Windows
Analysis Report
derp.bin.dll
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll64.exe (PID: 7284 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\der p.bin.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52) - conhost.exe (PID: 7292 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 7336 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\der p.bin.dll" ,#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - rundll32.exe (PID: 7360 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\derp .bin.dll", #1 MD5: EF3179D498793BF4234F708D3BE28633) - regsvr32.exe (PID: 7344 cmdline:
regsvr32.e xe /s C:\U sers\user\ Desktop\de rp.bin.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E) - rundll32.exe (PID: 7368 cmdline:
rundll32.e xe C:\User s\user\Des ktop\derp. bin.dll,Dl lGetClassO bject MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7432 cmdline:
rundll32.e xe C:\User s\user\Des ktop\derp. bin.dll,Dl lRegisterS erver MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7452 cmdline:
rundll32.e xe C:\User s\user\Des ktop\derp. bin.dll,Dl lUnregiste rServer MD5: EF3179D498793BF4234F708D3BE28633)
- cleanup
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Dmitriy Lifanov, oscd.community: |
Click to jump to signature section
Source: | Code function: | 0_2_00007FFDFB278050 | |
Source: | Code function: | 3_2_00007FFDFB278050 |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FFDFB276720 | |
Source: | Code function: | 0_2_00007FFDFB297508 | |
Source: | Code function: | 3_2_00007FFDFB276720 | |
Source: | Code function: | 3_2_00007FFDFB297508 |
Networking |
---|
Source: | Network Connect: | Jump to behavior |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00007FFDFB26F1C0 |
Source: | Code function: | 0_2_00007FFDFB2771E0 | |
Source: | Code function: | 0_2_00007FFDFB277080 | |
Source: | Code function: | 3_2_00007FFDFB2771E0 | |
Source: | Code function: | 3_2_00007FFDFB277080 |
Source: | Code function: | 0_2_00007FFDFB279A90 | |
Source: | Code function: | 0_2_00007FFDFB28EAA0 | |
Source: | Code function: | 0_2_00007FFDFB278050 | |
Source: | Code function: | 0_2_00007FFDFB28AEB0 | |
Source: | Code function: | 0_2_00007FFDFB29DDA8 | |
Source: | Code function: | 0_2_00007FFDFB288D10 | |
Source: | Code function: | 0_2_00007FFDFB284D00 | |
Source: | Code function: | 0_2_00007FFDFB266410 | |
Source: | Code function: | 0_2_00007FFDFB26E350 | |
Source: | Code function: | 0_2_00007FFDFB27E340 | |
Source: | Code function: | 0_2_00007FFDFB28B330 | |
Source: | Code function: | 0_2_00007FFDFB28F080 | |
Source: | Code function: | 0_2_00007FFDFB281120 | |
Source: | Code function: | 0_2_00007FFDFB28C120 | |
Source: | Code function: | 0_2_00007FFDFB282790 | |
Source: | Code function: | 0_2_00007FFDFB2837F0 | |
Source: | Code function: | 0_2_00007FFDFB27E840 | |
Source: | Code function: | 0_2_00007FFDFB28B710 | |
Source: | Code function: | 0_2_00007FFDFB297508 | |
Source: | Code function: | 3_2_00007FFDFB279A90 | |
Source: | Code function: | 3_2_00007FFDFB28EAA0 | |
Source: | Code function: | 3_2_00007FFDFB278050 | |
Source: | Code function: | 3_2_00007FFDFB28AEB0 | |
Source: | Code function: | 3_2_00007FFDFB29DDA8 | |
Source: | Code function: | 3_2_00007FFDFB288D10 | |
Source: | Code function: | 3_2_00007FFDFB284D00 | |
Source: | Code function: | 3_2_00007FFDFB266410 | |
Source: | Code function: | 3_2_00007FFDFB26E350 | |
Source: | Code function: | 3_2_00007FFDFB27E340 | |
Source: | Code function: | 3_2_00007FFDFB28B330 | |
Source: | Code function: | 3_2_00007FFDFB28F080 | |
Source: | Code function: | 3_2_00007FFDFB281120 | |
Source: | Code function: | 3_2_00007FFDFB28C120 | |
Source: | Code function: | 3_2_00007FFDFB282790 | |
Source: | Code function: | 3_2_00007FFDFB2837F0 | |
Source: | Code function: | 3_2_00007FFDFB27E840 | |
Source: | Code function: | 3_2_00007FFDFB28B710 | |
Source: | Code function: | 3_2_00007FFDFB297508 |
Source: | Classification label: |
Source: | Code function: | 0_2_00007FFDFB277430 |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FFDFB2823E0 |
Source: | Static PE information: |
Source: | Process created: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Last function: |
Source: | Code function: | 0_2_00007FFDFB276720 | |
Source: | Code function: | 0_2_00007FFDFB297508 | |
Source: | Code function: | 3_2_00007FFDFB276720 | |
Source: | Code function: | 3_2_00007FFDFB297508 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FFDFB296ACC |
Source: | Code function: | 0_2_00007FFDFB2823E0 |
Source: | Code function: | 0_2_00007FFDFB299058 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00007FFDFB296ACC | |
Source: | Code function: | 0_2_00007FFDFB29E32C | |
Source: | Code function: | 0_2_00007FFDFB291494 | |
Source: | Code function: | 3_2_00007FFDFB296ACC | |
Source: | Code function: | 3_2_00007FFDFB29E32C | |
Source: | Code function: | 3_2_00007FFDFB291494 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00007FFDFB29DBF0 |
Source: | Code function: | 0_2_00007FFDFB278050 |
Source: | Code function: | 0_2_00007FFDFB29106C |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 112 Process Injection | 112 Process Injection | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 21 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Regsvr32 | NTDS | 12 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Rundll32 | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.32.176.22 | unknown | Russian Federation | 209357 | VARIAGRU | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428416 |
Start date and time: | 2024-04-18 22:43:11 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 0s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | derp.bin.dll (renamed file extension from exe to dll) |
Original Sample Name: | derp.bin.exe |
Detection: | MAL |
Classification: | mal48.evad.winDLL@14/0@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: derp.bin.dll
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
VARIAGRU | Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 4.218849271000975 |
TrID: |
|
File name: | derp.bin.dll |
File size: | 1'728'000 bytes |
MD5: | bb81a76867cdeb0ea988acd8b4253394 |
SHA1: | 26ae6a9e1f80f5f9a0f205c2e58fa15b53570481 |
SHA256: | 16bc219a61e07e9ef91370950515a857290c0770ac2b3354a902f65824894316 |
SHA512: | 7269101339fad080043588fa233bdbeeebee7fce0e82f01f8612f2517ec305ca6e53fd3153ae4ce3ce06b9dcd8b29c04fe37829e73220cfb38a71b9676e4a166 |
SSDEEP: | 49152:67aO+797979797979797979797979797979797979797:9Om1111111111111111111 |
TLSH: | 938592B2710CE398CC15EE30CB5A9A2E57D32C6F0750559B99B4BFA53E3A5A43217B30 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........$...w...w...w...v...w...v[..w...v...w...v...w...v...w...v...w...v...w...wf..w...w...w/..v...w/..v...wRich...w............... |
Icon Hash: | 277154d2cac6b271 |
Entrypoint: | 0x180030fa0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x180000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x660FC72B [Fri Apr 5 09:40:59 2024 UTC] |
TLS Callbacks: | 0x8001f9d0, 0x1 |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | fde5069783a744f97063c1afd7b8a158 |
Instruction |
---|
dec eax |
mov dword ptr [esp+08h], ebx |
dec eax |
mov dword ptr [esp+10h], esi |
push edi |
dec eax |
sub esp, 20h |
dec ecx |
mov edi, eax |
mov ebx, edx |
dec eax |
mov esi, ecx |
cmp edx, 01h |
jne 00007F6A90C30A77h |
call 00007F6A90C30B20h |
dec esp |
mov eax, edi |
mov edx, ebx |
dec eax |
mov ecx, esi |
dec eax |
mov ebx, dword ptr [esp+30h] |
dec eax |
mov esi, dword ptr [esp+38h] |
dec eax |
add esp, 20h |
pop edi |
jmp 00007F6A90C30904h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
nop word ptr [eax+eax+00000000h] |
dec eax |
sub esp, 10h |
dec esp |
mov dword ptr [esp], edx |
dec esp |
mov dword ptr [esp+08h], ebx |
dec ebp |
xor ebx, ebx |
dec esp |
lea edx, dword ptr [esp+18h] |
dec esp |
sub edx, eax |
dec ebp |
cmovb edx, ebx |
dec esp |
mov ebx, dword ptr [00000010h] |
dec ebp |
cmp edx, ebx |
jnc 00007F6A90C30A88h |
inc cx |
and edx, 8D4DF000h |
wait |
add al, dh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x564b0 | 0x9c | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5654c | 0x78 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5f000 | 0x14ac70 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x5a000 | 0x3060 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1aa000 | 0xb74 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x50600 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x50320 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x41000 | 0x470 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x3fa00 | 0x3fa00 | a072c3d87136a4051a6c0d87fb2ceb32 | False | 0.5282301387524558 | data | 6.394949496807656 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x41000 | 0x16464 | 0x16600 | 216e6d582160860e868d20240226f452 | False | 0.3844710195530726 | COM executable for DOS | 5.251651966637682 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x58000 | 0x1e80 | 0xc00 | 5acbfb844d85d2a285b714f334702520 | False | 0.1494140625 | data | 2.0943941590671202 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x5a000 | 0x3060 | 0x3200 | 071274037dd83371b9f86662a7520c03 | False | 0.476171875 | data | 5.447736332984187 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
_RDATA | 0x5e000 | 0x1f4 | 0x200 | 4044279a915f8079ce02d917cf481295 | False | 0.515625 | data | 4.190824734495646 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x5f000 | 0x14ac70 | 0x14ae00 | edc5a8b7c456e4c9c3052a577fe8367c | False | 0.19562240272006046 | data | 3.295003132709606 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1aa000 | 0xb74 | 0xc00 | dc796dbe8d33a70c6d910e566aae62a2 | False | 0.55859375 | data | 5.355187936192882 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x5f7c0 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0x6ffe8 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0x80810 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0x91038 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0xa1860 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0xb2088 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0xc28b0 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0xd30d8 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0xe3900 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0xf4128 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0x104950 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0x115178 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0x1259a0 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0x1361c8 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0x1469f0 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0x157218 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0x167a40 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0x178268 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0x188a90 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_ICON | 0x1992b8 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | 0.1965278599313853 | ||
RT_GROUP_ICON | 0x1a9ae0 | 0x14 | data | 1.15 | ||
RT_GROUP_ICON | 0x1a9af4 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9b08 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9b1c | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9b30 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9b44 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9b58 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9b6c | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9b80 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9b94 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9ba8 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9bbc | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9bd0 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9be4 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9bf8 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9c0c | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9c20 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9c34 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9c48 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1a9c5c | 0x14 | data | 1.25 |
DLL | Import |
---|---|
ntdll.dll | RtlCaptureContext, RtlUnwindEx, NtWriteFile, NtReadFile, RtlNtStatusToDosError, RtlLookupFunctionEntry, RtlVirtualUnwind, RtlPcToFileHeader |
ADVAPI32.dll | SystemFunction036 |
bcrypt.dll | BCryptGenRandom |
KERNEL32.dll | HeapSize, WriteFile, GetConsoleOutputCP, GetStringTypeW, SetStdHandle, WaitForMultipleObjects, GetCurrentProcessId, GetCurrentThreadId, GetCurrentThread, SetThreadPriority, Sleep, CloseHandle, FreeConsole, ReleaseSRWLockExclusive, FreeEnvironmentStringsW, DeleteProcThreadAttributeList, CompareStringOrdinal, GetLastError, SetThreadStackGuarantee, CreateWaitableTimerExW, SetWaitableTimer, WaitForSingleObject, QueryPerformanceCounter, AcquireSRWLockExclusive, SetLastError, GetCurrentDirectoryW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetCurrentProcess, GetCommandLineW, FlushFileBuffers, SetFileInformationByHandle, DuplicateHandle, SetFilePointerEx, GetStdHandle, SetHandleInformation, WriteFileEx, SleepEx, GetExitCodeProcess, TerminateProcess, TryAcquireSRWLockExclusive, HeapFree, HeapReAlloc, AcquireSRWLockShared, ReleaseSRWLockShared, ReleaseMutex, GetModuleHandleA, GetProcAddress, GetProcessHeap, HeapAlloc, FindNextFileW, FindClose, CreateFileW, GetFileInformationByHandle, GetFileInformationByHandleEx, CreateDirectoryW, FindFirstFileW, GetFinalPathNameByHandleW, CreateEventW, ReadFile, GetOverlappedResult, CancelIo, GetConsoleMode, GetFileType, GetModuleHandleW, FormatMessageW, GetModuleFileNameW, SetCurrentDirectoryW, ExitProcess, CreateNamedPipeW, ReadFileEx, GetSystemDirectoryW, GetWindowsDirectoryW, CreateProcessW, GetFileAttributesW, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, MultiByteToWideChar, WriteConsoleW, WideCharToMultiByte, CreateThread, GetFullPathNameW, GetSystemTimeAsFileTime, WaitForSingleObjectEx, LoadLibraryA, CreateMutexA, LCMapStringW, FlsFree, FlsSetValue, FlsGetValue, FlsAlloc, GetCommandLineA, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FindFirstFileExW, GetModuleHandleExW, LoadLibraryExW, FreeLibrary, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, EncodePointer, InterlockedFlushSList, IsProcessorFeaturePresent, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW |
WS2_32.dll | connect, getaddrinfo, WSASocketW, send, recv, WSAGetLastError, freeaddrinfo, WSACleanup, WSAStartup, closesocket |
Name | Ordinal | Address |
---|---|---|
DllGetClassObject | 1 | 0x180003d3b |
DllRegisterServer | 2 | 0x180003d3b |
DllUnregisterServer | 3 | 0x180003d3b |
ebsbqoV | 4 | 0x180003d2a |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 18, 2024 22:44:06.675793886 CEST | 49730 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:06.692881107 CEST | 49731 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:06.693095922 CEST | 49732 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:07.683706999 CEST | 49730 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:07.683872938 CEST | 49732 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:07.699516058 CEST | 49731 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:09.692548990 CEST | 49733 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:09.699393034 CEST | 49732 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:09.699404955 CEST | 49730 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:09.699490070 CEST | 49731 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:10.699327946 CEST | 49733 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:12.699384928 CEST | 49733 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:12.707993031 CEST | 49734 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:13.699311972 CEST | 49731 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:13.708755970 CEST | 49735 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:13.715063095 CEST | 49730 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:13.715089083 CEST | 49734 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:13.715419054 CEST | 49732 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:14.715091944 CEST | 49735 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:15.714915991 CEST | 49734 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:16.699439049 CEST | 49733 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:16.714931011 CEST | 49735 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:19.714936972 CEST | 49734 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:20.714915037 CEST | 49735 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:21.699372053 CEST | 49731 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:21.730552912 CEST | 49732 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:21.730690956 CEST | 49730 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:24.714936018 CEST | 49733 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:27.714907885 CEST | 49734 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:28.730729103 CEST | 49735 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:30.201683998 CEST | 49741 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:30.231251001 CEST | 49742 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:30.231811047 CEST | 49743 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:31.216185093 CEST | 49741 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:31.231620073 CEST | 49742 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:31.247613907 CEST | 49743 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:33.216809988 CEST | 49741 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:33.217237949 CEST | 49744 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:33.232518911 CEST | 49742 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:33.248158932 CEST | 49743 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:34.232566118 CEST | 49744 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:36.218708038 CEST | 49745 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:36.233578920 CEST | 49744 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:37.218123913 CEST | 49741 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:37.233601093 CEST | 49745 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:37.233628035 CEST | 49742 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:37.237943888 CEST | 49746 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:37.253413916 CEST | 49743 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:38.237663984 CEST | 49746 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:39.237688065 CEST | 49745 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:40.237659931 CEST | 49746 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:40.237683058 CEST | 49744 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:43.237643957 CEST | 49745 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:44.253457069 CEST | 49746 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:45.221977949 CEST | 49741 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:45.237601042 CEST | 49742 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:45.268872976 CEST | 49743 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:48.253233910 CEST | 49744 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:51.240772963 CEST | 49745 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:52.253243923 CEST | 49746 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:53.722897053 CEST | 49747 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:53.738425970 CEST | 49748 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:53.771627903 CEST | 49749 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:54.724119902 CEST | 49747 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:54.739732981 CEST | 49748 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:54.786744118 CEST | 49749 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:56.739690065 CEST | 49747 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:56.755364895 CEST | 49748 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:56.756448984 CEST | 49750 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:56.787292957 CEST | 49749 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:57.771517992 CEST | 49750 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:59.741015911 CEST | 49752 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:44:59.772067070 CEST | 49750 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:00.744616985 CEST | 49747 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:00.747112036 CEST | 49752 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:00.756215096 CEST | 49748 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:00.756692886 CEST | 49753 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:00.787761927 CEST | 49749 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:01.756458044 CEST | 49753 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:02.756423950 CEST | 49752 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:03.756195068 CEST | 49753 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:03.787673950 CEST | 49750 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:06.771858931 CEST | 49752 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:07.756751060 CEST | 49753 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:08.756228924 CEST | 49747 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:08.771845102 CEST | 49748 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:08.818928003 CEST | 49749 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:11.803222895 CEST | 49750 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:14.771989107 CEST | 49752 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:15.756196976 CEST | 49753 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:17.272680998 CEST | 49754 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:17.272747040 CEST | 49755 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:17.335182905 CEST | 49756 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:18.288048983 CEST | 49755 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:18.288116932 CEST | 49754 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:18.334944010 CEST | 49756 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:20.287944078 CEST | 49755 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:20.303606033 CEST | 49754 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:20.304541111 CEST | 49757 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:20.335480928 CEST | 49756 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:21.304235935 CEST | 49757 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:23.274557114 CEST | 49758 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:23.305347919 CEST | 49757 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:24.258719921 CEST | 49759 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:24.289124966 CEST | 49758 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:24.290813923 CEST | 49755 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:24.304723024 CEST | 49754 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:24.336065054 CEST | 49756 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:25.261789083 CEST | 49759 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:26.289068937 CEST | 49758 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:27.273562908 CEST | 49759 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:27.320312977 CEST | 49757 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:30.289055109 CEST | 49758 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:31.273693085 CEST | 49759 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:32.289148092 CEST | 49755 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:32.320332050 CEST | 49754 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:32.351531982 CEST | 49756 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:35.320516109 CEST | 49757 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:38.289388895 CEST | 49758 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:39.273577929 CEST | 49759 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:40.789968014 CEST | 49760 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:40.821229935 CEST | 49761 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:40.868074894 CEST | 49762 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:41.789617062 CEST | 49760 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:41.836549997 CEST | 49761 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:41.883323908 CEST | 49762 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:43.805195093 CEST | 49760 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:43.821796894 CEST | 49763 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:43.837007046 CEST | 49761 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:43.884100914 CEST | 49762 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:44.837253094 CEST | 49763 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:46.790997982 CEST | 49764 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:46.837675095 CEST | 49763 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:47.775432110 CEST | 49765 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:47.806349993 CEST | 49760 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:47.806394100 CEST | 49764 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:47.837631941 CEST | 49761 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:47.884624004 CEST | 49762 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:48.775132895 CEST | 49765 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:49.806349039 CEST | 49764 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:50.774997950 CEST | 49765 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:50.837555885 CEST | 49763 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:53.806282997 CEST | 49764 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:54.774991989 CEST | 49765 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:55.806284904 CEST | 49760 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:55.853252888 CEST | 49761 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:55.884486914 CEST | 49762 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:45:58.853429079 CEST | 49763 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:01.806355953 CEST | 49764 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:02.790800095 CEST | 49765 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:04.307514906 CEST | 49766 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:04.369719028 CEST | 49767 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:04.386431932 CEST | 49768 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:05.308159113 CEST | 49766 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:05.370430946 CEST | 49767 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:05.386204004 CEST | 49768 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:07.307938099 CEST | 49766 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:07.355842113 CEST | 49769 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:07.370981932 CEST | 49767 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:07.386833906 CEST | 49768 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:08.355489016 CEST | 49769 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:10.309309006 CEST | 49770 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:10.356209993 CEST | 49769 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:11.293760061 CEST | 49771 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:11.308984995 CEST | 49770 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:11.312676907 CEST | 49766 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:11.371478081 CEST | 49767 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:11.387279987 CEST | 49768 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:12.309113979 CEST | 49771 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:13.309108019 CEST | 49770 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:14.309089899 CEST | 49771 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:14.371575117 CEST | 49769 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:17.309004068 CEST | 49770 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:18.324800968 CEST | 49771 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:19.309180975 CEST | 49766 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:19.387221098 CEST | 49767 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:19.387247086 CEST | 49768 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:22.387280941 CEST | 49769 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:25.308969021 CEST | 49770 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:26.324953079 CEST | 49771 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:39.342025995 CEST | 49772 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:39.403729916 CEST | 49773 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:39.403932095 CEST | 49774 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:40.356472015 CEST | 49772 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:40.418924093 CEST | 49773 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:40.418937922 CEST | 49774 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:42.325732946 CEST | 49775 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:42.356173992 CEST | 49772 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:42.403568983 CEST | 49776 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:42.418880939 CEST | 49773 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:42.418883085 CEST | 49774 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:43.340527058 CEST | 49775 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:43.403016090 CEST | 49776 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:45.356319904 CEST | 49775 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:45.418776989 CEST | 49776 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:46.356266022 CEST | 49772 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:46.418632030 CEST | 49773 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:46.418741941 CEST | 49774 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:47.340987921 CEST | 49777 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:48.356326103 CEST | 49777 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:49.356292963 CEST | 49775 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:49.434250116 CEST | 49776 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:50.356143951 CEST | 49777 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:54.371835947 CEST | 49772 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:54.372013092 CEST | 49777 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:54.434359074 CEST | 49773 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:54.434367895 CEST | 49774 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:57.356461048 CEST | 49775 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:46:57.449491024 CEST | 49776 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:02.387388945 CEST | 49777 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:02.888403893 CEST | 49778 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:02.935246944 CEST | 49779 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:02.935977936 CEST | 49780 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:03.903701067 CEST | 49778 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:03.934958935 CEST | 49780 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:03.950606108 CEST | 49779 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:05.858072996 CEST | 49781 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:05.904149055 CEST | 49778 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:05.935410023 CEST | 49780 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:05.950835943 CEST | 49779 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:05.951385021 CEST | 49782 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:06.872950077 CEST | 49781 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:06.951198101 CEST | 49782 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:08.888799906 CEST | 49781 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:08.951148033 CEST | 49782 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:09.919661999 CEST | 49778 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:09.935436010 CEST | 49780 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:09.966886044 CEST | 49779 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:10.889875889 CEST | 49783 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:11.904833078 CEST | 49783 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:12.889532089 CEST | 49781 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:12.951647043 CEST | 49782 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:13.904768944 CEST | 49783 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:17.920237064 CEST | 49783 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:17.920589924 CEST | 49778 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:17.936033964 CEST | 49780 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:17.967209101 CEST | 49779 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:20.889060974 CEST | 49781 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:20.967253923 CEST | 49782 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:25.920536995 CEST | 49783 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:26.421224117 CEST | 49784 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:26.436950922 CEST | 49785 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:26.467953920 CEST | 49786 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:27.421001911 CEST | 49784 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:27.451993942 CEST | 49785 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:27.483558893 CEST | 49786 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:29.390717983 CEST | 49787 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:29.421255112 CEST | 49784 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:29.452503920 CEST | 49785 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:29.468820095 CEST | 49788 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:29.483659983 CEST | 49786 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:30.405607939 CEST | 49787 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:30.483933926 CEST | 49788 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:32.405556917 CEST | 49787 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:32.499313116 CEST | 49788 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:33.421344995 CEST | 49784 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:33.452610970 CEST | 49785 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:33.483764887 CEST | 49786 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:34.422914028 CEST | 49789 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:35.437625885 CEST | 49789 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:36.406307936 CEST | 49787 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:36.500061035 CEST | 49788 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:37.453389883 CEST | 49789 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:41.421902895 CEST | 49784 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:41.453476906 CEST | 49789 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:41.453603983 CEST | 49785 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:41.484621048 CEST | 49786 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:44.406513929 CEST | 49787 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:44.500250101 CEST | 49788 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:49.456399918 CEST | 49789 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:49.938848019 CEST | 49790 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:49.985295057 CEST | 49791 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:50.953958035 CEST | 49790 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:51.000822067 CEST | 49791 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:52.969485998 CEST | 49790 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:53.000696898 CEST | 49791 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:53.001748085 CEST | 49792 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:54.016752958 CEST | 49792 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:56.032457113 CEST | 49792 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:56.969991922 CEST | 49790 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:57.001157045 CEST | 49791 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:57.970921040 CEST | 49793 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:47:58.986382961 CEST | 49793 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:48:00.033193111 CEST | 49792 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:48:00.986285925 CEST | 49793 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:48:04.970535040 CEST | 49790 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:48:04.986165047 CEST | 49793 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:48:05.001774073 CEST | 49791 | 8080 | 192.168.2.4 | 193.32.176.22 |
Apr 18, 2024 22:48:08.033010960 CEST | 49792 | 8080 | 192.168.2.4 | 193.32.176.22 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 22:44:01 |
Start date: | 18/04/2024 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff670c60000 |
File size: | 165'888 bytes |
MD5 hash: | 763455F9DCB24DFEECC2B9D9F8D46D52 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 1 |
Start time: | 22:44:01 |
Start date: | 18/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 22:44:01 |
Start date: | 18/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d1450000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 22:44:01 |
Start date: | 18/04/2024 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7058c0000 |
File size: | 25'088 bytes |
MD5 hash: | B0C2FA35D14A9FAD919E99D9D75E1B9E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 4 |
Start time: | 22:44:01 |
Start date: | 18/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff606030000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 5 |
Start time: | 22:44:01 |
Start date: | 18/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff606030000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 22:44:04 |
Start date: | 18/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff606030000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 7 |
Start time: | 22:44:07 |
Start date: | 18/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff606030000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 1.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 1.3% |
Total number of Nodes: | 77 |
Total number of Limit Nodes: | 8 |
Graph
Function 00007FFDFB277430 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 236windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB26B150 Relevance: 9.1, APIs: 6, Instructions: 78timesleepsynchronizationCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB263619 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 378COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB26D520 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB296EF4 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB279A90 Relevance: 68.9, APIs: 32, Strings: 6, Instructions: 2356COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB282790 Relevance: 33.9, APIs: 9, Strings: 10, Instructions: 617libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2823E0 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 216libraryloadersynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB27E340 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 284COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB296ACC Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB29106C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB277080 Relevance: 4.6, APIs: 3, Instructions: 85filenativesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2771E0 Relevance: 4.6, APIs: 3, Instructions: 84filenativesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB29DDA8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB28B710 Relevance: .6, Instructions: 599COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB28F080 Relevance: .4, Instructions: 364COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB28C120 Relevance: .3, Instructions: 306COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB29DBF0 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB296598 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB271E00 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 214synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB27DA5E Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 235COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2815B0 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 423COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB292860 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 312COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB298BBC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB272350 Relevance: 12.1, APIs: 8, Instructions: 76synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB27EDD0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 217COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB27F140 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 168COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2769C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 160COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB294928 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB29D6B4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2755D0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB296710 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB272480 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB280980 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 64libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2808A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 64libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB295510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB29DA04 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2967D8 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB273E40 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 237COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB272830 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 210COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB291DF0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB292D30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2930E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB280840 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2807D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB274840 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB26B260 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB29BFF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB26D150 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB27F580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB294D48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 1.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 77 |
Total number of Limit Nodes: | 8 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB26B150 Relevance: 9.1, APIs: 6, Instructions: 78timesleepsynchronizationCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB296710 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB277430 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 236windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB263619 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 378COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB26D520 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB296EF4 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB27E340 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 284COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB296ACC Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2823E0 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 216libraryloadersynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB296598 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB271E00 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 214synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB27DA5E Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 235COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2815B0 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 423COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB292860 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 312COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB298BBC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB272350 Relevance: 12.1, APIs: 8, Instructions: 76synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB27EDD0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 217COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB27F140 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 168COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2769C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 160COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB272480 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB294928 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB29D6B4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2755D0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB280980 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 64libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2808A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 64libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB295510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB29DA04 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2967D8 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB273E40 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 237COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB272830 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 210COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB291DF0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB292D30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2930E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB280840 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB2807D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB29106C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB274840 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB26B260 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB29BFF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB26D150 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB27F580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFB294D48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |