Windows
Analysis Report
Wt3pGldAnr.exe
Overview
General Information
Sample name: | Wt3pGldAnr.exerenamed because original name is a hash value |
Original sample name: | 0707cfd47743293d37378ee4465baf5c.exe |
Analysis ID: | 1428524 |
MD5: | 0707cfd47743293d37378ee4465baf5c |
SHA1: | 3ec3e1da7ca748292eb3d0990a763d58e04ebb09 |
SHA256: | fb65c9da76587966b0fd53c34119aedd57e771899531146943b79bbb2cc129c3 |
Tags: | 32exe |
Infos: | |
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Wt3pGldAnr.exe (PID: 5332 cmdline:
"C:\Users\ user\Deskt op\Wt3pGld Anr.exe" MD5: 0707CFD47743293D37378EE4465BAF5C) - StartMenuExperienceHos.exe (PID: 6636 cmdline:
"C:\Progra mData\Star tMenuExper ienceHos.e xe" MD5: 0707CFD47743293D37378EE4465BAF5C)
- Wt3pGldAnr.exe (PID: 6880 cmdline:
C:\Users\u ser\Deskto p\Wt3pGldA nr.exe MD5: 0707CFD47743293D37378EE4465BAF5C)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 0_2_00DDA6C3 | |
Source: | Code function: | 1_2_0061A6C3 | |
Source: | Code function: | 3_2_00DDA6C3 |
Source: | Code function: | 0_2_0348B0A5 |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00DA2B1A |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | Code function: | 0_2_0349CB0D | |
Source: | Code function: | 0_2_0349CB0D | |
Source: | Code function: | 0_2_0349CB0D | |
Source: | Code function: | 0_2_0349CB0D | |
Source: | Code function: | 0_2_0349CD43 |
Source: | Code function: | 0_2_00E1250F |
Source: | Code function: | 0_2_0349CB0D |
Source: | Code function: | 0_2_00E222CB |
Source: | Code function: | 0_2_0349C71F |
Source: | Windows user hook set: | Jump to behavior |
Source: | Code function: | 0_2_00DDC51E | |
Source: | Code function: | 0_2_00DE688A | |
Source: | Code function: | 0_2_00E50863 | |
Source: | Code function: | 0_2_00E209E6 | |
Source: | Code function: | 0_2_00DE49CC | |
Source: | Code function: | 0_2_00DB297D | |
Source: | Code function: | 1_2_0061C51E | |
Source: | Code function: | 1_2_00690863 | |
Source: | Code function: | 1_2_0062688A | |
Source: | Code function: | 1_2_005F297D | |
Source: | Code function: | 1_2_006609E6 | |
Source: | Code function: | 1_2_006249CC | |
Source: | Code function: | 3_2_00DDC51E | |
Source: | Code function: | 3_2_00DE688A | |
Source: | Code function: | 3_2_00E50863 | |
Source: | Code function: | 3_2_00E209E6 | |
Source: | Code function: | 3_2_00DE49CC | |
Source: | Code function: | 3_2_00DB297D |
Source: | Code function: | 0_2_0349156A |
Source: | Code function: | 0_2_00E3E67D | |
Source: | Code function: | 0_2_00DEC708 | |
Source: | Code function: | 0_2_00EA6F6B | |
Source: | Code function: | 0_2_00DC91C5 | |
Source: | Code function: | 0_2_00EA98A3 | |
Source: | Code function: | 0_2_034A0360 | |
Source: | Code function: | 0_2_034B21F5 | |
Source: | Code function: | 0_2_034B643A | |
Source: | Code function: | 0_2_034B6B16 | |
Source: | Code function: | 0_2_034B0932 | |
Source: | Code function: | 0_2_034B0DC7 | |
Source: | Code function: | 0_2_034B1165 | |
Source: | Code function: | 1_2_0067E67D | |
Source: | Code function: | 1_2_0062C708 | |
Source: | Code function: | 1_2_006E6F6B | |
Source: | Code function: | 1_2_006091C5 | |
Source: | Code function: | 1_2_006E98A3 | |
Source: | Code function: | 3_2_00E3E67D | |
Source: | Code function: | 3_2_00DEC708 | |
Source: | Code function: | 3_2_00EA6F6B | |
Source: | Code function: | 3_2_00DC91C5 | |
Source: | Code function: | 3_2_00EA98A3 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_0349A244 | |
Source: | Code function: | 0_2_0349A701 | |
Source: | Code function: | 0_2_0349B72C | |
Source: | Code function: | 0_2_0349B671 | |
Source: | Code function: | 0_2_0348A3FD | |
Source: | Code function: | 0_2_0349A1C8 | |
Source: | Code function: | 0_2_0348A520 | |
Source: | Code function: | 0_2_0348AA41 |
Source: | Code function: | 0_2_0349A036 |
Source: | Code function: | 0_2_00DBA66C |
Source: | Code function: | 0_2_00DAA4D3 |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00DA10BE |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00EA6408 | |
Source: | Code function: | 0_2_00EA5F36 | |
Source: | Code function: | 0_2_034A8B18 | |
Source: | Code function: | 0_2_034A2B07 | |
Source: | Code function: | 0_2_034BA858 | |
Source: | Code function: | 1_2_006E6408 | |
Source: | Code function: | 1_2_006E5F36 | |
Source: | Code function: | 3_2_00EA6408 | |
Source: | Code function: | 3_2_00EA5F36 |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | Code function: | 0_2_00DE2018 | |
Source: | Code function: | 0_2_00E222CB | |
Source: | Code function: | 0_2_00DCCC9C | |
Source: | Code function: | 0_2_00DDCD1F | |
Source: | Code function: | 0_2_00E22E90 | |
Source: | Code function: | 0_2_00E20FB1 | |
Source: | Code function: | 0_2_00DA5516 | |
Source: | Code function: | 0_2_00E21A40 | |
Source: | Code function: | 0_2_00E21A40 | |
Source: | Code function: | 0_2_00E21A40 | |
Source: | Code function: | 0_2_00DF7DE2 | |
Source: | Code function: | 0_2_00E21D40 | |
Source: | Code function: | 0_2_00DE1F74 | |
Source: | Code function: | 1_2_00622018 | |
Source: | Code function: | 1_2_006622CB | |
Source: | Code function: | 1_2_0060CC9C | |
Source: | Code function: | 1_2_0061CD1F | |
Source: | Code function: | 1_2_00662E90 | |
Source: | Code function: | 1_2_00660FB1 | |
Source: | Code function: | 1_2_005E5516 | |
Source: | Code function: | 1_2_00661A40 | |
Source: | Code function: | 1_2_00661A40 | |
Source: | Code function: | 1_2_00661A40 | |
Source: | Code function: | 1_2_00661D40 | |
Source: | Code function: | 1_2_00637DE2 | |
Source: | Code function: | 1_2_00621F74 | |
Source: | Code function: | 3_2_00DE2018 | |
Source: | Code function: | 3_2_00E222CB | |
Source: | Code function: | 3_2_00DCCC9C | |
Source: | Code function: | 3_2_00DDCD1F | |
Source: | Code function: | 3_2_00E22E90 | |
Source: | Code function: | 3_2_00E20FB1 | |
Source: | Code function: | 3_2_00DA5516 | |
Source: | Code function: | 3_2_00E21A40 | |
Source: | Code function: | 3_2_00E21A40 | |
Source: | Code function: | 3_2_00E21A40 | |
Source: | Code function: | 3_2_00DF7DE2 | |
Source: | Code function: | 3_2_00E21D40 | |
Source: | Code function: | 3_2_00DE1F74 |
Source: | Code function: | 0_2_00DBB770 |
Source: | Key value created or modified: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Evasive API call chain: | graph_0-78745 |
Source: | Decision node followed by non-executed suspicious API: | graph_0-78000 |
Source: | Evasive API call chain: | graph_0-78388 | ||
Source: | Evasive API call chain: | graph_0-78246 |
Source: | Evasive API call chain: | ||
Source: | Evasive API call chain: |
Source: | Check user administrative privileges: | graph_0-78546 |
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 0_2_00DDA6C3 | |
Source: | Code function: | 1_2_0061A6C3 | |
Source: | Code function: | 3_2_00DDA6C3 |
Source: | Code function: | 0_2_0348B0A5 |
Source: | Code function: | 0_2_00EA9C8B |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-78936 | ||
Source: | API call chain: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00EA47AC |
Source: | Code function: | 0_2_03495A55 |
Source: | Code function: | 0_2_00EA9C8B |
Source: | Code function: | 0_2_00DA10BE |
Source: | Code function: | 0_2_03494CEC |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_00EA47AC | |
Source: | Code function: | 0_2_00EABBA1 | |
Source: | Code function: | 0_2_0349B9E1 | |
Source: | Code function: | 0_2_034A66AE | |
Source: | Code function: | 0_2_0349F3F0 | |
Source: | Code function: | 1_2_006E47AC | |
Source: | Code function: | 1_2_006EBBA1 | |
Source: | Code function: | 3_2_00EA47AC | |
Source: | Code function: | 3_2_00EABBA1 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Code function: | 0_2_0348A5F4 |
Source: | Code function: | 0_2_0348A5F4 |
Source: | Code function: | 0_2_0348A5F4 | |
Source: | Code function: | 0_2_0348A5F4 |
Source: | Code function: | 0_2_00DA7502 | |
Source: | Code function: | 0_2_00DFDD6C | |
Source: | Code function: | 0_2_034B030B | |
Source: | Code function: | 0_2_034B03B2 | |
Source: | Code function: | 0_2_034B0216 | |
Source: | Code function: | 0_2_03488189 | |
Source: | Code function: | 0_2_034B0741 | |
Source: | Code function: | 0_2_034B0705 | |
Source: | Code function: | 0_2_034B069E | |
Source: | Code function: | 0_2_034B05DE | |
Source: | Code function: | 0_2_034B040D | |
Source: | Code function: | 0_2_034B524D | |
Source: | Code function: | 0_2_034A5648 | |
Source: | Code function: | 0_2_034B3515 | |
Source: | Code function: | 1_2_005E7502 | |
Source: | Code function: | 1_2_0063DD6C | |
Source: | Code function: | 3_2_00DA7502 | |
Source: | Code function: | 3_2_00DFDD6C |
Source: | Code function: | 0_2_00EAEFF7 |
Source: | Code function: | 0_2_034AA394 |
Source: | Code function: | 0_2_00DBB770 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 13 Native API | 1 LSASS Driver | 1 LSASS Driver | 1 Disable or Modify Tools | 141 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 2 File and Directory Discovery | Remote Desktop Protocol | 141 Input Capture | 1 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 1 Scheduled Task/Job | 1 Access Token Manipulation | 2 Obfuscated Files or Information | Security Account Manager | 14 System Information Discovery | SMB/Windows Admin Shares | 2 Clipboard Data | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 211 Process Injection | 1 Software Packing | NTDS | 141 Security Software Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 1 Scheduled Task/Job | 1 DLL Side-Loading | LSA Secrets | 11 Virtualization/Sandbox Evasion | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Modify Registry | Cached Domain Credentials | 2 Process Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 11 Virtualization/Sandbox Evasion | DCSync | 1 Application Window Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Access Token Manipulation | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 211 Process Injection | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
16% | ReversingLabs | Win32.Trojan.Generic | ||
24% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
16% | ReversingLabs | Win32.Trojan.Generic | ||
24% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
156.255.0.191 | unknown | Seychelles | 134548 | DXTL-HKDXTLTseungKwanOServiceHK | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428524 |
Start date and time: | 2024-04-19 05:58:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Wt3pGldAnr.exerenamed because original name is a hash value |
Original Sample Name: | 0707cfd47743293d37378ee4465baf5c.exe |
Detection: | MAL |
Classification: | mal80.spyw.evad.winEXE@4/2@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing disassembly code.
Time | Type | Description |
---|---|---|
04:59:11 | Task Scheduler | |
05:59:09 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
DXTL-HKDXTLTseungKwanOServiceHK | Get hash | malicious | Gafgyt, Mirai | Browse |
| |
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Users\user\Desktop\Wt3pGldAnr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3218944 |
Entropy (8bit): | 7.319162531570145 |
Encrypted: | false |
SSDEEP: | 98304:zIYSSR0z8vvZpdmI6RSTSGcNoIv0kGX4g7O9P9LfetG25NJn:zIdy0ohgBGImO9P9LfeHJ |
MD5: | 0707CFD47743293D37378EE4465BAF5C |
SHA1: | 3EC3E1DA7CA748292EB3D0990A763D58E04EBB09 |
SHA-256: | FB65C9DA76587966B0FD53C34119AEDD57E771899531146943B79BBB2CC129C3 |
SHA-512: | B989B282D247B5F64B98D658524CC2AE9EC44B105B31B8654C6868C4A545FB6A59310CA6C3BB9613D4B02E64D6BDB5E322C0498BA8572EB58ADABE08D25F25C0 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\Wt3pGldAnr.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.319162531570145 |
TrID: |
|
File name: | Wt3pGldAnr.exe |
File size: | 3'218'944 bytes |
MD5: | 0707cfd47743293d37378ee4465baf5c |
SHA1: | 3ec3e1da7ca748292eb3d0990a763d58e04ebb09 |
SHA256: | fb65c9da76587966b0fd53c34119aedd57e771899531146943b79bbb2cc129c3 |
SHA512: | b989b282d247b5f64b98d658524cc2ae9ec44b105b31b8654c6868c4a545fb6a59310ca6c3bb9613d4b02e64d6bdb5e322c0498ba8572eb58adabe08d25f25c0 |
SSDEEP: | 98304:zIYSSR0z8vvZpdmI6RSTSGcNoIv0kGX4g7O9P9LfetG25NJn:zIdy0ohgBGImO9P9LfeHJ |
TLSH: | B6E5D0313691D47BE53B36309259A3B9B2BEB9308E35024726A15F3D3E754938D2827F |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u..41.bg1.bg1.bg^..g..bg^..g..bg^..gI.bg8..g>.bg8..g..bg1.cg-.bg^..g?.bg^..g0.bg^..g0.bgRich1.bg........................PE..L.. |
Icon Hash: | 6b49e0c4612d0f55 |
Entrypoint: | 0x505a11 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x662079F4 [Thu Apr 18 01:40:04 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | c7cd9a28c59d689112a5f72c9ae31817 |
Instruction |
---|
call 00007F73D090A506h |
jmp 00007F73D0900DAEh |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 20h |
mov eax, dword ptr [ebp+08h] |
push esi |
push edi |
push 00000008h |
pop ecx |
mov esi, 00550270h |
lea edi, dword ptr [ebp-20h] |
rep movsd |
mov dword ptr [ebp-08h], eax |
mov eax, dword ptr [ebp+0Ch] |
pop edi |
mov dword ptr [ebp-04h], eax |
pop esi |
test eax, eax |
je 00007F73D0900F2Eh |
test byte ptr [eax], 00000008h |
je 00007F73D0900F29h |
mov dword ptr [ebp-0Ch], 01994000h |
lea eax, dword ptr [ebp-0Ch] |
push eax |
push dword ptr [ebp-10h] |
push dword ptr [ebp-1Ch] |
push dword ptr [ebp-20h] |
call dword ptr [0052A314h] |
leave |
retn 0008h |
mov edi, edi |
push ebp |
mov ebp, esp |
push ecx |
push ebx |
mov eax, dword ptr [ebp+0Ch] |
add eax, 0Ch |
mov dword ptr [ebp-04h], eax |
mov ebx, dword ptr fs:[00000000h] |
mov eax, dword ptr [ebx] |
mov dword ptr fs:[00000000h], eax |
mov eax, dword ptr [ebp+08h] |
mov ebx, dword ptr [ebp+0Ch] |
mov ebp, dword ptr [ebp-04h] |
mov esp, dword ptr [ebx-04h] |
jmp eax |
pop ebx |
leave |
retn 0008h |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
mov edi, edi |
push ebp |
mov ebp, esp |
push ecx |
push ecx |
push ebx |
push esi |
push edi |
mov esi, dword ptr fs:[00000000h] |
mov dword ptr [ebp-04h], esi |
mov dword ptr [ebp-08h], 00505ACBh |
push 00000000h |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp-08h] |
push dword ptr [ebp+08h] |
call 00007F73D0917488h |
mov eax, dword ptr [ebp+0Ch] |
mov eax, dword ptr [eax+04h] |
and eax, FFFFFFFDh |
mov ecx, dword ptr [ebp+0Ch] |
mov dword ptr [ecx+00h], eax |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x16c0bc | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x181000 | 0x173817 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x2f5000 | 0x1ac8c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x154d70 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x12a000 | 0x9e8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x12881f | 0x128a00 | 08126d7c27e1de4a907093ca817d1234 | False | 0.565460552307206 | data | 6.5329102207493825 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x12a000 | 0x455dc | 0x45600 | 4ccda5c669343a32a9a888ef12edd8fa | False | 0.2671699042792793 | data | 5.002277513445981 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x170000 | 0x10340 | 0x6c00 | c950ad1efa5e8e9145d257df16dc1f6e | False | 0.25983796296296297 | data | 4.538856989422253 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x181000 | 0x173817 | 0x173a00 | ea3ee13a03cd81d884876d55980cb98b | False | 0.9375617536999664 | data | 7.904870488456657 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x2f5000 | 0x2936e | 0x29400 | d5402f4b94d2ead2df238cc6f25d8e68 | False | 0.27293442234848486 | data | 5.0526509296469 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
PNG | 0x181558 | 0x14e059 | PNG image data, 2338 x 1314, 8-bit colormap, non-interlaced | 1.0002803802490234 | ||
RT_ICON | 0x2cf5b4 | 0x5072 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9811110032048169 |
RT_ICON | 0x2d4628 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 9600 | English | United States | 0.2892316337395008 |
RT_ICON | 0x2e4e50 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 9600 | English | United States | 0.38946395563770797 |
RT_ICON | 0x2ea2d8 | 0x39e0 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.3254589632829374 |
RT_ICON | 0x2edcb8 | 0x3004 | Device independent bitmap graphic, 32 x 64 x 32, image size 9600 | English | United States | 0.2245362837617963 |
RT_ICON | 0x2f0cbc | 0x25a8 | Device independent bitmap graphic, 16 x 32 x 32, image size 9600 | English | United States | 0.10487551867219917 |
RT_DIALOG | 0x2f3264 | 0xb4 | data | English | United States | 0.6111111111111112 |
RT_DIALOG | 0x2f3318 | 0x120 | data | English | United States | 0.5138888888888888 |
RT_DIALOG | 0x2f3438 | 0x1ee | data | English | United States | 0.3866396761133603 |
RT_DIALOG | 0x2f3628 | 0xf8 | data | English | United States | 0.6290322580645161 |
RT_DIALOG | 0x2f3720 | 0xda | data | English | United States | 0.6376146788990825 |
RT_DIALOG | 0x2f37fc | 0xa0 | data | English | United States | 0.6 |
RT_DIALOG | 0x2f389c | 0x10c | data | English | United States | 0.5111940298507462 |
RT_DIALOG | 0x2f39a8 | 0x1ee | data | English | United States | 0.3866396761133603 |
RT_DIALOG | 0x2f3b98 | 0xe4 | data | English | United States | 0.6359649122807017 |
RT_DIALOG | 0x2f3c7c | 0xda | data | English | United States | 0.6376146788990825 |
RT_DIALOG | 0x2f3d58 | 0xa4 | data | English | United States | 0.6158536585365854 |
RT_DIALOG | 0x2f3dfc | 0x110 | data | English | United States | 0.5183823529411765 |
RT_DIALOG | 0x2f3f0c | 0x1f2 | data | English | United States | 0.39759036144578314 |
RT_DIALOG | 0x2f4100 | 0xe8 | data | English | United States | 0.6508620689655172 |
RT_DIALOG | 0x2f41e8 | 0xde | data | English | United States | 0.6486486486486487 |
RT_GROUP_ICON | 0x2f42c8 | 0x84 | data | English | United States | 0.6893939393939394 |
RT_VERSION | 0x2f434c | 0x2b4 | data | Chinese | China | 0.546242774566474 |
RT_MANIFEST | 0x2f4600 | 0x217 | XML 1.0 document, ASCII text, with CRLF line terminators | Chinese | China | 0.5570093457943925 |
DLL | Import |
---|---|
KERNEL32.dll | GlobalFree, FreeLibrary, lstrcmpW, MultiByteToWideChar, DeactivateActCtx, ActivateActCtx, GetLocaleInfoW, GlobalUnlock, ConvertDefaultLocale, GetUserDefaultUILanguage, GetCurrentThread, GlobalDeleteAtom, lstrcmpA, FreeResource, lstrcpyW, GetPrivateProfileIntW, WritePrivateProfileStringW, GetPrivateProfileStringW, GetCurrentProcessId, SetThreadPriority, ResumeThread, GlobalAddAtomW, ReleaseActCtx, CompareStringW, GetVersionExW, GlobalFindAtomW, LocalAlloc, TlsGetValue, GlobalReAlloc, GlobalHandle, InitializeCriticalSection, TlsAlloc, TlsSetValue, LocalReAlloc, TlsFree, GetCurrentDirectoryW, GlobalFlags, DeleteFileW, GlobalGetAtomNameW, lstrlenA, GetThreadLocale, FileTimeToSystemTime, lstrcmpiW, CreateFileW, ReadFile, WriteFile, SetFilePointer, FlushFileBuffers, LockFile, UnlockFile, SetEndOfFile, GetFileSize, DuplicateHandle, GetCurrentProcess, FindClose, FindFirstFileW, GetVolumeInformationW, GetFullPathNameW, CopyFileW, GetFileAttributesExW, FileTimeToLocalFileTime, GetFileAttributesW, GetFileSizeEx, GetFileTime, GetTempFileNameW, GetTempPathW, GetWindowsDirectoryW, GetNumberFormatW, GetProfileIntW, SearchPathW, VirtualProtect, FindResourceExW, DecodePointer, EncodePointer, ExitThread, HeapSetInformation, GetStartupInfoW, RaiseException, RtlUnwind, ExitProcess, HeapReAlloc, HeapQueryInformation, HeapSize, GetSystemTimeAsFileTime, GetSystemInfo, VirtualQuery, SetStdHandle, GetFileType, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, IsProcessorFeaturePresent, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, QueryPerformanceCounter, GetStringTypeW, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetTimeZoneInformation, LCMapStringW, GetConsoleCP, GetConsoleMode, WriteConsoleW, SetEnvironmentVariableA, LocalFree, MulDiv, GlobalSize, GlobalAlloc, GlobalLock, GetExitCodeProcess, OpenProcess, WriteProcessMemory, VirtualAlloc, FindResourceW, LoadResource, LockResource, SizeofResource, GetModuleHandleW, GetCommandLineA, CreateThread, GetConsoleWindow, CreateMutexW, GetTickCount, GetModuleFileNameW, TryEnterCriticalSection, SetWaitableTimer, CreateWaitableTimerW, lstrlenW, WideCharToMultiByte, ResetEvent, CancelIo, InterlockedExchange, CreateEventW, SetLastError, SwitchToThread, GetCurrentThreadId, GetLastError, FormatMessageW, SetEvent, Sleep, WaitForSingleObject, CloseHandle, CreateEventA, InterlockedDecrement, InterlockedIncrement, InterlockedCompareExchange, HeapDestroy, HeapCreate, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, HeapFree, HeapAlloc, LoadLibraryW, GetProcAddress, GetSystemDefaultUILanguage, VirtualFree |
USER32.dll | SetTimer, KillTimer, SetRectEmpty, EnumDisplayMonitors, SetLayeredWindowAttributes, CharNextW, OffsetRect, CopyAcceleratorTableW, IsRectEmpty, SetRect, IntersectRect, InvalidateRgn, GetNextDlgGroupItem, MessageBeep, LoadMenuW, SetWindowRgn, RedrawWindow, NotifyWinEvent, GetAsyncKeyState, IsZoomed, CharUpperW, UnionRect, EnableScrollBar, UpdateLayeredWindow, MonitorFromPoint, IsMenu, CreatePopupMenu, SetMenuDefaultItem, GetMenuDefaultItem, DestroyIcon, TranslateAcceleratorW, BringWindowToTop, InsertMenuItemW, LoadAcceleratorsW, LoadImageW, ReuseDDElParam, UnpackDDElParam, SetParent, DestroyAcceleratorTable, SetClassLongW, DrawIconEx, DrawEdge, DrawFrameControl, DrawFocusRect, ToUnicodeEx, MapVirtualKeyW, GetKeyboardLayout, GetKeyboardState, CreateAcceleratorTableW, SetCursorPos, LockWindowUpdate, RegisterClipboardFormatW, InvertRect, HideCaret, GetIconInfo, CopyImage, OpenClipboard, SetClipboardData, CloseClipboard, EmptyClipboard, FrameRect, CopyIcon, CharUpperBuffW, PostThreadMessageW, GetKeyNameTextW, DefFrameProcW, DefMDIChildProcW, DrawMenuBar, TranslateMDISysAccel, CreateMenu, IsClipboardFormatAvailable, GetUpdateRect, GetDoubleClickTime, IsCharLowerW, MapVirtualKeyExW, SubtractRect, DestroyCursor, GetWindowRgn, WinHelpW, IsChild, GetCapture, GetClassLongW, SetPropW, GetPropW, RemovePropW, SetFocus, GetWindowTextW, GetForegroundWindow, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, GetMessageTime, GetMessagePos, MonitorFromWindow, GetMonitorInfoW, MapWindowPoints, ScrollWindow, TrackPopupMenu, SetMenu, RealChildWindowFromPoint, GetScrollRange, SetScrollPos, GetScrollPos, SetForegroundWindow, ShowScrollBar, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, AdjustWindowRectEx, EqualRect, DeferWindowPos, GetScrollInfo, SetScrollInfo, SetWindowPlacement, GetWindowPlacement, GetDlgCtrlID, DefWindowProcW, CallWindowProcW, GetMenu, SetWindowLongW, SystemParametersInfoW, DestroyMenu, GetMenuItemInfoW, InflateRect, CopyRect, GetClassNameW, InvalidateRect, UpdateWindow, DrawStateW, ShowOwnedPopups, SetCursor, GetMessageW, IsWindowVisible, GetKeyState, ValidateRect, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapW, ModifyMenuW, EnableMenuItem, CheckMenuItem, SetWindowsHookExW, UnhookWindowsHookEx, GetCursorPos, CallNextHookEx, GetFocus, PtInRect, GetSysColor, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, ClientToScreen, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, FillRect, GetWindowThreadProcessId, GetLastActivePopup, MessageBoxW, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamW, DestroyWindow, IsWindow, GetWindowLongW, GetDlgItem, IsWindowEnabled, GetNextDlgTabItem, EndDialog, RegisterWindowMessageW, GetWindow, SetWindowContextHelpId, GetParent, MapDialogRect, SetWindowPos, PostQuitMessage, PostMessageW, GetMenuState, GetMenuStringW, GetMenuItemID, InsertMenuW, GetMenuItemCount, GetSubMenu, RemoveMenu, PeekMessageW, TranslateMessage, DispatchMessageW, MsgWaitForMultipleObjects, ShowWindow, PostThreadMessageA, GetInputState, LoadIconW, GetSystemMenu, AppendMenuW, SendMessageW, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, GetWindowRect, ScreenToClient, GetDC, EnableWindow, DeleteMenu, WaitMessage, ReleaseCapture, WindowFromPoint, SetCapture, GetSysColorBrush, LoadCursorW, MoveWindow, SetWindowTextW, IsDialogMessageW, CheckDlgButton, SendDlgItemMessageW, SetScrollRange, SendDlgItemMessageA, GetWindowTextLengthW |
GDI32.dll | GetTextMetricsW, EnumFontFamiliesW, GetTextCharsetInfo, GetBkColor, GetTextColor, GetRgnBox, SetRectRgn, CombineRgn, GetMapMode, PatBlt, DPtoLP, CreateRoundRectRgn, CreateDIBSection, CreatePolygonRgn, CreateEllipticRgn, Polyline, Ellipse, Polygon, CreatePalette, GetPaletteEntries, GetNearestPaletteIndex, RealizePalette, CopyMetaFileW, CreateDCW, SaveDC, RestoreDC, SetBkColor, SetBkMode, SetPolyFillMode, SetROP2, SetTextColor, CreateRectRgnIndirect, SetMapMode, GetClipBox, ExcludeClipRect, IntersectClipRect, LineTo, MoveToEx, SetTextAlign, SelectObject, CreateCompatibleBitmap, CreateDIBitmap, GetTextExtentPoint32W, CreateFontIndirectW, CreateHatchBrush, CreateSolidBrush, CreatePen, GetObjectType, SelectPalette, GetStockObject, CreateCompatibleDC, CreateBitmap, CreatePatternBrush, GetLayout, SetLayout, DeleteObject, SelectClipRgn, CreateRectRgn, GetObjectW, GetViewportExtEx, GetWindowExtEx, BitBlt, GetPixel, PtVisible, RectVisible, TextOutW, ExtTextOutW, Escape, SetViewportOrgEx, DeleteDC, ExtSelectClipRgn, ScaleWindowExtEx, SetWindowExtEx, GetDeviceCaps, SetPixelV, GetTextFaceW, GetBoundsRect, FrameRgn, FillRgn, PtInRegion, GetViewportOrgEx, GetWindowOrgEx, LPtoDP, SetPaletteEntries, ExtFloodFill, EnumFontFamiliesExW, Rectangle, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, GetSystemPaletteEntries, OffsetRgn, SetDIBColorTable, StretchBlt, SetPixel, OffsetWindowOrgEx |
ADVAPI32.dll | RegOpenKeyExW, RegCreateKeyExW, RegDeleteKeyW, RegEnumKeyW, RegQueryValueW, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegSetValueExW, RegCloseKey, RegQueryValueExW, RegCreateKeyW |
MSIMG32.dll | AlphaBlend, TransparentBlt |
COMCTL32.dll | ImageList_GetIconSize, InitCommonControlsEx |
SHLWAPI.dll | PathIsUNCW, PathStripToRootW, PathFindFileNameW, PathFindExtensionW, PathRemoveFileSpecW |
oledlg.dll | OleUIBusyW |
WS2_32.dll | WSASetLastError, WSAEnumNetworkEvents, shutdown, WSACloseEvent, WSAResetEvent, WSAEventSelect, WSAWaitForMultipleEvents, WSAGetLastError, WSAStartup, WSACleanup, setsockopt, closesocket, socket, gethostbyname, htons, connect, WSAIoctl, select, recv, send, WSACreateEvent |
gdiplus.dll | GdipGetImageGraphicsContext, GdipBitmapUnlockBits, GdipBitmapLockBits, GdipCreateBitmapFromScan0, GdipCreateBitmapFromStream, GdipGetImagePalette, GdipGetImagePaletteSize, GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipCloneImage, GdipDrawImageRectI, GdipSetInterpolationMode, GdipCreateFromHDC, GdiplusShutdown, GdiplusStartup, GdipCreateBitmapFromHBITMAP, GdipDisposeImage, GdipDeleteGraphics, GdipAlloc, GdipFree, GdipDrawImageI |
WINMM.dll | PlaySoundW, timeGetTime |
OLEACC.dll | LresultFromObject, AccessibleObjectFromWindow, CreateStdAccessibleObject |
IMM32.dll | ImmReleaseContext, ImmGetContext, ImmGetOpenStatus |
WINSPOOL.DRV | DocumentPropertiesW, OpenPrinterW, ClosePrinter |
COMDLG32.dll | GetFileTitleW |
SHELL32.dll | SHGetDesktopFolder, SHGetMalloc, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, DragFinish, DragQueryFileW, ShellExecuteW, SHAppBarMessage, SHGetSpecialFolderLocation |
ole32.dll | OleTranslateAccelerator, IsAccelerator, OleLockRunning, CoRevokeClassObject, CoRegisterMessageFilter, OleGetClipboard, RegisterDragDrop, CoLockObjectExternal, RevokeDragDrop, CLSIDFromProgID, OleDestroyMenuDescriptor, CoCreateGuid, OleDuplicateData, CoTaskMemAlloc, ReleaseStgMedium, OleCreateMenuDescriptor, CoTaskMemFree, CoInitializeEx, DoDragDrop, OleFlushClipboard, OleIsCurrentClipboard, CreateStreamOnHGlobal, OleInitialize, CoFreeUnusedLibraries, OleUninitialize, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CoInitialize, CoCreateInstance, CoUninitialize, CLSIDFromString |
OLEAUT32.dll | SysAllocStringLen, VariantClear, VariantChangeType, VariantInit, SysStringLen, VariantCopy, SysAllocString, SafeArrayDestroy, VariantTimeToSystemTime, SystemTimeToVariantTime, VarBstrFromDate, OleCreateFontIndirect, SysFreeString |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Chinese | China |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 05:59:07.864543915 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:08.161119938 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.161276102 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:08.162348032 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:08.458818913 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.459402084 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:08.755805969 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.759234905 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.759254932 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.759273052 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.759289980 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.759305954 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.759324074 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.759340048 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.759355068 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.759370089 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.759386063 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.759402037 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.759417057 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:08.759450912 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:08.759450912 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:08.759450912 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:08.759450912 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:08.759546041 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.056036949 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056070089 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056086063 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056113005 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056129932 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056139946 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.056148052 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056165934 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056173086 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.056184053 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056195021 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.056200027 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056216955 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056231022 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.056231022 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056247950 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056267023 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.056267977 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056283951 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.056284904 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056303024 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056318045 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056333065 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.056334019 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056351900 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056351900 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.056368113 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056384087 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.056400061 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.056418896 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.353076935 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353143930 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353168011 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353188038 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353245974 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353266954 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353302956 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353341103 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353362083 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353384018 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353403091 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353421926 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353441000 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353460073 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353480101 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353498936 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353535891 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353570938 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353605986 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353641033 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353651047 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.353651047 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.353651047 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.353676081 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353712082 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353722095 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.353748083 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353786945 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353794098 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.353827000 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353863001 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353898048 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353931904 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.353965998 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.354000092 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.354036093 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.354072094 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.354105949 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.354141951 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.354176998 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.354188919 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.354190111 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.354190111 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.354212046 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.354247093 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.354274035 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.354283094 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.354319096 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.354343891 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.395570993 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.650638103 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650667906 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650685072 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650701046 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650722027 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650738001 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650755882 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650774002 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650790930 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650809050 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650825977 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650841951 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650857925 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650875092 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650876999 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.650876999 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.650876999 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.650876999 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.650890112 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650911093 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650935888 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650954008 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650960922 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.650960922 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.650960922 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.650969982 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650988102 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.650994062 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651005983 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651022911 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651037931 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651057959 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651067972 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651067972 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651098013 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651115894 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651134968 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651149988 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651148081 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651168108 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651181936 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651186943 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651202917 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651205063 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651228905 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651232958 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651248932 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651264906 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651283026 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651299000 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651305914 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651324987 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651343107 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651345015 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651360035 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651365995 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651377916 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651397943 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651424885 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651432991 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651447058 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651452065 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651468992 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651487112 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651501894 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651508093 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651519060 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651535034 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651546955 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651560068 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651566982 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651577950 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651591063 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651596069 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651613951 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651631117 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651635885 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651648045 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651664972 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651675940 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651684046 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651696920 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651704073 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651721001 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651736975 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651750088 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651751995 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651768923 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651770115 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651784897 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651801109 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651808977 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651818991 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651829004 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651837111 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651853085 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651870012 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651885033 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651885986 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651901960 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651918888 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651930094 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651935101 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651951075 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651952982 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651971102 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.651973009 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.651992083 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.652007103 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.652049065 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.691909075 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.691927910 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.692133904 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.948379993 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948430061 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948467016 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948502064 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948538065 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948575974 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948626995 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948652983 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.948652983 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.948652983 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.948666096 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948703051 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948720932 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.948739052 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948774099 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948808908 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948843002 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948893070 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948926926 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948961973 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.948998928 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949018002 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949018002 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949018955 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949018955 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949038982 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949074984 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949110985 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949146032 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949181080 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949214935 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949249029 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949284077 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949316978 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949316978 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949316978 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949316978 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949340105 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949374914 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949409962 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949445009 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949455023 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949469090 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949491024 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949527025 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949562073 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949580908 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949598074 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949614048 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949635983 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949671984 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949709892 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949726105 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949745893 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949767113 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949781895 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949819088 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949855089 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949881077 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949891090 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949913025 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.949925900 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949960947 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.949995995 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950012922 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950031042 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950056076 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950066090 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950100899 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950135946 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950156927 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950170994 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950200081 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950206041 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950242043 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950277090 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950311899 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950310946 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950345039 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950349092 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950383902 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950402975 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950422049 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950457096 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950491905 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950510025 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950527906 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950547934 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950563908 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950599909 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950634956 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950655937 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950669050 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950685978 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950706005 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950742006 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950778008 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950794935 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950814009 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950830936 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950850964 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950886965 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950922966 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950942039 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950958967 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.950977087 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.950994015 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951029062 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951066017 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951081991 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.951102018 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951122046 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.951137066 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951172113 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951206923 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951229095 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.951241970 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951260090 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.951277018 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951312065 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951345921 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951365948 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.951383114 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951419115 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.951423883 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951463938 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951483011 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.951499939 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951535940 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951571941 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951589108 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.951607943 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951631069 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.951642990 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951678991 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951713085 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951731920 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.951747894 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951771975 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.951785088 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951822042 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951855898 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951881886 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.951890945 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951901913 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.951926947 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951961994 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.951996088 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952017069 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.952032089 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952054977 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.952066898 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952121019 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952157974 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952172041 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.952193975 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952212095 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.952229977 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952264071 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952299118 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952320099 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.952334881 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952358961 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.952369928 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952405930 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952441931 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952461004 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.952478886 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952496052 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:09.952516079 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952550888 CEST | 1386 | 49730 | 156.255.0.191 | 192.168.2.4 |
Apr 19, 2024 05:59:09.952615976 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Apr 19, 2024 05:59:13.150151968 CEST | 49730 | 1386 | 192.168.2.4 | 156.255.0.191 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:59:00 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\Wt3pGldAnr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xda0000 |
File size: | 3'218'944 bytes |
MD5 hash: | 0707CFD47743293D37378EE4465BAF5C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 05:59:09 |
Start date: | 19/04/2024 |
Path: | C:\ProgramData\StartMenuExperienceHos.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x5e0000 |
File size: | 3'218'944 bytes |
MD5 hash: | 0707CFD47743293D37378EE4465BAF5C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 05:59:11 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\Wt3pGldAnr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xda0000 |
File size: | 3'218'944 bytes |
MD5 hash: | 0707CFD47743293D37378EE4465BAF5C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 2.2% |
Dynamic/Decrypted Code Coverage: | 34.9% |
Signature Coverage: | 23.5% |
Total number of Nodes: | 1041 |
Total number of Limit Nodes: | 24 |
Graph
Function 0349B9E1 Relevance: 177.3, APIs: 55, Strings: 46, Instructions: 560sleepregistrythreadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBB770 Relevance: 103.8, APIs: 48, Strings: 11, Instructions: 557libraryloaderstringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349A244 Relevance: 101.9, APIs: 22, Strings: 36, Instructions: 356COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA10BE Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 72librarymemoryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349A036 Relevance: 7.5, APIs: 5, Instructions: 43processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349B72C Relevance: 6.1, APIs: 4, Instructions: 85COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA2B1A Relevance: 3.1, APIs: 2, Instructions: 80networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349A701 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA28D9 Relevance: 66.7, APIs: 37, Strings: 1, Instructions: 224sleepnetworkstringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBB217 Relevance: 64.8, APIs: 43, Instructions: 304COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA5AA6 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 240registrymemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA461F Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 97registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA1194 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 84libraryloadermemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA4A86 Relevance: 24.5, APIs: 13, Strings: 1, Instructions: 46threadsynchronizationsleepCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349A7F1 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 148registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349B81E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 110threadprocessfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA58DD Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 123registrysleepCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03495BAC Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 49windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB673E Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EA513B Relevance: 12.1, APIs: 8, Instructions: 63threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB6DD9 Relevance: 12.0, APIs: 8, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349AA98 Relevance: 9.2, APIs: 6, Instructions: 214comCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349AD79 Relevance: 7.9, APIs: 5, Instructions: 413comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA4978 Relevance: 7.6, APIs: 5, Instructions: 84sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA4508 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA48D2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA2CFB Relevance: 3.1, APIs: 2, Instructions: 58networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349597D Relevance: 3.0, APIs: 2, Instructions: 37windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349C206 Relevance: 3.0, APIs: 2, Instructions: 25synchronizationthreadCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA7416 Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA2DDD Relevance: 1.6, APIs: 1, Instructions: 74timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA2C6E Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA1038 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA8221 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBA507 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA5A7D Relevance: 1.3, APIs: 1, Instructions: 15sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348A5F4 Relevance: 79.0, APIs: 31, Strings: 14, Instructions: 250processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349CB0D Relevance: 63.3, APIs: 26, Strings: 10, Instructions: 299clipboardstringsleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E222CB Relevance: 53.0, APIs: 28, Strings: 2, Instructions: 452windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03488189 Relevance: 49.4, APIs: 17, Strings: 11, Instructions: 405stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348AD40 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 155processmemoryinjectionCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349C71F Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 137synchronizationfilestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE688A Relevance: 21.3, APIs: 14, Instructions: 280keyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE49CC Relevance: 21.3, APIs: 14, Instructions: 268keyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348A3FD Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 61libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DEC708 Relevance: 20.8, APIs: 13, Instructions: 1300COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348B0A5 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 95stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E20FB1 Relevance: 16.7, APIs: 11, Instructions: 220windowkeyboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1250F Relevance: 13.6, APIs: 9, Instructions: 141clipboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DC91C5 Relevance: 11.1, APIs: 7, Instructions: 578COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348AA41 Relevance: 10.6, APIs: 7, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349CD43 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 55stringclipboardsleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034B0216 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03494CEC Relevance: 6.1, APIs: 4, Instructions: 77memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DAA4D3 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348A520 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349156A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E22E90 Relevance: 3.1, APIs: 2, Instructions: 57windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349A1C8 Relevance: 3.0, APIs: 2, Instructions: 44COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DDCD1F Relevance: 3.0, APIs: 2, Instructions: 37windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBA66C Relevance: 3.0, APIs: 2, Instructions: 34comCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE2018 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034B1165 Relevance: .3, Instructions: 332COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034B0DC7 Relevance: .3, Instructions: 326COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034A0360 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348462C Relevance: 70.2, APIs: 37, Strings: 3, Instructions: 248stringnetworktimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E12705 Relevance: 51.1, APIs: 28, Strings: 1, Instructions: 323fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DCC213 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 457keyboardCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03491660 Relevance: 42.1, APIs: 7, Strings: 17, Instructions: 141registrysleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DFC289 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 45registryclipboardCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD4238 Relevance: 40.8, APIs: 27, Instructions: 344COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034A87D6 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034896E4 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 160memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03490A6D Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 133registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348AB70 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 122libraryloaderfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03492601 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 205stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E001B5 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 184windowstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBA7ED Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 72libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E00A38 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 230windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03488DC4 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 203stringregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348882E Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 187windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03492909 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 191registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03490872 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 148registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03490677 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 148registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03486483 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 101libraryloadersynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DC507A Relevance: 22.9, APIs: 15, Instructions: 351windowkeyboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348A21A Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 100registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03492BD2 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 54registrystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DF6603 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 286keyboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DAC4C3 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 158windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E02F21 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 137windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03489106 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 135registrystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349EF11 Relevance: 18.1, APIs: 12, Instructions: 139COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E36A2A Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 199windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DFCE4B Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DAEEC2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 112windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349C9D0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78stringtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DAA780 Relevance: 16.6, APIs: 11, Instructions: 139COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E10A17 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 240windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB2420 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 191libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03490F60 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 165registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E744A4 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 150keyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE22E2 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E4D0A5 Relevance: 15.3, APIs: 10, Instructions: 269COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA2ED6 Relevance: 15.1, APIs: 10, Instructions: 104COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA8EA8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 245memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD841F Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 225windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034856D4 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 195threadtimenetworkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034924A3 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03492D24 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 96stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034A0A5F Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 92memorylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03484D7D Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 35synchronizationsleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE25DC Relevance: 13.7, APIs: 9, Instructions: 242COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E02079 Relevance: 13.7, APIs: 9, Instructions: 189COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03494AF0 Relevance: 13.7, APIs: 9, Instructions: 165COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E391BF Relevance: 13.6, APIs: 9, Instructions: 121clipboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB68FD Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA4063 Relevance: 13.6, APIs: 9, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD4FEB Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 246windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034852A8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 125networkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DAAC12 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117threadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBA9E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E004AA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100windowmemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E00CF0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 79windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03490549 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE4143 Relevance: 12.1, APIs: 8, Instructions: 80windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA6568 Relevance: 12.1, APIs: 8, Instructions: 74windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBA1B6 Relevance: 12.1, APIs: 8, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA6796 Relevance: 12.1, APIs: 8, Instructions: 52memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DF632D Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 258keyboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03490191 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 195sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE2C51 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 175libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBE619 Relevance: 10.6, APIs: 7, Instructions: 147memorywindowthreadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DF867F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE2151 Relevance: 10.6, APIs: 7, Instructions: 111COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB213F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD0FC3 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE296C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB2316 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 79libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD4104 Relevance: 10.6, APIs: 7, Instructions: 73windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA4B1D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB8AFF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloadertimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA7186 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB699E Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349C950 Relevance: 10.5, APIs: 7, Instructions: 41filesynchronizationstringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034A84F2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348A35F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB6D93 Relevance: 10.5, APIs: 7, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DF609C Relevance: 9.2, APIs: 6, Instructions: 221COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DFE5B6 Relevance: 9.2, APIs: 6, Instructions: 202windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DAA5BC Relevance: 9.1, APIs: 6, Instructions: 139COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E02526 Relevance: 9.1, APIs: 6, Instructions: 137windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DC49F9 Relevance: 9.1, APIs: 6, Instructions: 86windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03488C57 Relevance: 9.1, APIs: 6, Instructions: 80processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E10E12 Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DAAB60 Relevance: 9.1, APIs: 6, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03488B3E Relevance: 9.0, APIs: 6, Instructions: 47sleepsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0235C Relevance: 9.0, APIs: 6, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034867BE Relevance: 9.0, APIs: 6, Instructions: 32sleepsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA2D8B Relevance: 9.0, APIs: 6, Instructions: 29synchronizationsleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E005D3 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 143memorywindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348495A Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 130networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DAD094 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DC2025 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034844C3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE28E4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DDA07F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46libraryfileloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03488AC6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348A1AC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0349C07C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31sleepregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E4AADC Relevance: 7.9, APIs: 5, Instructions: 369windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E2470A Relevance: 7.9, APIs: 5, Instructions: 362COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DCA2B0 Relevance: 7.8, APIs: 5, Instructions: 338COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DEE22C Relevance: 7.7, APIs: 5, Instructions: 241COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DF30CE Relevance: 7.7, APIs: 5, Instructions: 205COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD4720 Relevance: 7.7, APIs: 5, Instructions: 182COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E2453C Relevance: 7.7, APIs: 5, Instructions: 168COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DFD04E Relevance: 7.7, APIs: 5, Instructions: 162stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E94BD8 Relevance: 7.7, APIs: 5, Instructions: 154COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DEAE90 Relevance: 7.6, APIs: 5, Instructions: 133COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DF4D0C Relevance: 7.6, APIs: 5, Instructions: 124windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DF8913 Relevance: 7.6, APIs: 5, Instructions: 106COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DCA8FD Relevance: 7.6, APIs: 5, Instructions: 99COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DF4288 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD31FD Relevance: 7.6, APIs: 5, Instructions: 96COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348AF98 Relevance: 7.6, APIs: 5, Instructions: 92stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD8942 Relevance: 7.6, APIs: 5, Instructions: 92windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E4CFA1 Relevance: 7.6, APIs: 5, Instructions: 89windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB3189 Relevance: 7.6, APIs: 5, Instructions: 80windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD0E9F Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD6593 Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E2075B Relevance: 7.6, APIs: 5, Instructions: 68windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD888F Relevance: 7.6, APIs: 5, Instructions: 68windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DDC16C Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DEA459 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA4233 Relevance: 7.6, APIs: 5, Instructions: 62networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DFE810 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DC6C98 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DC6D28 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD0904 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DF0782 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348B1E9 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DDA458 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E10EE4 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA275E Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB7023 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD469F Relevance: 7.5, APIs: 5, Instructions: 44COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA2877 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03492C8F Relevance: 7.5, APIs: 5, Instructions: 34processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DCEDD6 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DF2AFD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBA27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE0DA7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DFE982 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB6B3E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBA8F1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DDECDA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DDEEF6 Relevance: 6.3, APIs: 4, Instructions: 253COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD66A7 Relevance: 6.2, APIs: 4, Instructions: 225windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348E8AB Relevance: 6.2, APIs: 4, Instructions: 196timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DCF0F7 Relevance: 6.2, APIs: 4, Instructions: 183COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E48443 Relevance: 6.2, APIs: 4, Instructions: 162windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E7486F Relevance: 6.2, APIs: 4, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03486E9D Relevance: 6.2, APIs: 4, Instructions: 156COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DBAB2F Relevance: 6.1, APIs: 4, Instructions: 149COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DEC252 Relevance: 6.1, APIs: 4, Instructions: 148COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E23044 Relevance: 6.1, APIs: 4, Instructions: 129COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD8AEE Relevance: 6.1, APIs: 4, Instructions: 102COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E74B09 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD8799 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E026C3 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DD86C9 Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EA8811 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DF29A1 Relevance: 6.1, APIs: 4, Instructions: 66windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DAC923 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0348122A Relevance: 6.1, APIs: 4, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03481168 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA66E5 Relevance: 6.1, APIs: 4, Instructions: 62windowCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DC102B Relevance: 6.1, APIs: 4, Instructions: 62COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE10A0 Relevance: 6.1, APIs: 4, Instructions: 61windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DFA9F6 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB0CEF Relevance: 6.1, APIs: 4, Instructions: 57COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB4541 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA89FB Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DACF17 Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DDC028 Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DFEE68 Relevance: 6.1, APIs: 4, Instructions: 52windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB300E Relevance: 6.0, APIs: 4, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DB26F8 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DEAAA0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DAA97F Relevance: 6.0, APIs: 4, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DAA8EB Relevance: 6.0, APIs: 4, Instructions: 32COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DFC36D Relevance: 6.0, APIs: 4, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E507C5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034863A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DDAEA2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 034865C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46sleeptimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E14FCB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34registryclipboardCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DDAAF9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03494410 Relevance: 5.2, APIs: 4, Instructions: 169COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |