 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402F00 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402780 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410CFC Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408F40 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045E17D Relevance: 1.6, APIs: 1, Instructions: 60COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443E36 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004149C2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040DA20 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03F1A2DC Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03F1A2E0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047C81C Relevance: 74.2, APIs: 40, Strings: 2, Instructions: 674windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434418 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 133keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00446313 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 234processCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044BD27 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 178filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004788BD Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 217timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00431A86 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004720DB Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 377timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442886 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 135fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004333BE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86shutdownCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00446124 Relevance: 16.7, APIs: 11, Instructions: 182COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043305F Relevance: 16.6, APIs: 11, Instructions: 122COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045A10F Relevance: 16.6, APIs: 11, Instructions: 120clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452492 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 128filesleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A208 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047A330 Relevance: 7.6, APIs: 5, Instructions: 71windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045CAFA Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004339B6 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047EA6F Relevance: 2.0, APIs: 1, Instructions: 502COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436CD7 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472C3F Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F250 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040FA10 Relevance: .6, Instructions: 607COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004129D0 Relevance: .4, Instructions: 355COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004125E8 Relevance: .3, Instructions: 349COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412216 Relevance: .3, Instructions: 332COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004594E9 Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 490filewindowcomCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004417BF Relevance: 49.8, APIs: 33, Instructions: 275COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004590BD Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 291windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430737 Relevance: 43.6, APIs: 29, Instructions: 108COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046B9D7 Relevance: 40.7, APIs: 17, Strings: 6, Instructions: 415registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004565B2 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 291windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00471BC9 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 313windowtimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455A89 Relevance: 31.9, APIs: 21, Instructions: 395COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417C20 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004341E6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046A07E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 253windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00468B0E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 207windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00460879 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045FD57 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 227windowsleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004313CA Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00432A10 Relevance: 21.1, APIs: 14, Instructions: 140timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004551F5 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 115windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433493 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 84networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445BE4 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 77windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443B61 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00454014 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 93windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00467C8E Relevance: 18.3, APIs: 12, Instructions: 310COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004357B7 Relevance: 18.2, APIs: 12, Instructions: 184COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433784 Relevance: 18.1, APIs: 12, Instructions: 119COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046CB5F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 304comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004718BA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 147windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458651 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00470B6C Relevance: 16.6, APIs: 11, Instructions: 125COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004542ED Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 271libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046C5FA Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 208comCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004710F1 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 157windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004505F0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 147windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00469BF3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045DC4C Relevance: 15.2, APIs: 10, Instructions: 190COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004485CB Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047679F Relevance: 13.8, APIs: 9, Instructions: 307COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004561DA Relevance: 13.7, APIs: 9, Instructions: 164COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441165 Relevance: 13.6, APIs: 9, Instructions: 142COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00432704 Relevance: 13.5, APIs: 9, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045EA0F Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 325timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004091B0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AA86 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045FBAC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044BBD2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 105filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434034 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041793C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046822A Relevance: 12.3, APIs: 8, Instructions: 267COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B489 Relevance: 12.1, APIs: 8, Instructions: 102fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00415214 Relevance: 12.1, APIs: 8, Instructions: 66threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044734F Relevance: 10.7, APIs: 7, Instructions: 210COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044982A Relevance: 10.6, APIs: 7, Instructions: 135COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448AB2 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450B7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F6F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413D7F Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436C6E Relevance: 10.5, APIs: 7, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413D1A Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043028B Relevance: 9.3, APIs: 6, Instructions: 255COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004577E9 Relevance: 9.2, APIs: 6, Instructions: 217COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444BFC Relevance: 9.2, APIs: 6, Instructions: 163COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451B42 Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447BA8 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044900D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440A0D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448804 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441078 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00471A38 Relevance: 9.1, APIs: 6, Instructions: 79windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455616 Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044389A Relevance: 9.1, APIs: 6, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455168 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004552FA Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004556C8 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004331A2 Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045559F Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447275 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044CC51 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B63B Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004151BB Relevance: 9.0, APIs: 6, Instructions: 29threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045F790 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 216windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448480 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00469CDB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00461554 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00462A31 Relevance: 7.7, APIs: 5, Instructions: 227COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004757A7 Relevance: 7.7, APIs: 5, Instructions: 220COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047D40F Relevance: 7.6, APIs: 5, Instructions: 120sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045C3C1 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436A0B Relevance: 7.6, APIs: 5, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449555 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004478AC Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004479A0 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447BF1 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004487EA Relevance: 7.6, APIs: 5, Instructions: 89COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004550FC Relevance: 7.6, APIs: 5, Instructions: 78COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445870 Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004653C8 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044719B Relevance: 7.6, APIs: 5, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434582 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004556A0 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004555ED Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455607 Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FD29 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413D0E Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004151AF Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043659E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044A856 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045FA41 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434B02 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450D6B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450ACC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004496E9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004312CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004312FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043129A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430C7F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451D2B Relevance: 6.4, APIs: 4, Instructions: 405COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00479500 Relevance: 6.2, APIs: 4, Instructions: 162memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046993E Relevance: 6.1, APIs: 4, Instructions: 149windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004499DB Relevance: 6.1, APIs: 4, Instructions: 145COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041415F Relevance: 6.1, APIs: 4, Instructions: 130COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441672 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D1AF Relevance: 6.1, APIs: 4, Instructions: 103fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045039B Relevance: 6.1, APIs: 4, Instructions: 102COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442A83 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047438B Relevance: 6.1, APIs: 4, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004494A5 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046888B Relevance: 6.1, APIs: 4, Instructions: 80COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047A26A Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434CC9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 75stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046D402 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448C3C Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458A61 Relevance: 6.1, APIs: 4, Instructions: 71networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004368A0 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004301F8 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443C87 Relevance: 6.1, APIs: 4, Instructions: 57synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430B87 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433908 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434963 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F584 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004556BE Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B5E8 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004472F1 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472B63 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472BB2 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041514D Relevance: 6.0, APIs: 4, Instructions: 16threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00467215 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181shareCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004667E1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044835A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451006 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451321 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00476CA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00465225 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044256C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004560F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442651 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441BE8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004370C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|