Windows
Analysis Report
58208 Teklif.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 58208 Teklif.exe (PID: 7436 cmdline:
"C:\Users\ user\Deskt op\58208 T eklif.exe" MD5: DC59E080BC0BE8CEE52EC9E79CCC7E82) - 58208 Teklif.exe (PID: 7580 cmdline:
"C:\Users\ user\Deskt op\58208 T eklif.exe" MD5: DC59E080BC0BE8CEE52EC9E79CCC7E82)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "Url", "Exfil Url": "https://scratchdreams.tk/_send_.php?"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MALWARE_Win_SnakeKeylogger | Detects Snake Keylogger | ditekSHen |
| |
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Click to see the 13 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen |
| |
Click to see the 26 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 3_2_0141F502 | |
Source: | Code function: | 3_2_0141EA08 | |
Source: | Code function: | 3_2_05A9C9B8 | |
Source: | Code function: | 3_2_05A91980 | |
Source: | Code function: | 3_2_05A9F980 | |
Source: | Code function: | 3_2_05A92586 | |
Source: | Code function: | 3_2_05A91DE0 | |
Source: | Code function: | 3_2_05A9F528 | |
Source: | Code function: | 3_2_05A91520 | |
Source: | Code function: | 3_2_05A9C108 | |
Source: | Code function: | 3_2_05A9C560 | |
Source: | Code function: | 3_2_05A910C0 | |
Source: | Code function: | 3_2_05A9F0D0 | |
Source: | Code function: | 3_2_05A9E820 | |
Source: | Code function: | 3_2_05A90C60 | |
Source: | Code function: | 3_2_05A9EC78 | |
Source: | Code function: | 3_2_05A90040 | |
Source: | Code function: | 3_2_05A90040 | |
Source: | Code function: | 3_2_05A9E3C8 | |
Source: | Code function: | 3_2_05A9DB18 | |
Source: | Code function: | 3_2_05A9DF70 | |
Source: | Code function: | 3_2_05A9D6C0 | |
Source: | Code function: | 3_2_05A9CE10 | |
Source: | Code function: | 3_2_05A9D268 | |
Source: | Code function: | 3_2_05A92240 | |
Source: | Code function: | 3_2_06BD8A58 | |
Source: | Code function: | 3_2_06BD5EC0 | |
Source: | Code function: | 3_2_06BD8600 | |
Source: | Code function: | 3_2_06BD5A68 | |
Source: | Code function: | 3_2_06BD6BC8 | |
Source: | Code function: | 3_2_06BD6318 | |
Source: | Code function: | 3_2_06BD6770 | |
Source: | Code function: | 3_2_06BD74A0 | |
Source: | Code function: | 3_2_06BD0498 | |
Source: | Code function: | 3_2_06BD78F8 | |
Source: | Code function: | 3_2_06BD08F0 | |
Source: | Code function: | 3_2_06BD7020 | |
Source: | Code function: | 3_2_06BD3808 | |
Source: | Code function: | 3_2_06BD3803 | |
Source: | Code function: | 3_2_06BD0040 | |
Source: | Code function: | 3_2_06BD81A8 | |
Source: | Code function: | 3_2_06BD11A0 | |
Source: | Code function: | 3_2_06BD55E8 | |
Source: | Code function: | 3_2_06BD7D50 | |
Source: | Code function: | 3_2_06BD0D48 |
Networking |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_0155DE0C | |
Source: | Code function: | 0_2_07790040 | |
Source: | Code function: | 0_2_07799E58 | |
Source: | Code function: | 0_2_07795590 | |
Source: | Code function: | 0_2_07795588 | |
Source: | Code function: | 0_2_07792C48 | |
Source: | Code function: | 0_2_07792C38 | |
Source: | Code function: | 0_2_077934B8 | |
Source: | Code function: | 0_2_07794CB8 | |
Source: | Code function: | 0_2_077934A8 | |
Source: | Code function: | 0_2_07790007 | |
Source: | Code function: | 0_2_07793080 | |
Source: | Code function: | 3_2_0141617D | |
Source: | Code function: | 3_2_0141C1F0 | |
Source: | Code function: | 3_2_0141B388 | |
Source: | Code function: | 3_2_0141C4D0 | |
Source: | Code function: | 3_2_0141C7B2 | |
Source: | Code function: | 3_2_014168E0 | |
Source: | Code function: | 3_2_01414B31 | |
Source: | Code function: | 3_2_0141CA92 | |
Source: | Code function: | 3_2_0141BC32 | |
Source: | Code function: | 3_2_0141BF10 | |
Source: | Code function: | 3_2_014191D0 | |
Source: | Code function: | 3_2_0141305E | |
Source: | Code function: | 3_2_0141223D | |
Source: | Code function: | 3_2_0141B552 | |
Source: | Code function: | 3_2_0141F502 | |
Source: | Code function: | 3_2_014135CA | |
Source: | Code function: | 3_2_0141EA08 | |
Source: | Code function: | 3_2_0141EA0D | |
Source: | Code function: | 3_2_05A989B0 | |
Source: | Code function: | 3_2_05A94490 | |
Source: | Code function: | 3_2_05A990DD | |
Source: | Code function: | 3_2_05A9C9B8 | |
Source: | Code function: | 3_2_05A91980 | |
Source: | Code function: | 3_2_05A9F980 | |
Source: | Code function: | 3_2_05A91DE0 | |
Source: | Code function: | 3_2_05A91DD0 | |
Source: | Code function: | 3_2_05A9F528 | |
Source: | Code function: | 3_2_05A91520 | |
Source: | Code function: | 3_2_05A9C108 | |
Source: | Code function: | 3_2_05A9C560 | |
Source: | Code function: | 3_2_05A94480 | |
Source: | Code function: | 3_2_05A910C0 | |
Source: | Code function: | 3_2_05A9F0D0 | |
Source: | Code function: | 3_2_05A9E820 | |
Source: | Code function: | 3_2_05A98008 | |
Source: | Code function: | 3_2_05A9800D | |
Source: | Code function: | 3_2_05A90C60 | |
Source: | Code function: | 3_2_05A9EC78 | |
Source: | Code function: | 3_2_05A90040 | |
Source: | Code function: | 3_2_05A90045 | |
Source: | Code function: | 3_2_05A90C50 | |
Source: | Code function: | 3_2_05A98790 | |
Source: | Code function: | 3_2_05A9E3C8 | |
Source: | Code function: | 3_2_05A9DB18 | |
Source: | Code function: | 3_2_05A9DF70 | |
Source: | Code function: | 3_2_05A9D6C0 | |
Source: | Code function: | 3_2_05A9CE10 | |
Source: | Code function: | 3_2_05A9D268 | |
Source: | Code function: | 3_2_06BDAEA8 | |
Source: | Code function: | 3_2_06BDDAC0 | |
Source: | Code function: | 3_2_06BDCE28 | |
Source: | Code function: | 3_2_06BD8A58 | |
Source: | Code function: | 3_2_06BDC7D8 | |
Source: | Code function: | 3_2_06BDBB38 | |
Source: | Code function: | 3_2_06BD908D | |
Source: | Code function: | 3_2_06BDB4F0 | |
Source: | Code function: | 3_2_06BDD478 | |
Source: | Code function: | 3_2_06BDA858 | |
Source: | Code function: | 3_2_06BDC188 | |
Source: | Code function: | 3_2_06BD15F8 | |
Source: | Code function: | 3_2_06BDAE98 | |
Source: | Code function: | 3_2_06BD5EC0 | |
Source: | Code function: | 3_2_06BDCE18 | |
Source: | Code function: | 3_2_06BD8600 | |
Source: | Code function: | 3_2_06BD5A68 | |
Source: | Code function: | 3_2_06BD8A5D | |
Source: | Code function: | 3_2_06BD5A58 | |
Source: | Code function: | 3_2_06BD3B80 | |
Source: | Code function: | 3_2_06BD6BC8 | |
Source: | Code function: | 3_2_06BDC7CA | |
Source: | Code function: | 3_2_06BDBB27 | |
Source: | Code function: | 3_2_06BD6318 | |
Source: | Code function: | 3_2_06BD6770 | |
Source: | Code function: | 3_2_06BD74A0 | |
Source: | Code function: | 3_2_06BD0498 | |
Source: | Code function: | 3_2_06BD4880 | |
Source: | Code function: | 3_2_06BD78F8 | |
Source: | Code function: | 3_2_06BD08F0 | |
Source: | Code function: | 3_2_06BD78EF | |
Source: | Code function: | 3_2_06BD08E7 | |
Source: | Code function: | 3_2_06BD0037 | |
Source: | Code function: | 3_2_06BD7020 | |
Source: | Code function: | 3_2_06BD3808 | |
Source: | Code function: | 3_2_06BD3803 | |
Source: | Code function: | 3_2_06BDD468 | |
Source: | Code function: | 3_2_06BD0040 | |
Source: | Code function: | 3_2_06BD81A8 | |
Source: | Code function: | 3_2_06BD11A0 | |
Source: | Code function: | 3_2_06BD55E8 | |
Source: | Code function: | 3_2_06BD55D9 | |
Source: | Code function: | 3_2_06BD2D05 | |
Source: | Code function: | 3_2_06BDC178 | |
Source: | Code function: | 3_2_06BD7D50 | |
Source: | Code function: | 3_2_06BD0D48 | |
Source: | Code function: | 3_2_06BF3570 | |
Source: | Code function: | 3_2_06BFDEA0 | |
Source: | Code function: | 3_2_06BFDE9B | |
Source: | Code function: | 3_2_06BFBFEC |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Suspicious method names: | ||
Source: | Suspicious method names: | ||
Source: | Suspicious method names: | ||
Source: | Suspicious method names: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_0155F0E9 | |
Source: | Code function: | 0_2_01555DD9 | |
Source: | Code function: | 0_2_07792534 | |
Source: | Code function: | 3_2_01419771 | |
Source: | Code function: | 3_2_05A9CE02 | |
Source: | Code function: | 3_2_06BD367C | |
Source: | Code function: | 3_2_06BDF888 | |
Source: | Code function: | 3_2_06BD2472 | |
Source: | Code function: | 3_2_06BD904C | |
Source: | Code function: | 3_2_06BD29B0 | |
Source: | Code function: | 3_2_06BFC562 | |
Source: | Code function: | 3_2_06BF6302 | |
Source: | Code function: | 3_2_06BFAF12 | |
Source: | Code function: | 3_2_06BFAAAA | |
Source: | Code function: | 3_2_06BFAAE2 | |
Source: | Code function: | 3_2_06BFAADA | |
Source: | Code function: | 3_2_06BFAB9A | |
Source: | Code function: | 3_2_06BFA91A | |
Source: | Code function: | 3_2_06BFA992 | |
Source: | Code function: | 3_2_06BF7082 | |
Source: | Code function: | 3_2_06BF70CA | |
Source: | Code function: | 3_2_06BF713A |
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 3_2_05A989B0 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 111 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Email Collection | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 11 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 31 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 1 Data from Local System | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 111 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 System Network Configuration Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 3 Obfuscated Files or Information | Cached Domain Credentials | 13 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 12 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
53% | ReversingLabs | ByteCode-MSIL.Trojan.Zilla | ||
66% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
6% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
15% | Virustotal | Browse | ||
3% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
reallyfreegeoip.org | 104.21.67.152 | true | false |
| unknown |
scratchdreams.tk | 172.67.169.18 | true | true |
| unknown |
checkip.dyndns.com | 193.122.130.0 | true | false |
| unknown |
checkip.dyndns.org | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.67.152 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
172.67.169.18 | scratchdreams.tk | United States | 13335 | CLOUDFLARENETUS | true | |
193.122.130.0 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1422217 |
Start date and time: | 2024-04-08 13:00:51 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 54s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 58208 Teklif.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/1@3/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
13:01:46 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.67.152 | Get hash | malicious | Snake Keylogger | Browse | ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
172.67.169.18 | Get hash | malicious | Snake Keylogger | Browse | ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
193.122.130.0 | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
reallyfreegeoip.org | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
scratchdreams.tk | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Globeimposter | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Globeimposter | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
ORACLE-BMC-31898US | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | SmokeLoader, Xehook Stealer | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Remcos, GuLoader | Browse |
| |
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | GuLoader, Lokibot | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | GuLoader, Lokibot | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Process: | C:\Users\user\Desktop\58208 Teklif.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1216 |
Entropy (8bit): | 5.34331486778365 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ |
MD5: | 1330C80CAAC9A0FB172F202485E9B1E8 |
SHA1: | 86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492 |
SHA-256: | B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560 |
SHA-512: | 75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.284534608814056 |
TrID: |
|
File name: | 58208 Teklif.exe |
File size: | 846'344 bytes |
MD5: | dc59e080bc0be8cee52ec9e79ccc7e82 |
SHA1: | 22d8e9aab959c584acc896bfeed170ffa672f1cb |
SHA256: | 95e4dd6cc5a341f4440a113e0a832175aa2f5baafd9c7483255a18088e1c2764 |
SHA512: | 7b836760ab575de13b95878a075ff8998e57433d0a7f5b2efb2bc4e3d7c4459e06af9cd71ca19f36913afde5c2b265667658542d892a61ea7f5b17f19d2484e0 |
SSDEEP: | 12288:6rLz6X60UHRoVNDWX4gpBRkZf0E5Vav8V7DcRIqlrTwimh0ndFJkTtlXkR:r67HRi4XLy90E5IUFgIqlrtnzQPC |
TLSH: | 20054CD1F1508D9AEC6B0AF1BD2AA43025E3BE9D54A4810C559EB71B76F3342209FE1F |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0..$...........B... ...`....@.. ....................... ............@................................ |
Icon Hash: | aea4accc16a3d9be |
Entrypoint: | 0x484216 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x660FAE9B [Fri Apr 5 07:56:11 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Signature Valid: | false |
Signature Issuer: | CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | DABD77E44EF6B3BB91740FA46696B779 |
Thumbprint SHA-1: | 5B9E273CF11941FD8C6BE3F038C4797BBE884268 |
Thumbprint SHA-256: | 4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570 |
Serial: | 7C1118CBBADC95DA3752C46E47A27438 |
Instruction |
---|
jmp dword ptr [00402000h] |
xor al, 38h |
xor eax, 38483446h |
xor al, 47h |
dec eax |
xor eax, 00003447h |
add byte ptr [edx], dh |
inc ebx |
inc edx |
push ebx |
aaa |
dec eax |
xor eax, 00003439h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x841c3 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x86000 | 0x48a60 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xcb400 | 0x3608 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xd0000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x81f64 | 0x54 | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x8223c | 0x82400 | 296ff05f0b9740645c3fd44944c9468a | False | 0.9414793516074856 | data | 7.939659429835133 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x86000 | 0x48a60 | 0x48c00 | 55d17303af90a0aaec9680bdbec1ea2d | False | 0.06316110932130584 | data | 4.772277429522695 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xd0000 | 0xc | 0x200 | 56866c8b8f76466dc7825728370875b5 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x862e0 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 0 | 0.1798780487804878 | ||
RT_ICON | 0x86948 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | 0.2513440860215054 | ||
RT_ICON | 0x86c30 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | 0.3918918918918919 | ||
RT_ICON | 0x86d58 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.3200959488272921 | ||
RT_ICON | 0x87c00 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.33664259927797835 | ||
RT_ICON | 0x884a8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.2622832369942196 | ||
RT_ICON | 0x88a10 | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 0 | 0.04393141403083114 | ||
RT_ICON | 0xcaa38 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.18786307053941909 | ||
RT_ICON | 0xccfe0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.2453095684803002 | ||
RT_ICON | 0xce088 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.3484042553191489 | ||
RT_GROUP_ICON | 0xce4f0 | 0x92 | data | 0.5753424657534246 | ||
RT_VERSION | 0xce584 | 0x2f0 | SysEx File - IDP | 0.44148936170212766 | ||
RT_MANIFEST | 0xce874 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2024 13:01:48.690182924 CEST | 49709 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:48.844340086 CEST | 80 | 49709 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:48.844527006 CEST | 49709 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:48.845681906 CEST | 49709 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:48.999202013 CEST | 80 | 49709 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:49.539989948 CEST | 80 | 49709 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:49.548007965 CEST | 49709 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:49.701742887 CEST | 80 | 49709 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:49.702605963 CEST | 80 | 49709 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:49.750509977 CEST | 49709 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:49.868834972 CEST | 49711 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:49.868884087 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:49.869095087 CEST | 49711 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:49.877718925 CEST | 49711 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:49.877737999 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:50.143743038 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:50.143873930 CEST | 49711 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:50.148926020 CEST | 49711 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:50.148945093 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:50.149322033 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:50.210649014 CEST | 49711 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:50.217885017 CEST | 49711 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:50.260247946 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:50.434067011 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:50.434169054 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:50.434308052 CEST | 49711 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:50.442275047 CEST | 49711 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:50.446862936 CEST | 49709 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:50.601237059 CEST | 80 | 49709 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:50.603859901 CEST | 49712 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:50.603898048 CEST | 443 | 49712 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:50.604130983 CEST | 49712 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:50.604429960 CEST | 49712 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:50.604445934 CEST | 443 | 49712 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:50.656708002 CEST | 49709 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:50.861260891 CEST | 443 | 49712 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:50.889914989 CEST | 49712 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:50.889946938 CEST | 443 | 49712 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:51.160197973 CEST | 443 | 49712 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:51.160295010 CEST | 443 | 49712 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:51.160590887 CEST | 49712 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:51.161027908 CEST | 49712 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:51.164868116 CEST | 49709 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:51.166383028 CEST | 49713 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:51.318478107 CEST | 80 | 49709 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:51.318561077 CEST | 49709 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:51.320240974 CEST | 80 | 49713 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:51.320318937 CEST | 49713 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:51.320504904 CEST | 49713 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:51.474296093 CEST | 80 | 49713 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:51.475860119 CEST | 80 | 49713 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:51.477493048 CEST | 49714 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:51.477519989 CEST | 443 | 49714 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:51.477581024 CEST | 49714 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:51.477891922 CEST | 49714 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:51.477906942 CEST | 443 | 49714 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:51.516063929 CEST | 49713 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:51.737184048 CEST | 443 | 49714 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:51.739408016 CEST | 49714 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:51.739425898 CEST | 443 | 49714 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:52.035379887 CEST | 443 | 49714 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:52.035492897 CEST | 443 | 49714 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:52.035537004 CEST | 49714 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:52.036711931 CEST | 49714 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:52.052531958 CEST | 49715 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:52.206876040 CEST | 80 | 49715 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:52.210766077 CEST | 49715 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:52.211030960 CEST | 49715 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:52.365554094 CEST | 80 | 49715 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:52.366915941 CEST | 80 | 49715 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:52.370347023 CEST | 49717 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:52.370407104 CEST | 443 | 49717 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:52.370615959 CEST | 49717 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:52.371355057 CEST | 49717 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:52.371370077 CEST | 443 | 49717 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:52.421457052 CEST | 49715 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:52.629376888 CEST | 443 | 49717 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:52.632445097 CEST | 49717 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:52.632462978 CEST | 443 | 49717 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:52.927491903 CEST | 443 | 49717 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:52.927598000 CEST | 443 | 49717 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:52.927671909 CEST | 49717 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:52.928303003 CEST | 49717 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:52.932368994 CEST | 49715 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:52.933501959 CEST | 49719 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:53.086292982 CEST | 80 | 49715 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:53.086363077 CEST | 49715 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:53.086406946 CEST | 80 | 49719 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:53.086496115 CEST | 49719 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:53.086651087 CEST | 49719 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:53.240863085 CEST | 80 | 49719 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:53.241333008 CEST | 80 | 49719 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:53.243118048 CEST | 49720 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:53.243159056 CEST | 443 | 49720 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:53.243222952 CEST | 49720 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:53.243590117 CEST | 49720 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:53.243603945 CEST | 443 | 49720 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:53.297297955 CEST | 49719 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:53.502646923 CEST | 443 | 49720 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:53.505273104 CEST | 49720 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:53.505305052 CEST | 443 | 49720 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:53.802433968 CEST | 443 | 49720 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:53.802532911 CEST | 443 | 49720 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:53.802582026 CEST | 49720 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:53.803188086 CEST | 49720 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:53.807853937 CEST | 49719 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:53.809135914 CEST | 49721 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:53.960949898 CEST | 80 | 49719 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:53.961056948 CEST | 49719 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:53.963282108 CEST | 80 | 49721 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:53.963387012 CEST | 49721 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:53.963572979 CEST | 49721 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:54.117407084 CEST | 80 | 49721 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:54.119596004 CEST | 80 | 49721 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:54.121078968 CEST | 49722 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:54.121114969 CEST | 443 | 49722 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:54.121306896 CEST | 49722 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:54.121670961 CEST | 49722 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:54.121687889 CEST | 443 | 49722 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:54.172321081 CEST | 49721 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:54.378905058 CEST | 443 | 49722 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:54.381033897 CEST | 49722 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:54.381053925 CEST | 443 | 49722 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:54.675463915 CEST | 443 | 49722 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:54.675602913 CEST | 443 | 49722 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:54.676297903 CEST | 49722 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:54.694022894 CEST | 49722 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:54.699714899 CEST | 49721 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:54.701838970 CEST | 49723 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:54.853585958 CEST | 80 | 49721 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:54.853650093 CEST | 49721 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:54.855583906 CEST | 80 | 49723 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:54.855767012 CEST | 49723 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:54.855967999 CEST | 49723 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:55.009622097 CEST | 80 | 49723 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:55.037714958 CEST | 80 | 49723 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:55.039118052 CEST | 49724 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:55.039155006 CEST | 443 | 49724 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:55.039238930 CEST | 49724 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:55.039675951 CEST | 49724 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:55.039685965 CEST | 443 | 49724 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:55.078594923 CEST | 49723 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:55.298595905 CEST | 443 | 49724 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:55.300719023 CEST | 49724 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:55.300733089 CEST | 443 | 49724 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:55.598110914 CEST | 443 | 49724 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:55.598398924 CEST | 443 | 49724 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:55.598541975 CEST | 49724 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:55.599204063 CEST | 49724 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:55.603230953 CEST | 49723 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:55.604851961 CEST | 49725 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:55.757018089 CEST | 80 | 49723 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:55.757075071 CEST | 49723 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:55.758409977 CEST | 80 | 49725 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:55.758512974 CEST | 49725 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:55.758650064 CEST | 49725 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:55.912213087 CEST | 80 | 49725 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:55.912643909 CEST | 80 | 49725 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:55.914294004 CEST | 49726 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:55.914329052 CEST | 443 | 49726 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:55.914422989 CEST | 49726 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:55.914788961 CEST | 49726 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:55.914803028 CEST | 443 | 49726 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:55.953566074 CEST | 49725 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:56.173917055 CEST | 443 | 49726 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:56.176433086 CEST | 49726 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:56.176455975 CEST | 443 | 49726 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:56.471406937 CEST | 443 | 49726 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:56.471520901 CEST | 443 | 49726 | 104.21.67.152 | 192.168.2.11 |
Apr 8, 2024 13:01:56.471611977 CEST | 49726 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:56.472430944 CEST | 49726 | 443 | 192.168.2.11 | 104.21.67.152 |
Apr 8, 2024 13:01:56.486008883 CEST | 49725 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:56.639471054 CEST | 80 | 49725 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:01:56.641144037 CEST | 49725 | 80 | 192.168.2.11 | 193.122.130.0 |
Apr 8, 2024 13:01:56.854681015 CEST | 49727 | 443 | 192.168.2.11 | 172.67.169.18 |
Apr 8, 2024 13:01:56.854722977 CEST | 443 | 49727 | 172.67.169.18 | 192.168.2.11 |
Apr 8, 2024 13:01:56.854872942 CEST | 49727 | 443 | 192.168.2.11 | 172.67.169.18 |
Apr 8, 2024 13:01:56.855364084 CEST | 49727 | 443 | 192.168.2.11 | 172.67.169.18 |
Apr 8, 2024 13:01:56.855376959 CEST | 443 | 49727 | 172.67.169.18 | 192.168.2.11 |
Apr 8, 2024 13:01:57.121706009 CEST | 443 | 49727 | 172.67.169.18 | 192.168.2.11 |
Apr 8, 2024 13:01:57.121886015 CEST | 49727 | 443 | 192.168.2.11 | 172.67.169.18 |
Apr 8, 2024 13:01:57.123831034 CEST | 49727 | 443 | 192.168.2.11 | 172.67.169.18 |
Apr 8, 2024 13:01:57.123845100 CEST | 443 | 49727 | 172.67.169.18 | 192.168.2.11 |
Apr 8, 2024 13:01:57.124103069 CEST | 443 | 49727 | 172.67.169.18 | 192.168.2.11 |
Apr 8, 2024 13:01:57.125718117 CEST | 49727 | 443 | 192.168.2.11 | 172.67.169.18 |
Apr 8, 2024 13:01:57.172230959 CEST | 443 | 49727 | 172.67.169.18 | 192.168.2.11 |
Apr 8, 2024 13:02:28.314338923 CEST | 443 | 49727 | 172.67.169.18 | 192.168.2.11 |
Apr 8, 2024 13:02:28.314395905 CEST | 443 | 49727 | 172.67.169.18 | 192.168.2.11 |
Apr 8, 2024 13:02:28.314546108 CEST | 49727 | 443 | 192.168.2.11 | 172.67.169.18 |
Apr 8, 2024 13:02:28.319888115 CEST | 49727 | 443 | 192.168.2.11 | 172.67.169.18 |
Apr 8, 2024 13:02:56.479568005 CEST | 80 | 49713 | 193.122.130.0 | 192.168.2.11 |
Apr 8, 2024 13:02:56.480092049 CEST | 49713 | 80 | 192.168.2.11 | 193.122.130.0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2024 13:01:48.556941986 CEST | 61151 | 53 | 192.168.2.11 | 1.1.1.1 |
Apr 8, 2024 13:01:48.682076931 CEST | 53 | 61151 | 1.1.1.1 | 192.168.2.11 |
Apr 8, 2024 13:01:49.742367983 CEST | 56104 | 53 | 192.168.2.11 | 1.1.1.1 |
Apr 8, 2024 13:01:49.867841959 CEST | 53 | 56104 | 1.1.1.1 | 192.168.2.11 |
Apr 8, 2024 13:01:56.485887051 CEST | 49191 | 53 | 192.168.2.11 | 1.1.1.1 |
Apr 8, 2024 13:01:56.853611946 CEST | 53 | 49191 | 1.1.1.1 | 192.168.2.11 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 8, 2024 13:01:48.556941986 CEST | 192.168.2.11 | 1.1.1.1 | 0x40f4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 8, 2024 13:01:49.742367983 CEST | 192.168.2.11 | 1.1.1.1 | 0x95ee | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 8, 2024 13:01:56.485887051 CEST | 192.168.2.11 | 1.1.1.1 | 0xebfa | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 8, 2024 13:01:48.682076931 CEST | 1.1.1.1 | 192.168.2.11 | 0x40f4 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 8, 2024 13:01:48.682076931 CEST | 1.1.1.1 | 192.168.2.11 | 0x40f4 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:01:48.682076931 CEST | 1.1.1.1 | 192.168.2.11 | 0x40f4 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:01:48.682076931 CEST | 1.1.1.1 | 192.168.2.11 | 0x40f4 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:01:48.682076931 CEST | 1.1.1.1 | 192.168.2.11 | 0x40f4 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:01:48.682076931 CEST | 1.1.1.1 | 192.168.2.11 | 0x40f4 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:01:49.867841959 CEST | 1.1.1.1 | 192.168.2.11 | 0x95ee | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:01:49.867841959 CEST | 1.1.1.1 | 192.168.2.11 | 0x95ee | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:01:56.853611946 CEST | 1.1.1.1 | 192.168.2.11 | 0xebfa | No error (0) | 172.67.169.18 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:01:56.853611946 CEST | 1.1.1.1 | 192.168.2.11 | 0xebfa | No error (0) | 104.21.27.85 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.11 | 49709 | 193.122.130.0 | 80 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:01:48.845681906 CEST | 151 | OUT | |
Apr 8, 2024 13:01:49.539989948 CEST | 276 | IN | |
Apr 8, 2024 13:01:49.548007965 CEST | 127 | OUT | |
Apr 8, 2024 13:01:49.702605963 CEST | 276 | IN | |
Apr 8, 2024 13:01:50.446862936 CEST | 127 | OUT | |
Apr 8, 2024 13:01:50.601237059 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.11 | 49713 | 193.122.130.0 | 80 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:01:51.320504904 CEST | 127 | OUT | |
Apr 8, 2024 13:01:51.475860119 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.11 | 49715 | 193.122.130.0 | 80 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:01:52.211030960 CEST | 151 | OUT | |
Apr 8, 2024 13:01:52.366915941 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.11 | 49719 | 193.122.130.0 | 80 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:01:53.086651087 CEST | 151 | OUT | |
Apr 8, 2024 13:01:53.241333008 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.11 | 49721 | 193.122.130.0 | 80 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:01:53.963572979 CEST | 151 | OUT | |
Apr 8, 2024 13:01:54.119596004 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.11 | 49723 | 193.122.130.0 | 80 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:01:54.855967999 CEST | 151 | OUT | |
Apr 8, 2024 13:01:55.037714958 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.11 | 49725 | 193.122.130.0 | 80 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:01:55.758650064 CEST | 151 | OUT | |
Apr 8, 2024 13:01:55.912643909 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.11 | 49711 | 104.21.67.152 | 443 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:01:50 UTC | 88 | OUT | |
2024-04-08 11:01:50 UTC | 708 | IN | |
2024-04-08 11:01:50 UTC | 380 | IN | |
2024-04-08 11:01:50 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.11 | 49712 | 104.21.67.152 | 443 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:01:50 UTC | 64 | OUT | |
2024-04-08 11:01:51 UTC | 704 | IN | |
2024-04-08 11:01:51 UTC | 380 | IN | |
2024-04-08 11:01:51 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.11 | 49714 | 104.21.67.152 | 443 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:01:51 UTC | 88 | OUT | |
2024-04-08 11:01:52 UTC | 706 | IN | |
2024-04-08 11:01:52 UTC | 380 | IN | |
2024-04-08 11:01:52 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.11 | 49717 | 104.21.67.152 | 443 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:01:52 UTC | 88 | OUT | |
2024-04-08 11:01:52 UTC | 706 | IN | |
2024-04-08 11:01:52 UTC | 380 | IN | |
2024-04-08 11:01:52 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.11 | 49720 | 104.21.67.152 | 443 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:01:53 UTC | 64 | OUT | |
2024-04-08 11:01:53 UTC | 710 | IN | |
2024-04-08 11:01:53 UTC | 380 | IN | |
2024-04-08 11:01:53 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.11 | 49722 | 104.21.67.152 | 443 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:01:54 UTC | 88 | OUT | |
2024-04-08 11:01:54 UTC | 714 | IN | |
2024-04-08 11:01:54 UTC | 380 | IN | |
2024-04-08 11:01:54 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.11 | 49724 | 104.21.67.152 | 443 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:01:55 UTC | 64 | OUT | |
2024-04-08 11:01:55 UTC | 712 | IN | |
2024-04-08 11:01:55 UTC | 380 | IN | |
2024-04-08 11:01:55 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.11 | 49726 | 104.21.67.152 | 443 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:01:56 UTC | 88 | OUT | |
2024-04-08 11:01:56 UTC | 712 | IN | |
2024-04-08 11:01:56 UTC | 380 | IN | |
2024-04-08 11:01:56 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.11 | 49727 | 172.67.169.18 | 443 | 7580 | C:\Users\user\Desktop\58208 Teklif.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:01:57 UTC | 79 | OUT | |
2024-04-08 11:02:28 UTC | 731 | IN | |
2024-04-08 11:02:28 UTC | 15 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 13:01:46 |
Start date: | 08/04/2024 |
Path: | C:\Users\user\Desktop\58208 Teklif.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd40000 |
File size: | 846'344 bytes |
MD5 hash: | DC59E080BC0BE8CEE52EC9E79CCC7E82 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 13:01:47 |
Start date: | 08/04/2024 |
Path: | C:\Users\user\Desktop\58208 Teklif.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb40000 |
File size: | 846'344 bytes |
MD5 hash: | DC59E080BC0BE8CEE52EC9E79CCC7E82 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 9.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 225 |
Total number of Limit Nodes: | 11 |
Graph
Function 07790007 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07790040 Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0155D2F0 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0155D300 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0155B068 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0155590D Relevance: 1.6, APIs: 1, Instructions: 101COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 015544E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0155D540 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07795C48 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07795C50 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077959C8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0155D548 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077959C7 Relevance: 1.6, APIs: 1, Instructions: 61threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07795A98 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0155AD1C Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0155B4D9 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07795AA0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077954E0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07794408 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077954DF Relevance: 1.5, APIs: 1, Instructions: 47threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077991A0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07799198 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0155B258 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077980B8 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FD4C4 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FD3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0150D1D4 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0150D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0150D006 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FD3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014FD4BF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0150D1CF Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07795590 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07795588 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07799E58 Relevance: .4, Instructions: 371COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07792C48 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077934B8 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07794CB8 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07793080 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0155DE0C Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07792C38 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077934A8 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 10.2% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 3.5% |
Total number of Nodes: | 170 |
Total number of Limit Nodes: | 12 |
Graph
Function 014168E0 Relevance: 5.3, Strings: 4, Instructions: 328COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141617D Relevance: 3.0, Strings: 2, Instructions: 504COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141B388 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD908D Relevance: 2.7, Strings: 2, Instructions: 192COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141BF10 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141C7B2 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141C1F0 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141C4D0 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01414B31 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141CA92 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141BC32 Relevance: 2.7, Strings: 2, Instructions: 183COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141B552 Relevance: 2.7, Strings: 2, Instructions: 152COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A989B0 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD15F8 Relevance: .7, Instructions: 745COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD8A58 Relevance: .3, Instructions: 296COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDDAC0 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDCE28 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDC7D8 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDBB38 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDA858 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDC188 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDAEA8 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDB4F0 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDD478 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDAE98 Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDD468 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD8A5D Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDBB27 Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDC178 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDCE18 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDC7CA Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01416EB8 Relevance: 10.5, Strings: 8, Instructions: 473COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BF4B68 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BF4B63 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01417850 Relevance: 3.2, Strings: 2, Instructions: 688COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01418849 Relevance: 2.8, Strings: 2, Instructions: 324COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01415700 Relevance: 2.8, Strings: 2, Instructions: 264COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01415C60 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD9960 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01413480 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01419CA5 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BFF6F3 Relevance: 1.7, APIs: 1, Instructions: 180COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01410C8F Relevance: 1.7, Strings: 1, Instructions: 417COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01410C9C Relevance: 1.7, Strings: 1, Instructions: 411COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01410CA0 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BFF6BB Relevance: 1.6, APIs: 1, Instructions: 148COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BFD84C Relevance: 1.6, APIs: 1, Instructions: 116COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9BFC4 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9BF64 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BF4834 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BF4DA9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A98D94 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BFC148 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BFD5BB Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BFC100 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BFD353 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141A258 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141FDA8 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141A878 Relevance: .4, Instructions: 405COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014198B8 Relevance: .3, Instructions: 304COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01417498 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141D3C2 Relevance: .2, Instructions: 172COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD15F3 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141D3D0 Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141D719 Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141E7CD Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141CD70 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDE110 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01413960 Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01419AC3 Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD9952 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01416790 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD9EA8 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD9EAD Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01414E20 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141A6C5 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDE100 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01417740 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141A869 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014120B8 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010ED404 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01415AC8 Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010FD044 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01414E11 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD9B40 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141E2D1 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDE510 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010ED3FF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01411FB8 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD9710 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141E2E0 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD9311 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010FD03F Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141565F Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD9DE9 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD2AD5 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD2A38 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD2A33 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD9BB0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01412078 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014182B8 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141A76D Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01415F10 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD2D05 Relevance: 11.7, Strings: 9, Instructions: 460COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141EA08 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A90040 Relevance: .7, Instructions: 709COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9C9B8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9F980 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A91980 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A91DE0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9F528 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A91520 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9C108 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9C560 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A910C0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9F0D0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9E820 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A90C60 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9EC78 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9E3C8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9DB18 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9DF70 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9D6C0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9CE10 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A9D268 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD5EC0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD8600 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD5A68 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD6BC8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD6318 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD6770 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD74A0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD0498 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD78F8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD08F0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD7020 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD0040 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD81A8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD11A0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD55E8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD7D50 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD0D48 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0141F502 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD3808 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A92240 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05A92586 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BD3803 Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDE5D8 Relevance: 5.1, Strings: 4, Instructions: 129COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06BDE5C8 Relevance: 5.1, Strings: 4, Instructions: 95COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014160E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |