Windows
Analysis Report
PT98765445670009.scr.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- PT98765445670009.scr.exe (PID: 6900 cmdline:
"C:\Users\ user\Deskt op\PT98765 445670009. scr.exe" MD5: 90A34E7D570FA7C219EB5F1F193611BA) - PT98765445670009.scr.exe (PID: 6880 cmdline:
"C:\Users\ user\Deskt op\PT98765 445670009. scr.exe" MD5: 90A34E7D570FA7C219EB5F1F193611BA)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Username": "contabilidad@daipro.com.mx", "Password": "DAIpro123**", "Host": "mail.daipro.com.mx", "Port": "587"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MALWARE_Win_SnakeKeylogger | Detects Snake Keylogger | ditekSHen |
| |
Click to see the 14 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 36 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 2_2_02C3FA10 | |
Source: | Code function: | 2_2_02C3EDF0 | |
Source: | Code function: | 2_2_02C3EDF0 | |
Source: | Code function: | 2_2_02C3E310 | |
Source: | Code function: | 2_2_052C0D60 | |
Source: | Code function: | 2_2_052C11C0 | |
Source: | Code function: | 2_2_052CC8B8 | |
Source: | Code function: | 2_2_052C1506 | |
Source: | Code function: | 2_2_052CCD10 | |
Source: | Code function: | 2_2_052CD5C0 | |
Source: | Code function: | 2_2_052CF428 | |
Source: | Code function: | 2_2_052CC460 | |
Source: | Code function: | 2_2_052C04A0 | |
Source: | Code function: | 2_2_052CE720 | |
Source: | Code function: | 2_2_052CB758 | |
Source: | Code function: | 2_2_052CEFD0 | |
Source: | Code function: | 2_2_052CDE70 | |
Source: | Code function: | 2_2_052C0900 | |
Source: | Code function: | 2_2_052CD168 | |
Source: | Code function: | 2_2_052C11B1 | |
Source: | Code function: | 2_2_052CC008 | |
Source: | Code function: | 2_2_052C0040 | |
Source: | Code function: | 2_2_052CF880 | |
Source: | Code function: | 2_2_052CB300 | |
Source: | Code function: | 2_2_052CEB78 | |
Source: | Code function: | 2_2_052CBBB0 | |
Source: | Code function: | 2_2_052CDA18 | |
Source: | Code function: | 2_2_052CE2C8 | |
Source: | Code function: | 2_2_069D8608 | |
Source: | Code function: | 2_2_069D36CE | |
Source: | Code function: | 2_2_069D5EC8 | |
Source: | Code function: | 2_2_069D5618 | |
Source: | Code function: | 2_2_069D5A70 | |
Source: | Code function: | 2_2_069D33B8 | |
Source: | Code function: | 2_2_069D33A8 | |
Source: | Code function: | 2_2_069D6BD0 | |
Source: | Code function: | 2_2_069D6320 | |
Source: | Code function: | 2_2_069D6778 | |
Source: | Code function: | 2_2_069D0498 | |
Source: | Code function: | 2_2_069D74A8 | |
Source: | Code function: | 2_2_069D08F0 | |
Source: | Code function: | 2_2_069D7050 | |
Source: | Code function: | 2_2_069D0040 | |
Source: | Code function: | 2_2_069D5198 | |
Source: | Code function: | 2_2_069D81B0 | |
Source: | Code function: | 2_2_069D7900 | |
Source: | Code function: | 2_2_069D7D58 | |
Source: | Code function: | 2_2_069D0D48 |
Networking |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 1_2_02D4AC18 | |
Source: | Code function: | 2_2_02C3B388 | |
Source: | Code function: | 2_2_02C3C1F0 | |
Source: | Code function: | 2_2_02C36168 | |
Source: | Code function: | 2_2_02C36790 | |
Source: | Code function: | 2_2_02C3C7B1 | |
Source: | Code function: | 2_2_02C3C4D0 | |
Source: | Code function: | 2_2_02C3CA91 | |
Source: | Code function: | 2_2_02C3FA10 | |
Source: | Code function: | 2_2_02C34B31 | |
Source: | Code function: | 2_2_02C398B8 | |
Source: | Code function: | 2_2_02C3EDF0 | |
Source: | Code function: | 2_2_02C3E300 | |
Source: | Code function: | 2_2_02C3E310 | |
Source: | Code function: | 2_2_02C335C8 | |
Source: | Code function: | 2_2_02C3B553 | |
Source: | Code function: | 2_2_052C0D60 | |
Source: | Code function: | 2_2_052C3688 | |
Source: | Code function: | 2_2_052C7988 | |
Source: | Code function: | 2_2_052CC8B8 | |
Source: | Code function: | 2_2_052C8278 | |
Source: | Code function: | 2_2_052CCD03 | |
Source: | Code function: | 2_2_052CCD10 | |
Source: | Code function: | 2_2_052C0D50 | |
Source: | Code function: | 2_2_052CD5B0 | |
Source: | Code function: | 2_2_052CD5C0 | |
Source: | Code function: | 2_2_052CF428 | |
Source: | Code function: | 2_2_052CF418 | |
Source: | Code function: | 2_2_052CC460 | |
Source: | Code function: | 2_2_052CC450 | |
Source: | Code function: | 2_2_052C04A0 | |
Source: | Code function: | 2_2_052C0490 | |
Source: | Code function: | 2_2_052CE720 | |
Source: | Code function: | 2_2_052CE710 | |
Source: | Code function: | 2_2_052CB748 | |
Source: | Code function: | 2_2_052CB758 | |
Source: | Code function: | 2_2_052CBFF8 | |
Source: | Code function: | 2_2_052CEFC1 | |
Source: | Code function: | 2_2_052CEFD0 | |
Source: | Code function: | 2_2_052CDE63 | |
Source: | Code function: | 2_2_052C3678 | |
Source: | Code function: | 2_2_052CDE70 | |
Source: | Code function: | 2_2_052C0900 | |
Source: | Code function: | 2_2_052CD168 | |
Source: | Code function: | 2_2_052CD158 | |
Source: | Code function: | 2_2_052C71FC | |
Source: | Code function: | 2_2_052C81FF | |
Source: | Code function: | 2_2_052CC008 | |
Source: | Code function: | 2_2_052C0013 | |
Source: | Code function: | 2_2_052CF871 | |
Source: | Code function: | 2_2_052C0040 | |
Source: | Code function: | 2_2_052CC8A8 | |
Source: | Code function: | 2_2_052CF880 | |
Source: | Code function: | 2_2_052C08F1 | |
Source: | Code function: | 2_2_052CB300 | |
Source: | Code function: | 2_2_052CEB68 | |
Source: | Code function: | 2_2_052CEB78 | |
Source: | Code function: | 2_2_052C7BA8 | |
Source: | Code function: | 2_2_052CBBA0 | |
Source: | Code function: | 2_2_052CBBB0 | |
Source: | Code function: | 2_2_052CDA09 | |
Source: | Code function: | 2_2_052C7200 | |
Source: | Code function: | 2_2_052CDA18 | |
Source: | Code function: | 2_2_052CE2B8 | |
Source: | Code function: | 2_2_052CB2EF | |
Source: | Code function: | 2_2_052CE2C8 | |
Source: | Code function: | 2_2_069DB6E8 | |
Source: | Code function: | 2_2_069D8608 | |
Source: | Code function: | 2_2_069DAA58 | |
Source: | Code function: | 2_2_069DD670 | |
Source: | Code function: | 2_2_069DC388 | |
Source: | Code function: | 2_2_069D8BED | |
Source: | Code function: | 2_2_069DB0A0 | |
Source: | Code function: | 2_2_069DA408 | |
Source: | Code function: | 2_2_069DD028 | |
Source: | Code function: | 2_2_069D11A0 | |
Source: | Code function: | 2_2_069DC9D8 | |
Source: | Code function: | 2_2_069DBD38 | |
Source: | Code function: | 2_2_069D5EB8 | |
Source: | Code function: | 2_2_069DB6D8 | |
Source: | Code function: | 2_2_069D5EC8 | |
Source: | Code function: | 2_2_069D5618 | |
Source: | Code function: | 2_2_069D560B | |
Source: | Code function: | 2_2_069DAA48 | |
Source: | Code function: | 2_2_069D5A70 | |
Source: | Code function: | 2_2_069D5A60 | |
Source: | Code function: | 2_2_069DD662 | |
Source: | Code function: | 2_2_069D33B8 | |
Source: | Code function: | 2_2_069D33A8 | |
Source: | Code function: | 2_2_069D6BD0 | |
Source: | Code function: | 2_2_069D6BC1 | |
Source: | Code function: | 2_2_069DA3FA | |
Source: | Code function: | 2_2_069D6313 | |
Source: | Code function: | 2_2_069D3730 | |
Source: | Code function: | 2_2_069D6320 | |
Source: | Code function: | 2_2_069D6778 | |
Source: | Code function: | 2_2_069DC378 | |
Source: | Code function: | 2_2_069D676B | |
Source: | Code function: | 2_2_069D0498 | |
Source: | Code function: | 2_2_069D7497 | |
Source: | Code function: | 2_2_069DB090 | |
Source: | Code function: | 2_2_069D0488 | |
Source: | Code function: | 2_2_069D74A8 | |
Source: | Code function: | 2_2_069D08F0 | |
Source: | Code function: | 2_2_069D78F0 | |
Source: | Code function: | 2_2_069D08E0 | |
Source: | Code function: | 2_2_069D2818 | |
Source: | Code function: | 2_2_069DD018 | |
Source: | Code function: | 2_2_069D2807 | |
Source: | Code function: | 2_2_069D0006 | |
Source: | Code function: | 2_2_069D4430 | |
Source: | Code function: | 2_2_069D7050 | |
Source: | Code function: | 2_2_069D0040 | |
Source: | Code function: | 2_2_069D7040 | |
Source: | Code function: | 2_2_069D5198 | |
Source: | Code function: | 2_2_069D1191 | |
Source: | Code function: | 2_2_069D518B | |
Source: | Code function: | 2_2_069D81B0 | |
Source: | Code function: | 2_2_069D81A0 | |
Source: | Code function: | 2_2_069DC9C8 | |
Source: | Code function: | 2_2_069D85FC | |
Source: | Code function: | 2_2_069D7900 | |
Source: | Code function: | 2_2_069D0D39 | |
Source: | Code function: | 2_2_069DBD28 | |
Source: | Code function: | 2_2_069D7D58 | |
Source: | Code function: | 2_2_069D0D48 | |
Source: | Code function: | 2_2_069D7D48 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_052C7988 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 111 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 1 Query Registry | Remote Services | 1 Email Collection | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | 11 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 111 Process Injection | NTDS | 31 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 21 Obfuscated Files or Information | Cached Domain Credentials | 1 System Network Configuration Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 11 Software Packing | DCSync | 13 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Timestomp | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 DLL Side-Loading | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
50% | ReversingLabs | ByteCode-MSIL.Trojan.RemcosRAT | ||
60% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1309740 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
6% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
6% | Virustotal | Browse | ||
14% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
reallyfreegeoip.org | 172.67.177.134 | true | false |
| unknown |
scratchdreams.tk | 104.21.27.85 | true | false |
| unknown |
checkip.dyndns.com | 193.122.6.168 | true | false |
| unknown |
checkip.dyndns.org | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
172.67.177.134 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
104.21.27.85 | scratchdreams.tk | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1416398 |
Start date and time: | 2024-03-27 11:23:11 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | PT98765445670009.scr.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/1@3/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
11:24:04 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
193.122.6.168 | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
172.67.177.134 | Get hash | malicious | Snake Keylogger | Browse | ||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
104.21.27.85 | Get hash | malicious | Snake Keylogger | Browse | ||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | DarkTortilla, Snake Keylogger | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
scratchdreams.tk | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
reallyfreegeoip.org | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ORACLE-BMC-31898US | Get hash | malicious | Mirai, Okiru | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader | Browse |
| |
Get hash | malicious | PXRECVOWEIWOEI Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LimeRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Babuk, Djvu, Glupteba, SmokeLoader, Xehook Stealer | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Glupteba, SmokeLoader, Vidar, Xehook Stealer | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | PureLog Stealer, Xmrig, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Metasploit | Browse |
| ||
Get hash | malicious | Metasploit | Browse |
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PT98765445670009.scr.exe.log
Download File
Process: | C:\Users\user\Desktop\PT98765445670009.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 706 |
Entropy (8bit): | 5.349842958726647 |
Encrypted: | false |
SSDEEP: | 12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKharkvoDLI4MWuCq1KDLI4Mq92n4M6:ML9E4KlKDE4KhKiKhIE4Kx1qE4x84j |
MD5: | A29F1F0983CFE0767B56BD3F32906196 |
SHA1: | A38543CAD5E151383FA945FF880856DC502A1224 |
SHA-256: | B892C3A6D2059FF69822E3A0003923BE0C0B2259C0E4904E30BB10C3D6E575F6 |
SHA-512: | FF52BC638E135EB070B6291808FE57FE8F2A37BB9F32DF2D6A885B30CC37268237A110E419975F19FB08878544787FA9D6A0AA07DC6911E08FBF52155F64DE42 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.2680634848839585 |
TrID: |
|
File name: | PT98765445670009.scr.exe |
File size: | 638'464 bytes |
MD5: | 90a34e7d570fa7c219eb5f1f193611ba |
SHA1: | 0d5d3955b04174b8f21c7bdd8d80ff21507e409c |
SHA256: | 301271b7db09d4769df8953807ea16c44578a4c4b92ef50f24da27c144f95522 |
SHA512: | 75177b9ddf945e4dc46fb20174385faddfc569ea99cc095d1e1f9f4a96b9accc7dfcc1f6a1bd15d5740438e8ef63784ce870dfb3ea8d8c5387cc652324ace955 |
SSDEEP: | 12288:npahc5sgNxUQx/rYquAfVCto8UHv/9EeRxDVl5nX:nZsgbFkq2tNUHDFVXX |
TLSH: | AAD49D2033FC522AE2BF4B70E97940940BB6BE075EA6D35E489135DE0DB37818A53767 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#1................0.............n.... ........@.. ....................................@................................ |
Icon Hash: | 526c6a52d0e4f047 |
Entrypoint: | 0x49bc6e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0xF9CC3123 [Sat Oct 21 21:18:27 2102 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x9bc1c | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x9c000 | 0x1b7c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x9e000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x99c74 | 0x99e00 | 142b70b6afb38c0d6ce5233ad81a773a | False | 0.6303072324329814 | data | 7.276750369053607 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x9c000 | 0x1b7c | 0x1c00 | de75c8118bc1bf4ad3c303a622710081 | False | 0.3462611607142857 | data | 5.574966851848031 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x9e000 | 0xc | 0x200 | 8f380dc079a03d92d08433751817a386 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x9c160 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.2675891181988743 | ||
RT_ICON | 0x9d208 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.5106382978723404 | ||
RT_GROUP_ICON | 0x9d670 | 0x22 | data | 0.9411764705882353 | ||
RT_VERSION | 0x9d694 | 0x2fc | data | 0.43717277486910994 | ||
RT_MANIFEST | 0x9d990 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 27, 2024 11:24:05.321327925 CET | 49699 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:05.501127005 CET | 80 | 49699 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:05.501236916 CET | 49699 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:05.501516104 CET | 49699 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:05.681154966 CET | 80 | 49699 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:05.681735992 CET | 80 | 49699 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:05.712584972 CET | 49699 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:05.893754959 CET | 80 | 49699 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:05.942640066 CET | 49699 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:06.052438021 CET | 49700 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:06.052467108 CET | 443 | 49700 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:06.052555084 CET | 49700 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:06.060863972 CET | 49700 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:06.060874939 CET | 443 | 49700 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:06.264913082 CET | 443 | 49700 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:06.265034914 CET | 49700 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:06.272123098 CET | 49700 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:06.272133112 CET | 443 | 49700 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:06.272433043 CET | 443 | 49700 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:06.317677021 CET | 49700 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:06.327872038 CET | 49700 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:06.372230053 CET | 443 | 49700 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:06.790426016 CET | 443 | 49700 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:06.790544987 CET | 443 | 49700 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:06.790608883 CET | 49700 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:06.798187971 CET | 49700 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:06.802086115 CET | 49699 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:06.982444048 CET | 80 | 49699 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:06.985083103 CET | 49701 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:06.985131025 CET | 443 | 49701 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:06.985198021 CET | 49701 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:06.985419989 CET | 49701 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:06.985434055 CET | 443 | 49701 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:07.036369085 CET | 49699 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:07.183429003 CET | 443 | 49701 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:07.185760021 CET | 49701 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:07.185787916 CET | 443 | 49701 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:07.713412046 CET | 443 | 49701 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:07.713536024 CET | 443 | 49701 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:07.713603020 CET | 49701 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:07.714032888 CET | 49701 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:07.717495918 CET | 49699 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:07.718532085 CET | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:07.899482965 CET | 80 | 49699 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:07.899540901 CET | 49699 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:07.900109053 CET | 80 | 49702 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:07.900192022 CET | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:07.900430918 CET | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:08.080039024 CET | 80 | 49702 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:08.080908060 CET | 80 | 49702 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:08.082393885 CET | 49703 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:08.082429886 CET | 443 | 49703 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:08.082493067 CET | 49703 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:08.082865000 CET | 49703 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:08.082880974 CET | 443 | 49703 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:08.130130053 CET | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:08.283318996 CET | 443 | 49703 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:08.285265923 CET | 49703 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:08.285291910 CET | 443 | 49703 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:08.846152067 CET | 443 | 49703 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:08.846255064 CET | 443 | 49703 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:08.846307039 CET | 49703 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:08.847071886 CET | 49703 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:08.851450920 CET | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:08.852654934 CET | 49704 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:09.031055927 CET | 80 | 49702 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:09.031131983 CET | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:09.032274961 CET | 80 | 49704 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:09.032461882 CET | 49704 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:09.032620907 CET | 49704 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:09.213268042 CET | 80 | 49704 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:09.214004040 CET | 80 | 49704 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:09.215281010 CET | 49705 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:09.215321064 CET | 443 | 49705 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:09.215526104 CET | 49705 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:09.215811968 CET | 49705 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:09.215826035 CET | 443 | 49705 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:09.255141973 CET | 49704 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:09.420753956 CET | 443 | 49705 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:09.422741890 CET | 49705 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:09.422770023 CET | 443 | 49705 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:09.953572989 CET | 443 | 49705 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:09.953699112 CET | 443 | 49705 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:09.953860044 CET | 49705 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:09.954428911 CET | 49705 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:09.960139990 CET | 49706 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:10.143742085 CET | 80 | 49706 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:10.149022102 CET | 49706 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:10.149310112 CET | 49706 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:10.334395885 CET | 80 | 49706 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:10.334887981 CET | 80 | 49706 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:10.336222887 CET | 49707 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:10.336260080 CET | 443 | 49707 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:10.336812973 CET | 49707 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:10.337167978 CET | 49707 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:10.337181091 CET | 443 | 49707 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:10.383099079 CET | 49706 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:10.536447048 CET | 443 | 49707 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:10.538256884 CET | 49707 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:10.538299084 CET | 443 | 49707 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:10.778023958 CET | 443 | 49707 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:10.778126001 CET | 443 | 49707 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:10.778453112 CET | 49707 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:10.778765917 CET | 49707 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:10.782998085 CET | 49706 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:10.783521891 CET | 49708 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:10.966515064 CET | 80 | 49706 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:10.966794968 CET | 49706 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:10.967082977 CET | 80 | 49708 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:10.967255116 CET | 49708 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:10.967328072 CET | 49708 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:11.150995970 CET | 80 | 49708 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:11.151983023 CET | 80 | 49708 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:11.156071901 CET | 49709 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:11.156105042 CET | 443 | 49709 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:11.156270981 CET | 49709 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:11.156554937 CET | 49709 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:11.156568050 CET | 443 | 49709 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:11.192672968 CET | 49708 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:11.353821039 CET | 443 | 49709 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:11.355441093 CET | 49709 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:11.355462074 CET | 443 | 49709 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:11.920686960 CET | 443 | 49709 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:11.920787096 CET | 443 | 49709 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:11.920840979 CET | 49709 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:11.921503067 CET | 49709 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:11.925770998 CET | 49708 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:11.927170992 CET | 49710 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:12.107090950 CET | 80 | 49710 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:12.107961893 CET | 49710 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:12.108155012 CET | 49710 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:12.109441042 CET | 80 | 49708 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:12.109497070 CET | 49708 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:12.287821054 CET | 80 | 49710 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:12.289089918 CET | 80 | 49710 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:12.290379047 CET | 49711 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:12.290425062 CET | 443 | 49711 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:12.290512085 CET | 49711 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:12.290733099 CET | 49711 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:12.290744066 CET | 443 | 49711 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:12.333307981 CET | 49710 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:12.488100052 CET | 443 | 49711 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:12.489928007 CET | 49711 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:12.489953041 CET | 443 | 49711 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:13.023262978 CET | 443 | 49711 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:13.023370028 CET | 443 | 49711 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:13.023657084 CET | 49711 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:13.024077892 CET | 49711 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:13.027620077 CET | 49710 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:13.028769970 CET | 49712 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:13.207444906 CET | 80 | 49710 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:13.209867001 CET | 49710 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:13.212235928 CET | 80 | 49712 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:13.213258028 CET | 49712 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:13.213402033 CET | 49712 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:13.397090912 CET | 80 | 49712 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:13.397728920 CET | 80 | 49712 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:13.399061918 CET | 49713 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:13.399100065 CET | 443 | 49713 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:13.399192095 CET | 49713 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:13.399431944 CET | 49713 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:13.399445057 CET | 443 | 49713 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:13.442761898 CET | 49712 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:13.602525949 CET | 443 | 49713 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:13.604150057 CET | 49713 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:13.604173899 CET | 443 | 49713 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:13.843760014 CET | 443 | 49713 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:13.843868017 CET | 443 | 49713 | 172.67.177.134 | 192.168.2.7 |
Mar 27, 2024 11:24:13.843928099 CET | 49713 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:13.844635010 CET | 49713 | 443 | 192.168.2.7 | 172.67.177.134 |
Mar 27, 2024 11:24:13.858161926 CET | 49712 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:14.041815042 CET | 80 | 49712 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:24:14.041933060 CET | 49712 | 80 | 192.168.2.7 | 193.122.6.168 |
Mar 27, 2024 11:24:14.199594021 CET | 49714 | 443 | 192.168.2.7 | 104.21.27.85 |
Mar 27, 2024 11:24:14.199641943 CET | 443 | 49714 | 104.21.27.85 | 192.168.2.7 |
Mar 27, 2024 11:24:14.199712992 CET | 49714 | 443 | 192.168.2.7 | 104.21.27.85 |
Mar 27, 2024 11:24:14.200110912 CET | 49714 | 443 | 192.168.2.7 | 104.21.27.85 |
Mar 27, 2024 11:24:14.200124025 CET | 443 | 49714 | 104.21.27.85 | 192.168.2.7 |
Mar 27, 2024 11:24:14.404936075 CET | 443 | 49714 | 104.21.27.85 | 192.168.2.7 |
Mar 27, 2024 11:24:14.405040979 CET | 49714 | 443 | 192.168.2.7 | 104.21.27.85 |
Mar 27, 2024 11:24:14.408391953 CET | 49714 | 443 | 192.168.2.7 | 104.21.27.85 |
Mar 27, 2024 11:24:14.408401966 CET | 443 | 49714 | 104.21.27.85 | 192.168.2.7 |
Mar 27, 2024 11:24:14.408628941 CET | 443 | 49714 | 104.21.27.85 | 192.168.2.7 |
Mar 27, 2024 11:24:14.409965992 CET | 49714 | 443 | 192.168.2.7 | 104.21.27.85 |
Mar 27, 2024 11:24:14.452234983 CET | 443 | 49714 | 104.21.27.85 | 192.168.2.7 |
Mar 27, 2024 11:24:45.768456936 CET | 443 | 49714 | 104.21.27.85 | 192.168.2.7 |
Mar 27, 2024 11:24:45.768523932 CET | 443 | 49714 | 104.21.27.85 | 192.168.2.7 |
Mar 27, 2024 11:24:45.768707037 CET | 49714 | 443 | 192.168.2.7 | 104.21.27.85 |
Mar 27, 2024 11:24:45.774362087 CET | 49714 | 443 | 192.168.2.7 | 104.21.27.85 |
Mar 27, 2024 11:25:14.217478037 CET | 80 | 49704 | 193.122.6.168 | 192.168.2.7 |
Mar 27, 2024 11:25:14.217581987 CET | 49704 | 80 | 192.168.2.7 | 193.122.6.168 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 27, 2024 11:24:05.195822954 CET | 50276 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2024 11:24:05.290826082 CET | 53 | 50276 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2024 11:24:05.955574036 CET | 51311 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2024 11:24:06.051738977 CET | 53 | 51311 | 1.1.1.1 | 192.168.2.7 |
Mar 27, 2024 11:24:13.858851910 CET | 56212 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 27, 2024 11:24:14.198926926 CET | 53 | 56212 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 27, 2024 11:24:05.195822954 CET | 192.168.2.7 | 1.1.1.1 | 0xd2d4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2024 11:24:05.955574036 CET | 192.168.2.7 | 1.1.1.1 | 0x2cba | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2024 11:24:13.858851910 CET | 192.168.2.7 | 1.1.1.1 | 0xa1d1 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 27, 2024 11:24:05.290826082 CET | 1.1.1.1 | 192.168.2.7 | 0xd2d4 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 27, 2024 11:24:05.290826082 CET | 1.1.1.1 | 192.168.2.7 | 0xd2d4 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2024 11:24:05.290826082 CET | 1.1.1.1 | 192.168.2.7 | 0xd2d4 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2024 11:24:05.290826082 CET | 1.1.1.1 | 192.168.2.7 | 0xd2d4 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2024 11:24:05.290826082 CET | 1.1.1.1 | 192.168.2.7 | 0xd2d4 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2024 11:24:05.290826082 CET | 1.1.1.1 | 192.168.2.7 | 0xd2d4 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2024 11:24:06.051738977 CET | 1.1.1.1 | 192.168.2.7 | 0x2cba | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2024 11:24:06.051738977 CET | 1.1.1.1 | 192.168.2.7 | 0x2cba | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2024 11:24:14.198926926 CET | 1.1.1.1 | 192.168.2.7 | 0xa1d1 | No error (0) | 104.21.27.85 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2024 11:24:14.198926926 CET | 1.1.1.1 | 192.168.2.7 | 0xa1d1 | No error (0) | 172.67.169.18 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49699 | 193.122.6.168 | 80 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 27, 2024 11:24:05.501516104 CET | 151 | OUT | |
Mar 27, 2024 11:24:05.681735992 CET | 322 | IN | |
Mar 27, 2024 11:24:05.712584972 CET | 127 | OUT | |
Mar 27, 2024 11:24:05.893754959 CET | 322 | IN | |
Mar 27, 2024 11:24:06.802086115 CET | 127 | OUT | |
Mar 27, 2024 11:24:06.982444048 CET | 322 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49702 | 193.122.6.168 | 80 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 27, 2024 11:24:07.900430918 CET | 127 | OUT | |
Mar 27, 2024 11:24:08.080908060 CET | 322 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49704 | 193.122.6.168 | 80 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 27, 2024 11:24:09.032620907 CET | 127 | OUT | |
Mar 27, 2024 11:24:09.214004040 CET | 322 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.7 | 49706 | 193.122.6.168 | 80 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 27, 2024 11:24:10.149310112 CET | 151 | OUT | |
Mar 27, 2024 11:24:10.334887981 CET | 322 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.7 | 49708 | 193.122.6.168 | 80 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 27, 2024 11:24:10.967328072 CET | 151 | OUT | |
Mar 27, 2024 11:24:11.151983023 CET | 322 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.7 | 49710 | 193.122.6.168 | 80 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 27, 2024 11:24:12.108155012 CET | 151 | OUT | |
Mar 27, 2024 11:24:12.289089918 CET | 322 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.7 | 49712 | 193.122.6.168 | 80 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 27, 2024 11:24:13.213402033 CET | 151 | OUT | |
Mar 27, 2024 11:24:13.397728920 CET | 322 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49700 | 172.67.177.134 | 443 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-27 10:24:06 UTC | 86 | OUT | |
2024-03-27 10:24:06 UTC | 693 | IN | |
2024-03-27 10:24:06 UTC | 366 | IN | |
2024-03-27 10:24:06 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49701 | 172.67.177.134 | 443 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-27 10:24:07 UTC | 62 | OUT | |
2024-03-27 10:24:07 UTC | 701 | IN | |
2024-03-27 10:24:07 UTC | 366 | IN | |
2024-03-27 10:24:07 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49703 | 172.67.177.134 | 443 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-27 10:24:08 UTC | 62 | OUT | |
2024-03-27 10:24:08 UTC | 703 | IN | |
2024-03-27 10:24:08 UTC | 366 | IN | |
2024-03-27 10:24:08 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.7 | 49705 | 172.67.177.134 | 443 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-27 10:24:09 UTC | 86 | OUT | |
2024-03-27 10:24:09 UTC | 689 | IN | |
2024-03-27 10:24:09 UTC | 366 | IN | |
2024-03-27 10:24:09 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.7 | 49707 | 172.67.177.134 | 443 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-27 10:24:10 UTC | 86 | OUT | |
2024-03-27 10:24:10 UTC | 698 | IN | |
2024-03-27 10:24:10 UTC | 366 | IN | |
2024-03-27 10:24:10 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.7 | 49709 | 172.67.177.134 | 443 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-27 10:24:11 UTC | 86 | OUT | |
2024-03-27 10:24:11 UTC | 695 | IN | |
2024-03-27 10:24:11 UTC | 366 | IN | |
2024-03-27 10:24:11 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.7 | 49711 | 172.67.177.134 | 443 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-27 10:24:12 UTC | 86 | OUT | |
2024-03-27 10:24:13 UTC | 697 | IN | |
2024-03-27 10:24:13 UTC | 366 | IN | |
2024-03-27 10:24:13 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.7 | 49713 | 172.67.177.134 | 443 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-27 10:24:13 UTC | 86 | OUT | |
2024-03-27 10:24:13 UTC | 710 | IN | |
2024-03-27 10:24:13 UTC | 366 | IN | |
2024-03-27 10:24:13 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.7 | 49714 | 104.21.27.85 | 443 | 6880 | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-27 10:24:14 UTC | 79 | OUT | |
2024-03-27 10:24:45 UTC | 739 | IN | |
2024-03-27 10:24:45 UTC | 15 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 11:24:00 |
Start date: | 27/03/2024 |
Path: | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xab0000 |
File size: | 638'464 bytes |
MD5 hash: | 90A34E7D570FA7C219EB5F1F193611BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 11:24:01 |
Start date: | 27/03/2024 |
Path: | C:\Users\user\Desktop\PT98765445670009.scr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x990000 |
File size: | 638'464 bytes |
MD5 hash: | 90A34E7D570FA7C219EB5F1F193611BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 5.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 76% |
Total number of Nodes: | 25 |
Total number of Limit Nodes: | 1 |
Graph
Function 02D4AC18 Relevance: 1.9, Strings: 1, Instructions: 615COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D49F90 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D4A948 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D4A6C8 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D49F78 Relevance: 1.6, APIs: 1, Instructions: 91threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D4AA68 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0120D5B8 Relevance: .1, Instructions: 75COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0120D5B3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 15.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 29% |
Total number of Nodes: | 62 |
Total number of Limit Nodes: | 7 |
Graph
Function 052C7988 Relevance: 2.0, APIs: 1, Instructions: 534COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3B388 Relevance: 1.6, Strings: 1, Instructions: 381COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C398B8 Relevance: .9, Instructions: 859COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D11A0 Relevance: .7, Instructions: 745COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3EDF0 Relevance: .7, Instructions: 720COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C36168 Relevance: .5, Instructions: 513COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C36790 Relevance: .4, Instructions: 444COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D8608 Relevance: .3, Instructions: 296COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3FA10 Relevance: .3, Instructions: 274COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C0D60 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CC8B8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D8BED Relevance: .2, Instructions: 223COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C11B1 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C11C0 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DB6E8 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DD670 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DC388 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DA408 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DC9D8 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DBD38 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DAA58 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DB0A0 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DD028 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C1506 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3C1F0 Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C34B31 Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3C4D0 Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3C7B1 Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3CA91 Relevance: .2, Instructions: 185COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DB090 Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D1191 Relevance: .2, Instructions: 172COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DD018 Relevance: .2, Instructions: 166COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DAA48 Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3B553 Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DBD28 Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D85FC Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DC378 Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DB6D8 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DD662 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DC9C8 Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DA3FA Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C7F8C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C37850 Relevance: .7, Instructions: 707COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C38849 Relevance: .5, Instructions: 503COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C36EB8 Relevance: .5, Instructions: 477COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C30C97 Relevance: .4, Instructions: 414COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3A878 Relevance: .4, Instructions: 412COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C30CA0 Relevance: .4, Instructions: 410COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C35700 Relevance: .3, Instructions: 326COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C35C60 Relevance: .2, Instructions: 230COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D23E0 Relevance: .2, Instructions: 227COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D9510 Relevance: .2, Instructions: 209COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C37498 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3E087 Relevance: .2, Instructions: 176COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3D3C3 Relevance: .2, Instructions: 173COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3D3D0 Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3D718 Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3CD70 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3394F Relevance: .1, Instructions: 139COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DDCC0 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C33960 Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C39AC3 Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3A6B0 Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D9A49 Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D9500 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C33480 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D9A58 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C34E20 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C37730 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DDCB1 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3A869 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C37740 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C35AB8 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C320B8 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ABD044 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C34E11 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D96F0 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3DBD8 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069DE0C0 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C35AC8 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D91D8 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D8EC1 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D9999 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3DBE8 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C31FC0 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ABD03F Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D2670 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3565F Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D25E8 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D9760 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C32073 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C32078 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C382B8 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3A76D Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C35F00 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C35F10 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3E310 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C0900 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CCD10 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CD168 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CD5C0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CF428 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CC008 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CC460 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C0040 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C04A0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CF880 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CE720 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CB300 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CEB78 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CB758 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CBBB0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CEFD0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CDA18 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CDE70 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052CE2C8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D5EC8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D5618 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D5A70 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D6BD0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D6320 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D6778 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D0498 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D74A8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D08F0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D7050 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D0040 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D5198 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D81B0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D7900 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D7D58 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D0D48 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D33B8 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D33A8 Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 069D36CE Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |