Windows
Analysis Report
PsBygexGwH.exe
Overview
General Information
Sample name: | PsBygexGwH.exerenamed because original name is a hash value |
Original sample name: | f36cebf205cb95b23bea11f15356461b51b40cd0bd586e5c5f151a6396a6151a.exe |
Analysis ID: | 1422242 |
MD5: | 222d05295014f8974d6e358e1507770e |
SHA1: | d1475a87d8aad1852eda1ac93ebb0bbbb1f08e0b |
SHA256: | f36cebf205cb95b23bea11f15356461b51b40cd0bd586e5c5f151a6396a6151a |
Tags: | exe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- PsBygexGwH.exe (PID: 6516 cmdline:
"C:\Users\ user\Deskt op\PsBygex GwH.exe" MD5: 222D05295014F8974D6E358E1507770E) - name.exe (PID: 3052 cmdline:
"C:\Users\ user\Deskt op\PsBygex GwH.exe" MD5: 90D7DF3194AF25C7942DCDB56E8902F3) - RegSvcs.exe (PID: 5444 cmdline:
"C:\Users\ user\Deskt op\PsBygex GwH.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- wscript.exe (PID: 1908 cmdline:
"C:\Window s\System32 \WScript.e xe" "C:\Us ers\user\A ppData\Roa ming\Micro soft\Windo ws\Start M enu\Progra ms\Startup \name.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80) - name.exe (PID: 4556 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\n ame.exe" MD5: 90D7DF3194AF25C7942DCDB56E8902F3) - RegSvcs.exe (PID: 3844 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\n ame.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Username": "contabilidad@daipro.com.mx", "Password": "DAIpro123**", "Host": "mail.daipro.com.mx", "Port": "587"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
Click to see the 27 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
Click to see the 21 entries |
System Summary |
---|
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: Michael Haag: |
Data Obfuscation |
---|
Source: | Author: Joe Security: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0018DBBE | |
Source: | Code function: | 0_2_001968EE | |
Source: | Code function: | 0_2_0019698F | |
Source: | Code function: | 0_2_0018D076 | |
Source: | Code function: | 0_2_0018D3A9 | |
Source: | Code function: | 0_2_00199642 | |
Source: | Code function: | 0_2_0019979D | |
Source: | Code function: | 0_2_00199B2B | |
Source: | Code function: | 0_2_00195C97 | |
Source: | Code function: | 6_2_0032DBBE | |
Source: | Code function: | 6_2_003368EE | |
Source: | Code function: | 6_2_0033698F | |
Source: | Code function: | 6_2_0032D076 | |
Source: | Code function: | 6_2_0032D3A9 | |
Source: | Code function: | 6_2_00339642 | |
Source: | Code function: | 6_2_0033979D | |
Source: | Code function: | 6_2_00339B2B | |
Source: | Code function: | 6_2_00335C97 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 7_2_008EFA10 | |
Source: | Code function: | 7_2_008EEDF0 | |
Source: | Code function: | 7_2_008EEDF0 | |
Source: | Code function: | 7_2_008EE310 | |
Source: | Code function: | 7_2_008EE943 | |
Source: | Code function: | 7_2_008EEB23 | |
Source: | Code function: | 7_2_04F7C8B8 | |
Source: | Code function: | 7_2_04F704A0 | |
Source: | Code function: | 7_2_04F7C460 | |
Source: | Code function: | 7_2_04F7F428 | |
Source: | Code function: | 7_2_04F7D5C0 | |
Source: | Code function: | 7_2_04F70D60 | |
Source: | Code function: | 7_2_04F7CD10 | |
Source: | Code function: | 7_2_04F71506 | |
Source: | Code function: | 7_2_04F7DE70 | |
Source: | Code function: | 7_2_04F7EFD0 | |
Source: | Code function: | 7_2_04F7B758 | |
Source: | Code function: | 7_2_04F7E720 | |
Source: | Code function: | 7_2_04F7F880 | |
Source: | Code function: | 7_2_04F70040 | |
Source: | Code function: | 7_2_04F7C008 | |
Source: | Code function: | 7_2_04F711C0 | |
Source: | Code function: | 7_2_04F7D168 | |
Source: | Code function: | 7_2_04F70900 | |
Source: | Code function: | 7_2_04F7E2C8 | |
Source: | Code function: | 7_2_04F7DA18 | |
Source: | Code function: | 7_2_04F7BBB0 | |
Source: | Code function: | 7_2_04F7EB78 | |
Source: | Code function: | 7_2_04F7B300 | |
Source: | Code function: | 7_2_06058608 | |
Source: | Code function: | 7_2_06055618 | |
Source: | Code function: | 7_2_06055A70 | |
Source: | Code function: | 7_2_060536CE | |
Source: | Code function: | 7_2_06055EC8 | |
Source: | Code function: | 7_2_06056320 | |
Source: | Code function: | 7_2_06056778 | |
Source: | Code function: | 7_2_060533A8 | |
Source: | Code function: | 7_2_060533B8 | |
Source: | Code function: | 7_2_06056BD0 | |
Source: | Code function: | 7_2_06050040 | |
Source: | Code function: | 7_2_06057050 | |
Source: | Code function: | 7_2_06050498 | |
Source: | Code function: | 7_2_060574A8 | |
Source: | Code function: | 7_2_060508F0 | |
Source: | Code function: | 7_2_06057900 | |
Source: | Code function: | 7_2_06050D48 | |
Source: | Code function: | 7_2_06057D58 | |
Source: | Code function: | 7_2_06055198 | |
Source: | Code function: | 7_2_060581B0 | |
Source: | Code function: | 10_2_00AFFA10 | |
Source: | Code function: | 10_2_00AFEDF0 | |
Source: | Code function: | 10_2_00AFEDF0 | |
Source: | Code function: | 10_2_00AFE310 | |
Source: | Code function: | 10_2_00AFE943 | |
Source: | Code function: | 10_2_00AFEB23 | |
Source: | Code function: | 10_2_06378608 | |
Source: | Code function: | 10_2_06375618 | |
Source: | Code function: | 10_2_06375A70 | |
Source: | Code function: | 10_2_06375EC8 | |
Source: | Code function: | 10_2_06376320 | |
Source: | Code function: | 10_2_06376778 | |
Source: | Code function: | 10_2_063733B8 | |
Source: | Code function: | 10_2_063733A8 | |
Source: | Code function: | 10_2_06376BD0 | |
Source: | Code function: | 10_2_06377050 | |
Source: | Code function: | 10_2_06370040 | |
Source: | Code function: | 10_2_063774A8 | |
Source: | Code function: | 10_2_06370498 | |
Source: | Code function: | 10_2_063708F0 | |
Source: | Code function: | 10_2_06377900 | |
Source: | Code function: | 10_2_06377D58 | |
Source: | Code function: | 10_2_06370D48 | |
Source: | Code function: | 10_2_063781B0 | |
Source: | Code function: | 10_2_06375198 |
Networking |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_0019CE44 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0019EAFF |
Source: | Code function: | 0_2_0019ED6A | |
Source: | Code function: | 6_2_0033ED6A |
Source: | Code function: | 0_2_0019EAFF |
Source: | Code function: | 0_2_0018AA57 |
Source: | Code function: | 0_2_001B9576 | |
Source: | Code function: | 6_2_00359576 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_6544cbe5-d | |
Source: | String found in binary or memory: | memstr_b7a97d05-4 | |
Source: | String found in binary or memory: | memstr_ce91a3ca-8 | |
Source: | String found in binary or memory: | memstr_c94f0853-9 | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_1a9718ee-0 | |
Source: | String found in binary or memory: | memstr_4538d9ec-a | |
Source: | String found in binary or memory: | memstr_4b00458a-0 | |
Source: | String found in binary or memory: | memstr_0f2108f5-4 | |
Source: | String found in binary or memory: | memstr_f24d0a11-c | |
Source: | String found in binary or memory: | memstr_99a18de8-d | |
Source: | String found in binary or memory: | memstr_63133954-6 | |
Source: | String found in binary or memory: | memstr_d1731f20-b |
Source: | COM Object queried: | Jump to behavior |
Source: | Process Stats: |
Source: | Code function: | 0_2_0018D5EB |
Source: | Code function: | 0_2_00181201 |
Source: | Code function: | 0_2_0018E8F6 | |
Source: | Code function: | 6_2_0032E8F6 |
Source: | Code function: | 0_2_00192046 | |
Source: | Code function: | 0_2_00128060 | |
Source: | Code function: | 0_2_00188298 | |
Source: | Code function: | 0_2_0015E4FF | |
Source: | Code function: | 0_2_0015676B | |
Source: | Code function: | 0_2_001B4873 | |
Source: | Code function: | 0_2_0014CAA0 | |
Source: | Code function: | 0_2_0012CAF0 | |
Source: | Code function: | 0_2_0013CC39 | |
Source: | Code function: | 0_2_00156DD9 | |
Source: | Code function: | 0_2_0013B119 | |
Source: | Code function: | 0_2_001291C0 | |
Source: | Code function: | 0_2_00141394 | |
Source: | Code function: | 0_2_00141706 | |
Source: | Code function: | 0_2_0014781B | |
Source: | Code function: | 0_2_00127920 | |
Source: | Code function: | 0_2_0013997D | |
Source: | Code function: | 0_2_001419B0 | |
Source: | Code function: | 0_2_00147A4A | |
Source: | Code function: | 0_2_00141C77 | |
Source: | Code function: | 0_2_00147CA7 | |
Source: | Code function: | 0_2_001ABE44 | |
Source: | Code function: | 0_2_00159EEE | |
Source: | Code function: | 0_2_00141F32 | |
Source: | Code function: | 0_2_023C37C0 | |
Source: | Code function: | 6_2_002C8060 | |
Source: | Code function: | 6_2_00332046 | |
Source: | Code function: | 6_2_00328298 | |
Source: | Code function: | 6_2_002FE4FF | |
Source: | Code function: | 6_2_002F676B | |
Source: | Code function: | 6_2_00354873 | |
Source: | Code function: | 6_2_002ECAA0 | |
Source: | Code function: | 6_2_002CCAF0 | |
Source: | Code function: | 6_2_002DCC39 | |
Source: | Code function: | 6_2_002F6DD9 | |
Source: | Code function: | 6_2_002DD065 | |
Source: | Code function: | 6_2_002C90BC | |
Source: | Code function: | 6_2_002DB119 | |
Source: | Code function: | 6_2_002C91C0 | |
Source: | Code function: | 6_2_002E1394 | |
Source: | Code function: | 6_2_002E1706 | |
Source: | Code function: | 6_2_002E781B | |
Source: | Code function: | 6_2_002C7920 | |
Source: | Code function: | 6_2_002D997D | |
Source: | Code function: | 6_2_002E19B0 | |
Source: | Code function: | 6_2_002E7A4A | |
Source: | Code function: | 6_2_002E1C77 | |
Source: | Code function: | 6_2_002E7CA7 | |
Source: | Code function: | 6_2_00313CD5 | |
Source: | Code function: | 6_2_0034BE44 | |
Source: | Code function: | 6_2_002F9EEE | |
Source: | Code function: | 6_2_002E1F32 | |
Source: | Code function: | 6_2_002CBF40 | |
Source: | Code function: | 6_2_039037C0 | |
Source: | Code function: | 7_2_008EC1F0 | |
Source: | Code function: | 7_2_008E6168 | |
Source: | Code function: | 7_2_008EB388 | |
Source: | Code function: | 7_2_008EC4D0 | |
Source: | Code function: | 7_2_008EC7B2 | |
Source: | Code function: | 7_2_008E98B8 | |
Source: | Code function: | 7_2_008E68E0 | |
Source: | Code function: | 7_2_008ECA92 | |
Source: | Code function: | 7_2_008EFA10 | |
Source: | Code function: | 7_2_008E4B31 | |
Source: | Code function: | 7_2_008EBC32 | |
Source: | Code function: | 7_2_008EEDF0 | |
Source: | Code function: | 7_2_008EBF10 | |
Source: | Code function: | 7_2_008EE300 | |
Source: | Code function: | 7_2_008EE310 | |
Source: | Code function: | 7_2_008E35CA | |
Source: | Code function: | 7_2_008EB552 | |
Source: | Code function: | 7_2_04F73688 | |
Source: | Code function: | 7_2_04F7C8B8 | |
Source: | Code function: | 7_2_04F78278 | |
Source: | Code function: | 7_2_04F77BA8 | |
Source: | Code function: | 7_2_04F704A0 | |
Source: | Code function: | 7_2_04F70490 | |
Source: | Code function: | 7_2_04F7C460 | |
Source: | Code function: | 7_2_04F7C450 | |
Source: | Code function: | 7_2_04F7F428 | |
Source: | Code function: | 7_2_04F7F418 | |
Source: | Code function: | 7_2_04F7D5C0 | |
Source: | Code function: | 7_2_04F7D5B0 | |
Source: | Code function: | 7_2_04F70D60 | |
Source: | Code function: | 7_2_04F70D50 | |
Source: | Code function: | 7_2_04F7CD10 | |
Source: | Code function: | 7_2_04F7CD02 | |
Source: | Code function: | 7_2_04F7DE70 | |
Source: | Code function: | 7_2_04F73678 | |
Source: | Code function: | 7_2_04F7DE61 | |
Source: | Code function: | 7_2_04F7BFF8 | |
Source: | Code function: | 7_2_04F7EFD0 | |
Source: | Code function: | 7_2_04F7EFC1 | |
Source: | Code function: | 7_2_04F7B758 | |
Source: | Code function: | 7_2_04F7B748 | |
Source: | Code function: | 7_2_04F7E720 | |
Source: | Code function: | 7_2_04F7E710 | |
Source: | Code function: | 7_2_04F708F1 | |
Source: | Code function: | 7_2_04F7C8A8 | |
Source: | Code function: | 7_2_04F7F880 | |
Source: | Code function: | 7_2_04F7F871 | |
Source: | Code function: | 7_2_04F70040 | |
Source: | Code function: | 7_2_04F7001F | |
Source: | Code function: | 7_2_04F7C008 | |
Source: | Code function: | 7_2_04F7D168 | |
Source: | Code function: | 7_2_04F7D158 | |
Source: | Code function: | 7_2_04F70900 | |
Source: | Code function: | 7_2_04F7B2EF | |
Source: | Code function: | 7_2_04F7E2C8 | |
Source: | Code function: | 7_2_04F7E2B8 | |
Source: | Code function: | 7_2_04F7DA18 | |
Source: | Code function: | 7_2_04F77200 | |
Source: | Code function: | 7_2_04F7DA09 | |
Source: | Code function: | 7_2_04F7BBB0 | |
Source: | Code function: | 7_2_04F7BBA0 | |
Source: | Code function: | 7_2_04F7EB78 | |
Source: | Code function: | 7_2_04F7EB68 | |
Source: | Code function: | 7_2_04F7B300 | |
Source: | Code function: | 7_2_06058608 | |
Source: | Code function: | 7_2_0605AA58 | |
Source: | Code function: | 7_2_0605D670 | |
Source: | Code function: | 7_2_0605B6E8 | |
Source: | Code function: | 7_2_06058B58 | |
Source: | Code function: | 7_2_0605C388 | |
Source: | Code function: | 7_2_0605A408 | |
Source: | Code function: | 7_2_0605D028 | |
Source: | Code function: | 7_2_0605B0A0 | |
Source: | Code function: | 7_2_0605BD38 | |
Source: | Code function: | 7_2_060511A0 | |
Source: | Code function: | 7_2_0605C9D8 | |
Source: | Code function: | 7_2_06058602 | |
Source: | Code function: | 7_2_0605560A | |
Source: | Code function: | 7_2_06055618 | |
Source: | Code function: | 7_2_0605AA48 | |
Source: | Code function: | 7_2_06055A60 | |
Source: | Code function: | 7_2_0605D662 | |
Source: | Code function: | 7_2_06055A70 | |
Source: | Code function: | 7_2_06055EB8 | |
Source: | Code function: | 7_2_06055EC8 | |
Source: | Code function: | 7_2_0605B6D8 | |
Source: | Code function: | 7_2_06056312 | |
Source: | Code function: | 7_2_06056320 | |
Source: | Code function: | 7_2_06053730 | |
Source: | Code function: | 7_2_06056768 | |
Source: | Code function: | 7_2_06056778 | |
Source: | Code function: | 7_2_0605C378 | |
Source: | Code function: | 7_2_060533A8 | |
Source: | Code function: | 7_2_060533B8 | |
Source: | Code function: | 7_2_06056BC1 | |
Source: | Code function: | 7_2_06056BD0 | |
Source: | Code function: | 7_2_0605A3FA | |
Source: | Code function: | 7_2_06052807 | |
Source: | Code function: | 7_2_06050006 | |
Source: | Code function: | 7_2_06052818 | |
Source: | Code function: | 7_2_0605D018 | |
Source: | Code function: | 7_2_06054430 | |
Source: | Code function: | 7_2_06050040 | |
Source: | Code function: | 7_2_06057049 | |
Source: | Code function: | 7_2_06057050 | |
Source: | Code function: | 7_2_06050488 | |
Source: | Code function: | 7_2_06057497 | |
Source: | Code function: | 7_2_0605B090 | |
Source: | Code function: | 7_2_06050498 | |
Source: | Code function: | 7_2_060574A8 | |
Source: | Code function: | 7_2_060508E0 | |
Source: | Code function: | 7_2_060508F0 | |
Source: | Code function: | 7_2_060578F0 | |
Source: | Code function: | 7_2_06057900 | |
Source: | Code function: | 7_2_0605BD28 | |
Source: | Code function: | 7_2_06050D39 | |
Source: | Code function: | 7_2_06050D48 | |
Source: | Code function: | 7_2_06057D48 | |
Source: | Code function: | 7_2_06057D58 | |
Source: | Code function: | 7_2_0605518A | |
Source: | Code function: | 7_2_06051191 | |
Source: | Code function: | 7_2_06055198 | |
Source: | Code function: | 7_2_060581A0 | |
Source: | Code function: | 7_2_060581B0 | |
Source: | Code function: | 7_2_0605C9C8 | |
Source: | Code function: | 9_2_03D437C0 | |
Source: | Code function: | 10_2_00AFC1F0 | |
Source: | Code function: | 10_2_00AF6168 | |
Source: | Code function: | 10_2_00AFC4D3 | |
Source: | Code function: | 10_2_00AFB500 | |
Source: | Code function: | 10_2_00AFC7B1 | |
Source: | Code function: | 10_2_00AF6790 | |
Source: | Code function: | 10_2_00AF98B8 | |
Source: | Code function: | 10_2_00AFCA91 | |
Source: | Code function: | 10_2_00AFFA10 | |
Source: | Code function: | 10_2_00AF4B31 | |
Source: | Code function: | 10_2_00AFEDF0 | |
Source: | Code function: | 10_2_00AFBF10 | |
Source: | Code function: | 10_2_00AFE300 | |
Source: | Code function: | 10_2_00AFE310 | |
Source: | Code function: | 10_2_00AF35C8 | |
Source: | Code function: | 10_2_06378608 | |
Source: | Code function: | 10_2_0637D670 | |
Source: | Code function: | 10_2_0637AA58 | |
Source: | Code function: | 10_2_0637B6E8 | |
Source: | Code function: | 10_2_0637C388 | |
Source: | Code function: | 10_2_0637D028 | |
Source: | Code function: | 10_2_0637A408 | |
Source: | Code function: | 10_2_06378C51 | |
Source: | Code function: | 10_2_0637B0A0 | |
Source: | Code function: | 10_2_0637BD38 | |
Source: | Code function: | 10_2_063711A0 | |
Source: | Code function: | 10_2_0637C9D8 | |
Source: | Code function: | 10_2_06375618 | |
Source: | Code function: | 10_2_0637560A | |
Source: | Code function: | 10_2_06375A70 | |
Source: | Code function: | 10_2_0637D663 | |
Source: | Code function: | 10_2_06375A60 | |
Source: | Code function: | 10_2_0637AA48 | |
Source: | Code function: | 10_2_06375EB8 | |
Source: | Code function: | 10_2_0637B6D8 | |
Source: | Code function: | 10_2_06375EC8 | |
Source: | Code function: | 10_2_06373730 | |
Source: | Code function: | 10_2_06376320 | |
Source: | Code function: | 10_2_06376312 | |
Source: | Code function: | 10_2_06376778 | |
Source: | Code function: | 10_2_0637C378 | |
Source: | Code function: | 10_2_0637676A | |
Source: | Code function: | 10_2_063733B8 | |
Source: | Code function: | 10_2_063733A8 | |
Source: | Code function: | 10_2_0637A3FA | |
Source: | Code function: | 10_2_06376BD0 | |
Source: | Code function: | 10_2_06376BC1 | |
Source: | Code function: | 10_2_06374430 | |
Source: | Code function: | 10_2_06372818 | |
Source: | Code function: | 10_2_0637D018 | |
Source: | Code function: | 10_2_06372807 | |
Source: | Code function: | 10_2_06370006 | |
Source: | Code function: | 10_2_06377050 | |
Source: | Code function: | 10_2_06370040 | |
Source: | Code function: | 10_2_06377040 | |
Source: | Code function: | 10_2_063774A8 | |
Source: | Code function: | 10_2_06377497 | |
Source: | Code function: | 10_2_0637B090 | |
Source: | Code function: | 10_2_06370498 | |
Source: | Code function: | 10_2_06370488 | |
Source: | Code function: | 10_2_063708F0 | |
Source: | Code function: | 10_2_063778F0 | |
Source: | Code function: | 10_2_063708E0 | |
Source: | Code function: | 10_2_06370D39 | |
Source: | Code function: | 10_2_0637BD28 | |
Source: | Code function: | 10_2_06377900 | |
Source: | Code function: | 10_2_06377D58 | |
Source: | Code function: | 10_2_06370D48 | |
Source: | Code function: | 10_2_06377D48 | |
Source: | Code function: | 10_2_063781B0 | |
Source: | Code function: | 10_2_063781A0 | |
Source: | Code function: | 10_2_06371191 | |
Source: | Code function: | 10_2_06375198 | |
Source: | Code function: | 10_2_0637518A | |
Source: | Code function: | 10_2_063785FC | |
Source: | Code function: | 10_2_0637C9C8 |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | 0_2_001937B5 |
Source: | Code function: | 0_2_001810BF | |
Source: | Code function: | 0_2_001816C3 | |
Source: | Code function: | 6_2_003210BF | |
Source: | Code function: | 6_2_003216C3 |
Source: | Code function: | 0_2_001951CD |
Source: | Code function: | 0_2_001AA67C |
Source: | Code function: | 0_2_0019648E |
Source: | Code function: | 0_2_001242A2 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_001242DE |
Source: | Code function: | 0_2_00140A89 | |
Source: | Code function: | 6_2_002E0A89 | |
Source: | Code function: | 7_2_008E9771 | |
Source: | Code function: | 7_2_04F7234B | |
Source: | Code function: | 10_2_00AF9771 |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_0013F98E | |
Source: | Code function: | 0_2_001B1C41 | |
Source: | Code function: | 6_2_002DF98E | |
Source: | Code function: | 6_2_00351C41 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Sandbox detection routine: | graph_0-99308 | ||
Source: | Sandbox detection routine: |
Source: | Code function: | 6_2_002CD010 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Code function: | 0_2_0018DBBE | |
Source: | Code function: | 0_2_001968EE | |
Source: | Code function: | 0_2_0019698F | |
Source: | Code function: | 0_2_0018D076 | |
Source: | Code function: | 0_2_0018D3A9 | |
Source: | Code function: | 0_2_00199642 | |
Source: | Code function: | 0_2_0019979D | |
Source: | Code function: | 0_2_00199B2B | |
Source: | Code function: | 0_2_00195C97 | |
Source: | Code function: | 6_2_0032DBBE | |
Source: | Code function: | 6_2_003368EE | |
Source: | Code function: | 6_2_0033698F | |
Source: | Code function: | 6_2_0032D076 | |
Source: | Code function: | 6_2_0032D3A9 | |
Source: | Code function: | 6_2_00339642 | |
Source: | Code function: | 6_2_0033979D | |
Source: | Code function: | 6_2_00339B2B | |
Source: | Code function: | 6_2_00335C97 |
Source: | Code function: | 0_2_001242DE |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | Code function: | 6_2_002CD010 |
Source: | Code function: | 6_2_002CD010 |
Source: | Code function: | 7_2_04F77BA8 |
Source: | Code function: | 0_2_0019EAA2 |
Source: | Code function: | 0_2_00152622 |
Source: | Code function: | 0_2_001242DE |
Source: | Code function: | 0_2_00144CE8 | |
Source: | Code function: | 0_2_023C3650 | |
Source: | Code function: | 0_2_023C36B0 | |
Source: | Code function: | 0_2_023C1ED0 | |
Source: | Code function: | 6_2_002E4CE8 | |
Source: | Code function: | 6_2_039036B0 | |
Source: | Code function: | 6_2_03903650 | |
Source: | Code function: | 6_2_03901ED0 | |
Source: | Code function: | 9_2_03D43650 | |
Source: | Code function: | 9_2_03D41ED0 | |
Source: | Code function: | 9_2_03D436B0 |
Source: | Code function: | 0_2_00180B62 |
Source: | Code function: | 0_2_00152622 | |
Source: | Code function: | 0_2_0014083F | |
Source: | Code function: | 0_2_001409D5 | |
Source: | Code function: | 0_2_00140C21 | |
Source: | Code function: | 6_2_002F2622 | |
Source: | Code function: | 6_2_002E083F | |
Source: | Code function: | 6_2_002E09D5 | |
Source: | Code function: | 6_2_002E0C21 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 0_2_00181201 |
Source: | Code function: | 0_2_00162BA5 |
Source: | Code function: | 0_2_0018B226 |
Source: | Code function: | 0_2_001A22DA |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00180B62 |
Source: | Code function: | 0_2_00181663 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00140698 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00198195 |
Source: | Code function: | 0_2_0017D27A |
Source: | Code function: | 0_2_0015BB6F |
Source: | Code function: | 0_2_001242DE |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_001A1204 | |
Source: | Code function: | 0_2_001A1806 | |
Source: | Code function: | 6_2_00341204 | |
Source: | Code function: | 6_2_00341806 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 111 Scripting | 2 Valid Accounts | 1 Native API | 111 Scripting | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 21 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 2 Valid Accounts | 2 Valid Accounts | 3 Obfuscated Files or Information | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | 2 Registry Run Keys / Startup Folder | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 27 System Information Discovery | Distributed Component Object Model | 21 Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 1 Masquerading | LSA Secrets | 131 Security Software Discovery | SSH | 3 Clipboard Data | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 2 Registry Run Keys / Startup Folder | 2 Valid Accounts | Cached Domain Credentials | 111 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 111 Virtualization/Sandbox Evasion | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 21 Access Token Manipulation | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 212 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 System Network Configuration Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
66% | ReversingLabs | Win32.Trojan.Strab | ||
70% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
6% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
15% | Virustotal | Browse | ||
6% | Virustotal | Browse | ||
14% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
reallyfreegeoip.org | 172.67.177.134 | true | false |
| unknown |
scratchdreams.tk | 104.21.27.85 | true | false |
| unknown |
checkip.dyndns.com | 158.101.44.242 | true | false |
| unknown |
checkip.dyndns.org | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
158.101.44.242 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
172.67.177.134 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
104.21.27.85 | scratchdreams.tk | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1422242 |
Start date and time: | 2024-04-08 13:56:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 10m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | PsBygexGwH.exerenamed because original name is a hash value |
Original Sample Name: | f36cebf205cb95b23bea11f15356461b51b40cd0bd586e5c5f151a6396a6151a.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winEXE@10/10@3/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target RegSvcs.exe, PID 3844 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
12:59:12 | Autostart | |
13:59:15 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
158.101.44.242 | Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla, RisePro Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
172.67.177.134 | Get hash | malicious | Snake Keylogger | Browse | ||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
104.21.27.85 | Get hash | malicious | Snake Keylogger | Browse | ||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
scratchdreams.tk | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
reallyfreegeoip.org | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | RisePro Stealer | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Dridex Dropper, RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | RisePro Stealer | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Dridex Dropper, RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | SmokeLoader, Xehook Stealer | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Process: | C:\Users\user\Desktop\PsBygexGwH.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 104292 |
Entropy (8bit): | 7.941208599431399 |
Encrypted: | false |
SSDEEP: | 3072:9Sfybq8aByxl/fO6XV7VmuD/3QcfaiSebeefOgwpN:9H9EEl/fH/gKaiRbbfKpN |
MD5: | 814097FD9BBB82AAD3FDE173805F64BD |
SHA1: | 45B4AB185ACE33B687C48082617F0E1CD89EA2A6 |
SHA-256: | 1ECC36DB3051954AD5D96501C004AA6560D0B5FDF3F7420BADE23C632774F6BF |
SHA-512: | CA8B68FDC1D1FD0D6A4393EC96C7BF7B1DBC446E336CC260AE9C1122C8F94D1180AAEA7636BB2C4E8581EB868F82C30C523AF1CA84BCA95ABFE79D4A6F8F9FE3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PsBygexGwH.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10102 |
Entropy (8bit): | 7.593118334351576 |
Encrypted: | false |
SSDEEP: | 192:QNAVE5Le06Tr+mPg5aV719N2wkCKltkRcLihNLpxJFdu63kKxvD/MIFnY7N:QNAQe06f+mBV71ewkRnihhJX0KxBFnGN |
MD5: | F7F3CDD23C6186501A42F72D606BC7AC |
SHA1: | 7764AB12BFC2A588BECC07D9D24B020F36E7568C |
SHA-256: | 16CCD30B291DA4E7DB7EFFFE3781896E9C028456531D9CD24C824998155861B6 |
SHA-512: | A4B1495081555E702B015F3D436EFC494E475A8B39CB38285656A4B939075F9FA5553BD08DBF0F051D7CC4112DA08779E77352F21ACB35CA0643425E2B40ACA9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\name.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 104292 |
Entropy (8bit): | 7.941208599431399 |
Encrypted: | false |
SSDEEP: | 3072:9Sfybq8aByxl/fO6XV7VmuD/3QcfaiSebeefOgwpN:9H9EEl/fH/gKaiRbbfKpN |
MD5: | 814097FD9BBB82AAD3FDE173805F64BD |
SHA1: | 45B4AB185ACE33B687C48082617F0E1CD89EA2A6 |
SHA-256: | 1ECC36DB3051954AD5D96501C004AA6560D0B5FDF3F7420BADE23C632774F6BF |
SHA-512: | CA8B68FDC1D1FD0D6A4393EC96C7BF7B1DBC446E336CC260AE9C1122C8F94D1180AAEA7636BB2C4E8581EB868F82C30C523AF1CA84BCA95ABFE79D4A6F8F9FE3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\name.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10102 |
Entropy (8bit): | 7.593118334351576 |
Encrypted: | false |
SSDEEP: | 192:QNAVE5Le06Tr+mPg5aV719N2wkCKltkRcLihNLpxJFdu63kKxvD/MIFnY7N:QNAQe06f+mBV71ewkRnihhJX0KxBFnGN |
MD5: | F7F3CDD23C6186501A42F72D606BC7AC |
SHA1: | 7764AB12BFC2A588BECC07D9D24B020F36E7568C |
SHA-256: | 16CCD30B291DA4E7DB7EFFFE3781896E9C028456531D9CD24C824998155861B6 |
SHA-512: | A4B1495081555E702B015F3D436EFC494E475A8B39CB38285656A4B939075F9FA5553BD08DBF0F051D7CC4112DA08779E77352F21ACB35CA0643425E2B40ACA9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\name.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 104292 |
Entropy (8bit): | 7.941208599431399 |
Encrypted: | false |
SSDEEP: | 3072:9Sfybq8aByxl/fO6XV7VmuD/3QcfaiSebeefOgwpN:9H9EEl/fH/gKaiRbbfKpN |
MD5: | 814097FD9BBB82AAD3FDE173805F64BD |
SHA1: | 45B4AB185ACE33B687C48082617F0E1CD89EA2A6 |
SHA-256: | 1ECC36DB3051954AD5D96501C004AA6560D0B5FDF3F7420BADE23C632774F6BF |
SHA-512: | CA8B68FDC1D1FD0D6A4393EC96C7BF7B1DBC446E336CC260AE9C1122C8F94D1180AAEA7636BB2C4E8581EB868F82C30C523AF1CA84BCA95ABFE79D4A6F8F9FE3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\name.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10102 |
Entropy (8bit): | 7.593118334351576 |
Encrypted: | false |
SSDEEP: | 192:QNAVE5Le06Tr+mPg5aV719N2wkCKltkRcLihNLpxJFdu63kKxvD/MIFnY7N:QNAQe06f+mBV71ewkRnihhJX0KxBFnGN |
MD5: | F7F3CDD23C6186501A42F72D606BC7AC |
SHA1: | 7764AB12BFC2A588BECC07D9D24B020F36E7568C |
SHA-256: | 16CCD30B291DA4E7DB7EFFFE3781896E9C028456531D9CD24C824998155861B6 |
SHA-512: | A4B1495081555E702B015F3D436EFC494E475A8B39CB38285656A4B939075F9FA5553BD08DBF0F051D7CC4112DA08779E77352F21ACB35CA0643425E2B40ACA9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PsBygexGwH.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29718 |
Entropy (8bit): | 3.579534381329983 |
Encrypted: | false |
SSDEEP: | 768:FiTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbeE+ItIiy4vfF3if6gy8:FiTZ+2QoioGRk6ZklputwjpjBkCiw2R2 |
MD5: | 4F75A7B10B7338B674939F2E64A4F73A |
SHA1: | F5DA2453CB0C24182783E638AF61E4D98B072AC9 |
SHA-256: | 7860BD51138552E6A637DB7B9C3998A865CE586F7DD0DCDD0D5643D62699B9BA |
SHA-512: | 0679F8CBF17E5986B4EAB246B5AEA68C2C80F08EB02F2103675BC2BBD2FB57E6199FCEB89BDF984D379CDD4BF77231B4F62D99EE888CC4F18E4F4F4A7FC5F61D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PsBygexGwH.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 133632 |
Entropy (8bit): | 7.068705738050652 |
Encrypted: | false |
SSDEEP: | 3072:kdmkY26vGslIQ+wteQUBDe1uxH5CUkO3ZwS8O64zLhJ0rDW0w654ArA:kgkY9+qBUgkV34O64X/0rD5A |
MD5: | AB789573C51720A521954BC2DEEA06FC |
SHA1: | AF07C939088FFEB71E7C16A4D7487EE7931E0006 |
SHA-256: | C70A64AC25B90077931E151724F8566C8D07E6E4888AAD9577FA467ED96A97B8 |
SHA-512: | 0B460881D64A03DC82DF6C0D3D4D0619DABB171B24866D460FA4F1AC3A84F95F8115667093D51F0C65C835802E6418359DAFF81C934E8FEB425CC3934FDC961A |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PsBygexGwH.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 114376704 |
Entropy (8bit): | 7.999599217476744 |
Encrypted: | true |
SSDEEP: | 393216:I3dR6pAWZcZPnwVif1Obttb5MK356rrQ42LEGrzEj5JHfY/q5KQf5NHAB1xLq:IUpAWpM1M356rrQ4LVfYr0HW/G |
MD5: | 90D7DF3194AF25C7942DCDB56E8902F3 |
SHA1: | 2865B48E868C6CC67B335E82F3EF2864D727F6A3 |
SHA-256: | 496E83A0C5C3A23F63CF1B3EEC90E671E83C1186E9FA64A36429EABC2243367C |
SHA-512: | F4E95549954E921498656661C5049DC6ADB7BAFA82D8C198059E95F0F264B0A4DF49BA6CD79E223F043DDA0AFC03650ACE78A3B14AB965B0EFE637CA5CDA719F |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\name.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 268 |
Entropy (8bit): | 3.4209455304240626 |
Encrypted: | false |
SSDEEP: | 6:DMM8lfm3OOQdUfcloRKUEZ+lX1Al1AE6nriIM8lfQVn:DsO+vNloRKQ1A1z4mA2n |
MD5: | D3A871A22DFC23DD6763F6002299B13A |
SHA1: | B7934BFD389FE7FBDC08710EDABA4C16D3EED618 |
SHA-256: | FEA868420602CDAF96C19BE169F6BA44178494DB3B8F6292DCD7B8A8BB194F66 |
SHA-512: | 6166B8A0DED88F7C8F3CC1D92A44A0A112B4CFCBEEB3934005E89B32614C79BB7F7ABDBF8CF84D90D4864C425460673739935562B344AE14FFE1076F5D0F7CA9 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.985470169110912 |
TrID: |
|
File name: | PsBygexGwH.exe |
File size: | 1'130'496 bytes |
MD5: | 222d05295014f8974d6e358e1507770e |
SHA1: | d1475a87d8aad1852eda1ac93ebb0bbbb1f08e0b |
SHA256: | f36cebf205cb95b23bea11f15356461b51b40cd0bd586e5c5f151a6396a6151a |
SHA512: | c4c7306b63d8532337a302ae1129d10bea3fe31c5ac38f2d279309960b6c2bbd3b572486778a6d00e75bdcf3ccb92d975ead94f9c5134d712222ee99da3bd096 |
SSDEEP: | 24576:gqDEvCTbMWu7rQYlBQcBiT6rprG8anIpGboB/Gii:gTvC/MTQYxsWR7anCGw+i |
TLSH: | F735BF0273C1D062FF9B92334B5AF6515BBC6A260123E61F13981DB9BE701B1563E7A3 |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z.... |
Icon Hash: | aaf3e3e3938382a0 |
Entrypoint: | 0x420577 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6602E50B [Tue Mar 26 15:08:59 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 948cc502fe9226992dce9417f952fce3 |
Instruction |
---|
call 00007F3E0D724223h |
jmp 00007F3E0D723B2Fh |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F3E0D723D0Dh |
mov dword ptr [esi], 0049FDF0h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FDF8h |
mov dword ptr [ecx], 0049FDF0h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F3E0D723CDAh |
mov dword ptr [esi], 0049FE0Ch |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FE14h |
mov dword ptr [ecx], 0049FE0Ch |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
and dword ptr [eax], 00000000h |
and dword ptr [eax+04h], 00000000h |
push eax |
mov eax, dword ptr [ebp+08h] |
add eax, 04h |
push eax |
call 00007F3E0D7268CDh |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
lea eax, dword ptr [ecx+04h] |
mov dword ptr [ecx], 0049FDD0h |
push eax |
call 00007F3E0D726918h |
pop ecx |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
push eax |
call 00007F3E0D726901h |
test byte ptr [ebp+08h], 00000001h |
pop ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc8e64 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd4000 | 0x3d478 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x112000 | 0x7594 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb0ff0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xc3400 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xb1010 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9c000 | 0x894 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x9ab1d | 0x9ac00 | 0a1473f3064dcbc32ef93c5c8a90f3a6 | False | 0.565500681542811 | data | 6.668273581389308 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x9c000 | 0x2fb82 | 0x2fc00 | c9cf2468b60bf4f80f136ed54b3989fb | False | 0.35289185209424084 | data | 5.691811547483722 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xcc000 | 0x706c | 0x4800 | 53b9025d545d65e23295e30afdbd16d9 | False | 0.04356553819444445 | DOS executable (block device driver @\273\) | 0.5846666986982398 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xd4000 | 0x3d478 | 0x3d600 | 63b2868add101ae138f2fa4f40774c6c | False | 0.8921803398676171 | data | 7.809273577814519 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x112000 | 0x7594 | 0x7600 | c68ee8931a32d45eb82dc450ee40efc3 | False | 0.7628111758474576 | data | 6.7972128181359786 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xd45a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xd46d0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xd47f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xd4920 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | Great Britain | 0.3333333333333333 |
RT_ICON | 0xd4c08 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | Great Britain | 0.5 |
RT_ICON | 0xd4d30 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | Great Britain | 0.2835820895522388 |
RT_ICON | 0xd5bd8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | Great Britain | 0.37906137184115524 |
RT_ICON | 0xd6480 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | Great Britain | 0.23699421965317918 |
RT_ICON | 0xd69e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | Great Britain | 0.13858921161825727 |
RT_ICON | 0xd8f90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | Great Britain | 0.25070356472795496 |
RT_ICON | 0xda038 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | Great Britain | 0.3173758865248227 |
RT_MENU | 0xda4a0 | 0x50 | data | English | Great Britain | 0.9 |
RT_STRING | 0xda4f0 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
RT_STRING | 0xdaa84 | 0x68a | data | English | Great Britain | 0.2735961768219833 |
RT_STRING | 0xdb110 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
RT_STRING | 0xdb5a0 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0xdbb9c | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0xdc1f8 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
RT_STRING | 0xdc660 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
RT_RCDATA | 0xdc7b8 | 0x34740 | data | 1.0003537384569556 | ||
RT_GROUP_ICON | 0x110ef8 | 0x76 | data | English | Great Britain | 0.6610169491525424 |
RT_GROUP_ICON | 0x110f70 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0x110f84 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0x110f98 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0x110fac | 0xdc | data | English | Great Britain | 0.6181818181818182 |
RT_MANIFEST | 0x111088 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
DLL | Import |
---|---|
WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
PSAPI.DLL | GetProcessMemoryInfo |
IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
UxTheme.dll | IsThemeActive |
KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW |
USER32.dll | GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient |
GDI32.dll | EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW |
SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
OLEAUT32.dll | CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2024 13:59:12.632882118 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:12.811760902 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:12.811991930 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:12.812274933 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:12.991117001 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:13.127237082 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:13.175162077 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:13.321785927 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:13.500679016 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:13.508291006 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:13.550195932 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:14.531517982 CEST | 49738 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:14.531557083 CEST | 443 | 49738 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:14.531619072 CEST | 49738 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:14.685353041 CEST | 49738 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:14.685386896 CEST | 443 | 49738 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:14.946806908 CEST | 443 | 49738 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:14.946933031 CEST | 49738 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:14.985507011 CEST | 49738 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:14.985537052 CEST | 443 | 49738 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:14.985790968 CEST | 443 | 49738 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:15.034547091 CEST | 49738 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:15.185969114 CEST | 49738 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:15.232234001 CEST | 443 | 49738 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:15.320166111 CEST | 443 | 49738 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:15.320307016 CEST | 443 | 49738 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:15.320456982 CEST | 49738 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:15.584688902 CEST | 49738 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:15.666697979 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:15.885596037 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:15.940800905 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:16.029479980 CEST | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:16.029509068 CEST | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:16.029620886 CEST | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:16.029942036 CEST | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:16.029953957 CEST | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:16.288114071 CEST | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:16.290956020 CEST | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:16.290992022 CEST | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:16.588903904 CEST | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:16.589003086 CEST | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:16.589046955 CEST | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:16.589586020 CEST | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:16.593166113 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:16.594477892 CEST | 49740 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:16.776196003 CEST | 80 | 49740 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:16.776340961 CEST | 49740 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:16.776511908 CEST | 49740 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:16.785729885 CEST | 80 | 49737 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:16.785831928 CEST | 49737 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:16.955636978 CEST | 80 | 49740 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:17.181565046 CEST | 80 | 49740 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:17.182904005 CEST | 49741 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:17.182935953 CEST | 443 | 49741 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:17.183015108 CEST | 49741 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:17.183271885 CEST | 49741 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:17.183286905 CEST | 443 | 49741 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:17.222132921 CEST | 49740 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:17.440624952 CEST | 443 | 49741 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:17.442293882 CEST | 49741 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:17.442322016 CEST | 443 | 49741 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:17.739309072 CEST | 443 | 49741 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:17.739418983 CEST | 443 | 49741 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:17.739479065 CEST | 49741 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:17.739912033 CEST | 49741 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:17.757127047 CEST | 49742 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:17.937038898 CEST | 80 | 49742 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:17.937133074 CEST | 49742 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:17.937311888 CEST | 49742 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:18.116170883 CEST | 80 | 49742 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:18.119434118 CEST | 80 | 49742 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:18.120605946 CEST | 49743 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:18.120630980 CEST | 443 | 49743 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:18.120693922 CEST | 49743 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:18.121021032 CEST | 49743 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:18.121027946 CEST | 443 | 49743 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:18.159521103 CEST | 49742 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:18.395477057 CEST | 443 | 49743 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:18.397247076 CEST | 49743 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:18.397268057 CEST | 443 | 49743 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:18.699667931 CEST | 443 | 49743 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:18.699812889 CEST | 443 | 49743 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:18.699861050 CEST | 49743 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:18.700406075 CEST | 49743 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:18.705539942 CEST | 49742 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:18.706899881 CEST | 49744 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:18.886428118 CEST | 80 | 49744 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:18.886548996 CEST | 49744 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:18.886874914 CEST | 49744 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:18.887924910 CEST | 80 | 49742 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:18.888021946 CEST | 49742 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:19.066397905 CEST | 80 | 49744 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:19.564827919 CEST | 80 | 49744 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:19.566276073 CEST | 49745 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:19.566317081 CEST | 443 | 49745 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:19.566405058 CEST | 49745 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:19.566652060 CEST | 49745 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:19.566667080 CEST | 443 | 49745 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:19.612659931 CEST | 49744 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:19.823273897 CEST | 443 | 49745 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:19.824842930 CEST | 49745 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:19.824868917 CEST | 443 | 49745 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:20.122843027 CEST | 443 | 49745 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:20.122951984 CEST | 443 | 49745 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:20.123017073 CEST | 49745 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:20.123471022 CEST | 49745 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:20.126473904 CEST | 49744 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:20.127545118 CEST | 49746 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:20.307097912 CEST | 80 | 49746 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:20.307256937 CEST | 49746 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:20.307406902 CEST | 49746 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:20.318993092 CEST | 80 | 49744 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:20.319081068 CEST | 49744 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:20.486895084 CEST | 80 | 49746 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:22.049896002 CEST | 80 | 49746 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:22.051014900 CEST | 49747 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:22.051053047 CEST | 443 | 49747 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:22.051115036 CEST | 49747 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:22.051328897 CEST | 49747 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:22.051340103 CEST | 443 | 49747 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:22.097038031 CEST | 49746 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:22.308262110 CEST | 443 | 49747 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:22.309787035 CEST | 49747 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:22.309803963 CEST | 443 | 49747 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:22.609461069 CEST | 443 | 49747 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:22.609613895 CEST | 443 | 49747 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:22.609679937 CEST | 49747 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:22.610192060 CEST | 49747 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:22.613312960 CEST | 49746 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:22.614454031 CEST | 49748 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:22.792870998 CEST | 80 | 49746 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:22.792932987 CEST | 49746 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:22.793803930 CEST | 80 | 49748 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:22.794889927 CEST | 49748 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:22.795017958 CEST | 49748 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:22.974023104 CEST | 80 | 49748 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:22.974997044 CEST | 80 | 49748 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:22.976326942 CEST | 49749 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:22.976356030 CEST | 443 | 49749 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:22.976425886 CEST | 49749 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:22.976651907 CEST | 49749 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:22.976664066 CEST | 443 | 49749 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:23.019191027 CEST | 49748 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:23.235800028 CEST | 443 | 49749 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:23.237504959 CEST | 49749 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:23.237549067 CEST | 443 | 49749 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:23.534223080 CEST | 443 | 49749 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:23.534336090 CEST | 443 | 49749 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:23.534409046 CEST | 49749 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:23.535057068 CEST | 49749 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:23.543961048 CEST | 49748 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:23.545182943 CEST | 49750 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:23.724642038 CEST | 80 | 49750 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:23.724766016 CEST | 49750 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:23.724900007 CEST | 49750 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:23.729135990 CEST | 80 | 49748 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:23.729202032 CEST | 49748 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:23.904011011 CEST | 80 | 49750 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:23.979584932 CEST | 80 | 49750 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:23.980741978 CEST | 49751 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:23.980777979 CEST | 443 | 49751 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:23.980844021 CEST | 49751 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:23.981087923 CEST | 49751 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:23.981100082 CEST | 443 | 49751 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:24.018981934 CEST | 49750 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:24.238625050 CEST | 443 | 49751 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:24.240109921 CEST | 49751 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:24.240134001 CEST | 443 | 49751 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:24.537631035 CEST | 443 | 49751 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:24.537770033 CEST | 443 | 49751 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:24.537815094 CEST | 49751 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:24.538275957 CEST | 49751 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:24.549909115 CEST | 49750 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:24.733479023 CEST | 80 | 49750 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:24.733527899 CEST | 49750 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:24.957377911 CEST | 49752 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 13:59:24.957402945 CEST | 443 | 49752 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:24.957465887 CEST | 49752 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 13:59:24.957950115 CEST | 49752 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 13:59:24.957963943 CEST | 443 | 49752 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:25.052992105 CEST | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:25.232418060 CEST | 80 | 49753 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:25.232496977 CEST | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:25.232907057 CEST | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:25.240914106 CEST | 443 | 49752 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:25.240992069 CEST | 49752 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 13:59:25.243304014 CEST | 49752 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 13:59:25.243311882 CEST | 443 | 49752 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:25.248492956 CEST | 443 | 49752 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:25.250144958 CEST | 49752 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 13:59:25.296231031 CEST | 443 | 49752 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:25.411788940 CEST | 80 | 49753 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:25.412451029 CEST | 80 | 49753 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:25.415770054 CEST | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:25.595873117 CEST | 80 | 49753 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:25.643963099 CEST | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:25.655805111 CEST | 49754 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:25.655832052 CEST | 443 | 49754 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:25.655893087 CEST | 49754 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:25.660176039 CEST | 49754 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:25.660192013 CEST | 443 | 49754 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:25.917414904 CEST | 443 | 49754 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:25.917489052 CEST | 49754 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:25.919186115 CEST | 49754 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:25.919194937 CEST | 443 | 49754 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:25.919471025 CEST | 443 | 49754 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:25.972059965 CEST | 49754 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:25.974754095 CEST | 49754 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:26.020242929 CEST | 443 | 49754 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:26.225682974 CEST | 443 | 49754 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:26.225841045 CEST | 443 | 49754 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:26.225888968 CEST | 49754 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:26.229142904 CEST | 49754 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:26.232584000 CEST | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:26.412240982 CEST | 80 | 49753 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:26.414351940 CEST | 49755 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:26.414378881 CEST | 443 | 49755 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:26.414457083 CEST | 49755 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:26.414752960 CEST | 49755 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:26.414768934 CEST | 443 | 49755 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:26.456442118 CEST | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:26.672976971 CEST | 443 | 49755 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:26.674753904 CEST | 49755 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:26.674772978 CEST | 443 | 49755 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:26.982806921 CEST | 443 | 49755 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:26.982897997 CEST | 443 | 49755 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:26.983012915 CEST | 49755 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:26.983555079 CEST | 49755 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:26.986457109 CEST | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:26.987457037 CEST | 49756 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:27.165350914 CEST | 80 | 49753 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:27.166502953 CEST | 80 | 49756 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:27.166580915 CEST | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:27.166637897 CEST | 49756 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:27.166821003 CEST | 49756 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:27.345890999 CEST | 80 | 49756 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:27.347781897 CEST | 80 | 49756 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:27.349028111 CEST | 49757 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:27.349066973 CEST | 443 | 49757 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:27.349144936 CEST | 49757 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:27.349396944 CEST | 49757 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:27.349409103 CEST | 443 | 49757 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:27.394048929 CEST | 49756 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:27.605294943 CEST | 443 | 49757 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:27.606873989 CEST | 49757 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:27.606900930 CEST | 443 | 49757 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:27.906156063 CEST | 443 | 49757 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:27.906275034 CEST | 443 | 49757 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:27.906337976 CEST | 49757 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:27.906836987 CEST | 49757 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:27.909960032 CEST | 49756 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:27.910979986 CEST | 49758 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:28.089853048 CEST | 80 | 49758 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:28.089916945 CEST | 49758 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:28.090043068 CEST | 49758 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:28.096796989 CEST | 80 | 49756 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:28.096846104 CEST | 49756 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:28.268944979 CEST | 80 | 49758 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:28.344739914 CEST | 80 | 49758 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:28.348993063 CEST | 49759 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:28.349034071 CEST | 443 | 49759 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:28.349097013 CEST | 49759 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:28.349322081 CEST | 49759 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:28.349335909 CEST | 443 | 49759 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:28.393971920 CEST | 49758 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:28.905787945 CEST | 443 | 49759 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:28.907465935 CEST | 49759 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:28.907489061 CEST | 443 | 49759 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:29.167756081 CEST | 443 | 49759 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:29.167867899 CEST | 443 | 49759 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:29.167980909 CEST | 49759 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:29.168380022 CEST | 49759 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:29.172868013 CEST | 49760 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:29.356722116 CEST | 80 | 49760 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:29.356827021 CEST | 49760 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:29.356972933 CEST | 49760 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:29.540359974 CEST | 80 | 49760 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:29.675683022 CEST | 80 | 49760 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:29.676903963 CEST | 49761 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:29.676942110 CEST | 443 | 49761 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:29.677100897 CEST | 49761 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:29.677261114 CEST | 49761 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:29.677273989 CEST | 443 | 49761 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:29.726357937 CEST | 49760 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:29.936289072 CEST | 443 | 49761 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:29.937939882 CEST | 49761 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:29.937963009 CEST | 443 | 49761 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:30.235630989 CEST | 443 | 49761 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:30.235735893 CEST | 443 | 49761 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:30.235805035 CEST | 49761 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:30.236318111 CEST | 49761 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:30.239967108 CEST | 49760 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:30.241128922 CEST | 49762 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:30.420486927 CEST | 80 | 49762 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:30.420645952 CEST | 49762 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:30.422316074 CEST | 49762 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:30.424971104 CEST | 80 | 49760 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:30.425040960 CEST | 49760 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:30.601413965 CEST | 80 | 49762 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:30.639260054 CEST | 80 | 49762 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:30.640650034 CEST | 49763 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:30.640682936 CEST | 443 | 49763 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:30.640774012 CEST | 49763 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:30.641026020 CEST | 49763 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:30.641042948 CEST | 443 | 49763 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:30.690819979 CEST | 49762 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:30.903064013 CEST | 443 | 49763 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:30.904495955 CEST | 49763 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:30.904515028 CEST | 443 | 49763 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:31.201976061 CEST | 443 | 49763 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:31.202084064 CEST | 443 | 49763 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:31.202186108 CEST | 49763 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:31.202639103 CEST | 49763 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:31.207040071 CEST | 49762 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:31.208081961 CEST | 49764 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:31.386158943 CEST | 80 | 49762 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:31.386219025 CEST | 49762 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:31.387089014 CEST | 80 | 49764 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:31.387159109 CEST | 49764 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:31.387311935 CEST | 49764 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:31.566435099 CEST | 80 | 49764 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:31.569299936 CEST | 80 | 49764 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:31.578598022 CEST | 49765 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:31.578639984 CEST | 443 | 49765 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:31.578720093 CEST | 49765 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:31.578948975 CEST | 49765 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:31.578959942 CEST | 443 | 49765 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:31.612674952 CEST | 49764 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:31.834628105 CEST | 443 | 49765 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:31.836074114 CEST | 49765 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:31.836100101 CEST | 443 | 49765 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:32.133028030 CEST | 443 | 49765 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:32.133162975 CEST | 443 | 49765 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:32.133214951 CEST | 49765 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:32.140904903 CEST | 49765 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:32.145245075 CEST | 49764 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:32.145872116 CEST | 49766 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:32.324309111 CEST | 80 | 49764 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:32.324404955 CEST | 49764 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:32.324598074 CEST | 80 | 49766 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:32.324665070 CEST | 49766 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:32.324795961 CEST | 49766 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:32.503696918 CEST | 80 | 49766 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:32.504470110 CEST | 80 | 49766 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:32.550175905 CEST | 49766 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:34.130407095 CEST | 49767 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:34.130445957 CEST | 443 | 49767 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:34.130669117 CEST | 49767 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:34.131031036 CEST | 49767 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:34.131046057 CEST | 443 | 49767 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:34.391159058 CEST | 443 | 49767 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:34.392838001 CEST | 49767 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:34.392865896 CEST | 443 | 49767 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:34.690457106 CEST | 443 | 49767 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:34.690562010 CEST | 443 | 49767 | 172.67.177.134 | 192.168.2.4 |
Apr 8, 2024 13:59:34.690634966 CEST | 49767 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:34.691212893 CEST | 49767 | 443 | 192.168.2.4 | 172.67.177.134 |
Apr 8, 2024 13:59:34.698016882 CEST | 49766 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:34.698827982 CEST | 49768 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 13:59:34.698860884 CEST | 443 | 49768 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:34.698986053 CEST | 49768 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 13:59:34.699342966 CEST | 49768 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 13:59:34.699359894 CEST | 443 | 49768 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:34.876996040 CEST | 80 | 49766 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 13:59:34.877084017 CEST | 49766 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 13:59:34.960040092 CEST | 443 | 49768 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:34.960156918 CEST | 49768 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 13:59:34.961618900 CEST | 49768 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 13:59:34.961626053 CEST | 443 | 49768 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:34.961901903 CEST | 443 | 49768 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:34.963280916 CEST | 49768 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 13:59:35.004241943 CEST | 443 | 49768 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:56.581820011 CEST | 443 | 49752 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:56.581886053 CEST | 443 | 49752 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 13:59:56.581948042 CEST | 49752 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 13:59:56.586730003 CEST | 49752 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 14:00:06.031163931 CEST | 443 | 49768 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 14:00:06.031255007 CEST | 443 | 49768 | 104.21.27.85 | 192.168.2.4 |
Apr 8, 2024 14:00:06.031344891 CEST | 49768 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 14:00:06.033533096 CEST | 49768 | 443 | 192.168.2.4 | 104.21.27.85 |
Apr 8, 2024 14:00:22.180644035 CEST | 80 | 49740 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 14:00:22.180752039 CEST | 49740 | 80 | 192.168.2.4 | 158.101.44.242 |
Apr 8, 2024 14:00:33.344280958 CEST | 80 | 49758 | 158.101.44.242 | 192.168.2.4 |
Apr 8, 2024 14:00:33.344404936 CEST | 49758 | 80 | 192.168.2.4 | 158.101.44.242 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2024 13:59:12.479264975 CEST | 50688 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 8, 2024 13:59:12.604512930 CEST | 53 | 50688 | 1.1.1.1 | 192.168.2.4 |
Apr 8, 2024 13:59:13.948348045 CEST | 56367 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 8, 2024 13:59:14.075366974 CEST | 53 | 56367 | 1.1.1.1 | 192.168.2.4 |
Apr 8, 2024 13:59:24.549839020 CEST | 56073 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 8, 2024 13:59:24.942414999 CEST | 53 | 56073 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 8, 2024 13:59:12.479264975 CEST | 192.168.2.4 | 1.1.1.1 | 0x14e1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 8, 2024 13:59:13.948348045 CEST | 192.168.2.4 | 1.1.1.1 | 0x872d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 8, 2024 13:59:24.549839020 CEST | 192.168.2.4 | 1.1.1.1 | 0x33c0 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 8, 2024 13:59:12.604512930 CEST | 1.1.1.1 | 192.168.2.4 | 0x14e1 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 8, 2024 13:59:12.604512930 CEST | 1.1.1.1 | 192.168.2.4 | 0x14e1 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:59:12.604512930 CEST | 1.1.1.1 | 192.168.2.4 | 0x14e1 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:59:12.604512930 CEST | 1.1.1.1 | 192.168.2.4 | 0x14e1 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:59:12.604512930 CEST | 1.1.1.1 | 192.168.2.4 | 0x14e1 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:59:12.604512930 CEST | 1.1.1.1 | 192.168.2.4 | 0x14e1 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:59:14.075366974 CEST | 1.1.1.1 | 192.168.2.4 | 0x872d | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:59:14.075366974 CEST | 1.1.1.1 | 192.168.2.4 | 0x872d | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:59:24.942414999 CEST | 1.1.1.1 | 192.168.2.4 | 0x33c0 | No error (0) | 104.21.27.85 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 13:59:24.942414999 CEST | 1.1.1.1 | 192.168.2.4 | 0x33c0 | No error (0) | 172.67.169.18 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49737 | 158.101.44.242 | 80 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:12.812274933 CEST | 151 | OUT | |
Apr 8, 2024 13:59:13.127237082 CEST | 276 | IN | |
Apr 8, 2024 13:59:13.321785927 CEST | 127 | OUT | |
Apr 8, 2024 13:59:13.508291006 CEST | 276 | IN | |
Apr 8, 2024 13:59:15.666697979 CEST | 127 | OUT | |
Apr 8, 2024 13:59:15.885596037 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49740 | 158.101.44.242 | 80 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:16.776511908 CEST | 127 | OUT | |
Apr 8, 2024 13:59:17.181565046 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49742 | 158.101.44.242 | 80 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:17.937311888 CEST | 151 | OUT | |
Apr 8, 2024 13:59:18.119434118 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49744 | 158.101.44.242 | 80 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:18.886874914 CEST | 151 | OUT | |
Apr 8, 2024 13:59:19.564827919 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49746 | 158.101.44.242 | 80 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:20.307406902 CEST | 151 | OUT | |
Apr 8, 2024 13:59:22.049896002 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49748 | 158.101.44.242 | 80 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:22.795017958 CEST | 151 | OUT | |
Apr 8, 2024 13:59:22.974997044 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49750 | 158.101.44.242 | 80 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:23.724900007 CEST | 151 | OUT | |
Apr 8, 2024 13:59:23.979584932 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49753 | 158.101.44.242 | 80 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:25.232907057 CEST | 151 | OUT | |
Apr 8, 2024 13:59:25.412451029 CEST | 276 | IN | |
Apr 8, 2024 13:59:25.415770054 CEST | 127 | OUT | |
Apr 8, 2024 13:59:25.595873117 CEST | 276 | IN | |
Apr 8, 2024 13:59:26.232584000 CEST | 127 | OUT | |
Apr 8, 2024 13:59:26.412240982 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49756 | 158.101.44.242 | 80 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:27.166821003 CEST | 127 | OUT | |
Apr 8, 2024 13:59:27.347781897 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49758 | 158.101.44.242 | 80 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:28.090043068 CEST | 127 | OUT | |
Apr 8, 2024 13:59:28.344739914 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.4 | 49760 | 158.101.44.242 | 80 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:29.356972933 CEST | 151 | OUT | |
Apr 8, 2024 13:59:29.675683022 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.4 | 49762 | 158.101.44.242 | 80 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:30.422316074 CEST | 151 | OUT | |
Apr 8, 2024 13:59:30.639260054 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.4 | 49764 | 158.101.44.242 | 80 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:31.387311935 CEST | 151 | OUT | |
Apr 8, 2024 13:59:31.569299936 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.4 | 49766 | 158.101.44.242 | 80 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 13:59:32.324795961 CEST | 151 | OUT | |
Apr 8, 2024 13:59:32.504470110 CEST | 276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49738 | 172.67.177.134 | 443 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:15 UTC | 88 | OUT | |
2024-04-08 11:59:15 UTC | 710 | IN | |
2024-04-08 11:59:15 UTC | 380 | IN | |
2024-04-08 11:59:15 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49739 | 172.67.177.134 | 443 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:16 UTC | 64 | OUT | |
2024-04-08 11:59:16 UTC | 712 | IN | |
2024-04-08 11:59:16 UTC | 380 | IN | |
2024-04-08 11:59:16 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49741 | 172.67.177.134 | 443 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:17 UTC | 88 | OUT | |
2024-04-08 11:59:17 UTC | 710 | IN | |
2024-04-08 11:59:17 UTC | 380 | IN | |
2024-04-08 11:59:17 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49743 | 172.67.177.134 | 443 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:18 UTC | 88 | OUT | |
2024-04-08 11:59:18 UTC | 710 | IN | |
2024-04-08 11:59:18 UTC | 380 | IN | |
2024-04-08 11:59:18 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49745 | 172.67.177.134 | 443 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:19 UTC | 88 | OUT | |
2024-04-08 11:59:20 UTC | 706 | IN | |
2024-04-08 11:59:20 UTC | 380 | IN | |
2024-04-08 11:59:20 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49747 | 172.67.177.134 | 443 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:22 UTC | 64 | OUT | |
2024-04-08 11:59:22 UTC | 706 | IN | |
2024-04-08 11:59:22 UTC | 380 | IN | |
2024-04-08 11:59:22 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49749 | 172.67.177.134 | 443 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:23 UTC | 88 | OUT | |
2024-04-08 11:59:23 UTC | 706 | IN | |
2024-04-08 11:59:23 UTC | 380 | IN | |
2024-04-08 11:59:23 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49751 | 172.67.177.134 | 443 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:24 UTC | 64 | OUT | |
2024-04-08 11:59:24 UTC | 712 | IN | |
2024-04-08 11:59:24 UTC | 380 | IN | |
2024-04-08 11:59:24 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49752 | 104.21.27.85 | 443 | 5444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:25 UTC | 79 | OUT | |
2024-04-08 11:59:56 UTC | 743 | IN | |
2024-04-08 11:59:56 UTC | 15 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49754 | 172.67.177.134 | 443 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:25 UTC | 88 | OUT | |
2024-04-08 11:59:26 UTC | 704 | IN | |
2024-04-08 11:59:26 UTC | 380 | IN | |
2024-04-08 11:59:26 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.4 | 49755 | 172.67.177.134 | 443 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:26 UTC | 64 | OUT | |
2024-04-08 11:59:26 UTC | 706 | IN | |
2024-04-08 11:59:26 UTC | 380 | IN | |
2024-04-08 11:59:26 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.4 | 49757 | 172.67.177.134 | 443 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:27 UTC | 88 | OUT | |
2024-04-08 11:59:27 UTC | 714 | IN | |
2024-04-08 11:59:27 UTC | 380 | IN | |
2024-04-08 11:59:27 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.4 | 49759 | 172.67.177.134 | 443 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:28 UTC | 64 | OUT | |
2024-04-08 11:59:29 UTC | 706 | IN | |
2024-04-08 11:59:29 UTC | 380 | IN | |
2024-04-08 11:59:29 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.4 | 49761 | 172.67.177.134 | 443 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:29 UTC | 88 | OUT | |
2024-04-08 11:59:30 UTC | 718 | IN | |
2024-04-08 11:59:30 UTC | 380 | IN | |
2024-04-08 11:59:30 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.4 | 49763 | 172.67.177.134 | 443 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:30 UTC | 88 | OUT | |
2024-04-08 11:59:31 UTC | 706 | IN | |
2024-04-08 11:59:31 UTC | 380 | IN | |
2024-04-08 11:59:31 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.4 | 49765 | 172.67.177.134 | 443 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:31 UTC | 64 | OUT | |
2024-04-08 11:59:32 UTC | 700 | IN | |
2024-04-08 11:59:32 UTC | 380 | IN | |
2024-04-08 11:59:32 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.4 | 49767 | 172.67.177.134 | 443 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:34 UTC | 64 | OUT | |
2024-04-08 11:59:34 UTC | 712 | IN | |
2024-04-08 11:59:34 UTC | 380 | IN | |
2024-04-08 11:59:34 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.4 | 49768 | 104.21.27.85 | 443 | 3844 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 11:59:34 UTC | 79 | OUT | |
2024-04-08 12:00:06 UTC | 741 | IN | |
2024-04-08 12:00:06 UTC | 15 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 13:56:53 |
Start date: | 08/04/2024 |
Path: | C:\Users\user\Desktop\PsBygexGwH.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x120000 |
File size: | 1'130'496 bytes |
MD5 hash: | 222D05295014F8974D6E358E1507770E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 13:59:08 |
Start date: | 08/04/2024 |
Path: | C:\Users\user\AppData\Local\directory\name.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2c0000 |
File size: | 114'376'704 bytes |
MD5 hash: | 90D7DF3194AF25C7942DCDB56E8902F3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 13:59:11 |
Start date: | 08/04/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x190000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Target ID: | 8 |
Start time: | 13:59:21 |
Start date: | 08/04/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7649f0000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 13:59:22 |
Start date: | 08/04/2024 |
Path: | C:\Users\user\AppData\Local\directory\name.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2c0000 |
File size: | 114'376'704 bytes |
MD5 hash: | 90D7DF3194AF25C7942DCDB56E8902F3 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 10 |
Start time: | 13:59:24 |
Start date: | 08/04/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x4e0000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 2.9% |
Dynamic/Decrypted Code Coverage: | 0.4% |
Signature Coverage: | 3% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 42 |
Graph
Function 001242DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0012D730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00122CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0016065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0012344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00122B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00123170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023C0920 Relevance: 10.7, APIs: 7, Instructions: 185fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00192947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023C24E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 179filememoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00123B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00123923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023C1060 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A7F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001210F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001254C6 Relevance: 4.6, APIs: 3, Instructions: 103COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00123837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00125745 Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0012B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023C10D0 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00124ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00158402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00129A40 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0014E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00129CB3 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00154C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00153820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00154D7A Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00124F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00122DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00192693 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00122B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023C08E0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023C08B0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00121CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019744A Relevance: 1.5, APIs: 1, Instructions: 220COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0013FC70 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023C22FC Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023C2300 Relevance: 1.3, APIs: 1, Instructions: 34sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0013F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00199642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00198195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00199B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0013997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00128060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0015BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00188298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00195C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001951CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001816C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00181663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0014CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001968EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001937B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001810BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0012CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0013B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001409D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0014781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00156DD9 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0013CC39 Relevance: .6, Instructions: 635COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00127920 Relevance: .6, Instructions: 563COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001291C0 Relevance: .5, Instructions: 475COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00141C77 Relevance: .3, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001419B0 Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00147A4A Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00147CA7 Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00141706 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023C37C0 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00192046 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023C36B0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023C3650 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023C1ED0 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00138D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00138891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0012326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001914BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001ACC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00193D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00185CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00138BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00139838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001896E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001806DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00197A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00152C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00121410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00125BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0015CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001825A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0013F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00185622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00161522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00191187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0013948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0015542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00187726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001877FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001904D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001905A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00125D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001501B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001561FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0017F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0013920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001907EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00184C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001814CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001851FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00177439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00181874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00181DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00144D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0017D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00124E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00124E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00188BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00198AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00193874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0015CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00139639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00185711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001810F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00180FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00181014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001522A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001395C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00150F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00182716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00182F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00153E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00180436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0015B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001956D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0015D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00181571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001878F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00151D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00181A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0014D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0012600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00153073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001398B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0018162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0017D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0017D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00194D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0013F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00181CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00181BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00181C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00181D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00180B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |