Windows
Analysis Report
https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64native
- chrome.exe (PID: 3176 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 464953824E644F10FFDC9E093FD18F94) - chrome.exe (PID: 4852 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -field-tri al-handle= 1688,16494 3969122437 97666,5406 2294036839 92866,1310 72 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2008 /pre fetch:8 MD5: 464953824E644F10FFDC9E093FD18F94) - chrome.exe (PID: 3220 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= chrome.moj om.UtilRea dIcon --fi eld-trial- handle=168 8,16494396 9122437976 66,5406229 4036839928 66,131072 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction --la ng=en-US - -service-s andbox-typ e=icon_rea der --mojo -platform- channel-ha ndle=6108 /prefetch: 8 MD5: 464953824E644F10FFDC9E093FD18F94) - chrome.exe (PID: 452 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= chrome.moj om.UtilRea dIcon --fi eld-trial- handle=168 8,16494396 9122437976 66,5406229 4036839928 66,131072 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction --la ng=en-US - -service-s andbox-typ e=icon_rea der --mojo -platform- channel-ha ndle=3884 /prefetch: 8 MD5: 464953824E644F10FFDC9E093FD18F94) - chrome.exe (PID: 608 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= chrome.moj om.UtilRea dIcon --fi eld-trial- handle=168 8,16494396 9122437976 66,5406229 4036839928 66,131072 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction --la ng=en-US - -service-s andbox-typ e=icon_rea der --mojo -platform- channel-ha ndle=3784 /prefetch: 8 MD5: 464953824E644F10FFDC9E093FD18F94) - chrome.exe (PID: 1712 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= chrome.moj om.UtilRea dIcon --fi eld-trial- handle=168 8,16494396 9122437976 66,5406229 4036839928 66,131072 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction --la ng=en-US - -service-s andbox-typ e=icon_rea der --mojo -platform- channel-ha ndle=4080 /prefetch: 8 MD5: 464953824E644F10FFDC9E093FD18F94)
- chrome.exe (PID: 7044 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://cgigr oup.blob.c ore.window s.net/cgi- protective -monitorin g-service/ tools/get- stinger.ht ml" MD5: 464953824E644F10FFDC9E093FD18F94)
- McAfeeStinger.exe (PID: 5584 cmdline:
"C:\Users\ user\Downl oads\McAfe eStinger.e xe" MD5: 288187598BA5069F4211E8253C177011) - McAfeeStinger.exe (PID: 3472 cmdline:
"C:\Users\ user\Downl oads\McAfe eStinger.e xe" --upda te MD5: 288187598BA5069F4211E8253C177011)
- cleanup
Timestamp: | 04/26/24-19:13:32.153245 |
SID: | 2018856 |
Source Port: | 443 |
Destination Port: | 61410 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Source: | Code function: | 11_2_00007FF6ACC36D60 | |
Source: | Code function: | 11_2_00007FF6ACBD9DC6 | |
Source: | Code function: | 11_2_00007FF6ACBDA278 | |
Source: | Code function: | 11_2_00007FF6ACBDC38E | |
Source: | Code function: | 11_2_00007FF6ACB8D99A | |
Source: | Code function: | 11_2_00007FF6ACBDB299 | |
Source: | Code function: | 11_2_00007FF6ACC2F480 |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 11_2_00007FF6ACC24930 |
Networking |
---|
Source: | Snort IDS: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 11_2_00007FF6ACC3A124 |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary |
---|
Source: | File download: |
Source: | Code function: | 11_2_00007FF6ACBBEB35 | |
Source: | Code function: | 11_2_00007FF6ACC1BEF0 | |
Source: | Code function: | 11_2_00007FF6ACBBF264 | |
Source: | Code function: | 11_2_00007FF6ACBBE77D | |
Source: | Code function: | 11_2_00007FF6ACC22390 |
Source: | Code function: | 11_2_00007FF6ACBBEB35 |
Source: | Code function: | 11_2_00007FF6ACC3EDD4 | |
Source: | Code function: | 11_2_00007FF6ACBB2AA0 | |
Source: | Code function: | 11_2_00007FF6ACBBAC44 | |
Source: | Code function: | 11_2_00007FF6ACC3E5F6 | |
Source: | Code function: | 11_2_00007FF6ACBE22D1 | |
Source: | Code function: | 11_2_00007FF6ACBDE39B | |
Source: | Code function: | 11_2_00007FF6ACC3A374 | |
Source: | Code function: | 11_2_00007FF6ACBD24D8 | |
Source: | Code function: | 11_2_00007FF6ACC37DA9 | |
Source: | Code function: | 11_2_00007FF6ACBA80DB | |
Source: | Code function: | 11_2_00007FF6ACC27B20 | |
Source: | Code function: | 11_2_00007FF6ACC0BA80 | |
Source: | Code function: | 11_2_00007FF6ACBB1AAA | |
Source: | Code function: | 11_2_00007FF6ACBEDBBE | |
Source: | Code function: | 11_2_00007FF6ACC198DB | |
Source: | Code function: | 11_2_00007FF6ACC078B1 | |
Source: | Code function: | 11_2_00007FF6ACBC550A | |
Source: | Code function: | 11_2_00007FF6ACC14E30 | |
Source: | Code function: | 11_2_00007FF6ACC04DA0 | |
Source: | Code function: | 11_2_00007FF6ACC18DB1 | |
Source: | Code function: | 11_2_00007FF6ACC42F20 | |
Source: | Code function: | 11_2_00007FF6ACC21000 | |
Source: | Code function: | 11_2_00007FF6ACBE8FB9 | |
Source: | Code function: | 11_2_00007FF6ACC47054 | |
Source: | Code function: | 11_2_00007FF6ACC1EA00 | |
Source: | Code function: | 11_2_00007FF6ACB82B10 | |
Source: | Code function: | 11_2_00007FF6ACC4AA73 | |
Source: | Code function: | 11_2_00007FF6ACC12D10 | |
Source: | Code function: | 11_2_00007FF6ACC18CB9 | |
Source: | Code function: | 11_2_00007FF6ACC32C50 | |
Source: | Code function: | 11_2_00007FF6ACB88630 | |
Source: | Code function: | 11_2_00007FF6ACC4A5E0 | |
Source: | Code function: | 11_2_00007FF6ACC4C655 | |
Source: | Code function: | 11_2_00007FF6ACBB0666 | |
Source: | Code function: | 11_2_00007FF6ACBF0761 | |
Source: | Code function: | 11_2_00007FF6ACBA6230 | |
Source: | Code function: | 11_2_00007FF6ACC2E310 | |
Source: | Code function: | 11_2_00007FF6ACC4C2EC | |
Source: | Code function: | 11_2_00007FF6ACC2E3E0 | |
Source: | Code function: | 11_2_00007FF6ACC224A0 | |
Source: | Code function: | 11_2_00007FF6ACBB3E26 | |
Source: | Code function: | 11_2_00007FF6ACB99D82 | |
Source: | Code function: | 11_2_00007FF6ACC41D94 | |
Source: | Code function: | 11_2_00007FF6ACBAFD37 | |
Source: | Code function: | 11_2_00007FF6ACB87D50 | |
Source: | Code function: | 11_2_00007FF6ACBB7EBB | |
Source: | Code function: | 11_2_00007FF6ACBFFFDB | |
Source: | Code function: | 11_2_00007FF6ACC4BF83 | |
Source: | Code function: | 11_2_00007FF6ACC1E0C0 | |
Source: | Code function: | 11_2_00007FF6ACB859A0 | |
Source: | Code function: | 11_2_00007FF6ACC299A3 | |
Source: | Code function: | 11_2_00007FF6ACC43B1E | |
Source: | Code function: | 11_2_00007FF6ACC3DB1E | |
Source: | Code function: | 11_2_00007FF6ACC4BC1A | |
Source: | Code function: | 11_2_00007FF6ACC13BC0 | |
Source: | Code function: | 11_2_00007FF6ACBC1BB5 | |
Source: | Code function: | 11_2_00007FF6ACB8BC80 | |
Source: | Code function: | 11_2_00007FF6ACC4DC83 | |
Source: | Code function: | 11_2_00007FF6ACBC3622 | |
Source: | Code function: | 11_2_00007FF6ACB836F0 | |
Source: | Code function: | 11_2_00007FF6ACBC17DB | |
Source: | Code function: | 11_2_00007FF6ACB83748 | |
Source: | Code function: | 11_2_00007FF6ACB81755 | |
Source: | Code function: | 11_2_00007FF6ACB9574A | |
Source: | Code function: | 11_2_00007FF6ACC4D860 | |
Source: | Code function: | 11_2_00007FF6ACC11200 | |
Source: | Code function: | 11_2_00007FF6ACC0D2D7 | |
Source: | Code function: | 11_2_00007FF6ACBA13F7 | |
Source: | Code function: | 11_2_00007FF6ACB8B3D0 | |
Source: | Code function: | 11_2_00007FF6ACBD73D7 | |
Source: | Code function: | 11_2_00007FF6ACBA93F3 | |
Source: | Code function: | 11_2_00007FF6ACC2F480 |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Classification label: |
Source: | Code function: | 11_2_00007FF6ACBB1AAA |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File written: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Window detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 11_2_00007FF6ACC19337 | |
Source: | Code function: | 11_2_00007FF6ACC192C1 | |
Source: | Code function: | 11_2_00007FF6ACC1924B |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 11_2_00007FF6ACC24930 |
Source: | Code function: | 11_2_00007FF6ACBB2AA0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 11_2_00007FF6ACC489F0 |
Source: | Code function: | 11_2_00007FF6ACBB1AAA |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 11_2_00007FF6ACC2F480 |
Source: | Code function: | 11_2_00007FF6ACC4942C |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 11_2_00007FF6ACC19E56 | |
Source: | Code function: | 11_2_00007FF6ACC198DB |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 12 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 22 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 12 Process Injection | Security Account Manager | 1 Network Service Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 14 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 172.253.122.106 | true | false | high | |
www.mcafee.com | unknown | unknown | false | high | |
downloadcenter.trellix.com | unknown | unknown | false |
| unknown |
download.nai.com | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.253.122.106 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.11.20 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432276 |
Start date and time: | 2024-04-26 19:11:02 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 23s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal52.win@37/7@6/3 |
EGA Information: |
|
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, CompPkgSrv.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.253.115.94, 172.253.122.84, 142.251.163.102, 142.251.163.113, 142.251.163.139, 142.251.163.100, 142.251.163.101, 142.251.163.138, 34.104.35.123, 52.239.247.100, 142.251.111.94, 172.253.122.94, 23.50.77.182, 184.87.58.98, 23.48.203.202, 23.48.203.210
- Excluded domains from analysis (whitelisted): www.mcafee.com.edgekey.net, accounts.google.com, e19211.a.akamaiedge.net, clientservices.googleapis.com, cgigroup.blob.core.windows.net, e2388.dscd.akamaiedge.net, e72061.dscd.akamaiedge.net, download.nai.com.edgekey.net, clients2.google.com, edgedl.me.gvt1.com, update.googleapis.com, downloadcenter.trellix.com.edgekey.net, clients.l.google.com, www.gstatic.com, blob.mnz20prdstr05a.store.core.windows.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtQueryValueKey calls found.
Process: | C:\Users\user\Downloads\McAfeeStinger.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15086 |
Entropy (8bit): | 2.6096148425883 |
Encrypted: | false |
SSDEEP: | 384:j20aGRBXXnHnnnnnnnnHE0qXHkXXG6UGe:Ha+BXXnHnnnnnnnnHE0qXHkXXG6je |
MD5: | EBB7784F41E283B042AF365DC54E9A0D |
SHA1: | 099BD47831572B8C90CACF67E20940B72C8F4FD4 |
SHA-256: | D38DB89D5E998B9F21899A985F3B1366A3610DC13213A93CF4E96620BBC64B0E |
SHA-512: | 522A147B1F67F8EB54D824573D1003FEC7A32E630E39FDAFACEED50FF64C3BFC8F6C54F43FF4CE9C68CF58AD45D3F74542E1BF65386F7D0875F71EBA9EB6978F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Downloads\McAfeeStinger.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 484 |
Entropy (8bit): | 4.971142487590111 |
Encrypted: | false |
SSDEEP: | 12:ZFMHdtFwAaAlFoQ53SNK+bJmgVNsJ0Ctt/6:udtFwUgoiNK+bIgMywt/6 |
MD5: | 90FEB8EDF41C48A02D0320766AFE6A4B |
SHA1: | 2D1616FA27FB8B48521F7F362509B97741E2439A |
SHA-256: | 70C7A70EEDD5B93E686AA0BC81BBA03D2E35228FF05BCDB3CC1EB3756E569B5C |
SHA-512: | F8553076CB490454A2E04E8AA467840B8AC345FA1D594144DBB005C4891EE555E6AE425600E97E493890621DDBE569701D2BF16C89DF4D3564AC02BC3609C06B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Downloads\McAfeeStinger.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 484 |
Entropy (8bit): | 4.971142487590111 |
Encrypted: | false |
SSDEEP: | 12:ZFMHdtFwAaAlFoQ53SNK+bJmgVNsJ0Ctt/6:udtFwUgoiNK+bIgMywt/6 |
MD5: | 90FEB8EDF41C48A02D0320766AFE6A4B |
SHA1: | 2D1616FA27FB8B48521F7F362509B97741E2439A |
SHA-256: | 70C7A70EEDD5B93E686AA0BC81BBA03D2E35228FF05BCDB3CC1EB3756E569B5C |
SHA-512: | F8553076CB490454A2E04E8AA467840B8AC345FA1D594144DBB005C4891EE555E6AE425600E97E493890621DDBE569701D2BF16C89DF4D3564AC02BC3609C06B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Downloads\McAfeeStinger.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3894 |
Entropy (8bit): | 5.145549365556472 |
Encrypted: | false |
SSDEEP: | 96:OOAVq7VdFNAxS91S0UZMSUzZVwJ3mcT9Xb:aERmm1FQczZSYuNb |
MD5: | AAB02FE1701F2564CE0C6E833F8CCD7F |
SHA1: | 3C715A61241567AD852095CA391AB44190E0CCAC |
SHA-256: | A5FFCB077CD35B78C8695A98A6F7362B0D5587E76CDC836A9828A3A9813DD3E5 |
SHA-512: | E8ADB4968E8048BD4DC96F3C744A7186F11E99250DD1EFB93501B6D3D7FB044CAD8AF5D6E6F962BAF384C9D2CEF827DA5D3D51176AC10D535B231E82B8E3CBB3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1406464 |
Entropy (8bit): | 6.04270904996347 |
Encrypted: | false |
SSDEEP: | 24576:F3gVPDISuVwVlWo9R6msK1snHwK8A7USlQn6524O5hG:F3MPMSuVwVwIUdrQKb7USgGu |
MD5: | 288187598BA5069F4211E8253C177011 |
SHA1: | 727638AC8B242C79501BCA1DCD88BC4B3DF0B544 |
SHA-256: | 352E0DD5F80E03C0C5641F8E06C7D90611F74D420B0C4B9B2E289B363D176874 |
SHA-512: | B4EFD6E6E11929ABEF05178A78641F7969E95380F6E39C02E0274344BF3A0EDB1FB12DC87769BC7000AA026CDC2B0699818F0C483514BC45758799BE7C1A8772 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1406464 |
Entropy (8bit): | 6.04270904996347 |
Encrypted: | false |
SSDEEP: | 24576:F3gVPDISuVwVlWo9R6msK1snHwK8A7USlQn6524O5hG:F3MPMSuVwVwIUdrQKb7USgGu |
MD5: | 288187598BA5069F4211E8253C177011 |
SHA1: | 727638AC8B242C79501BCA1DCD88BC4B3DF0B544 |
SHA-256: | 352E0DD5F80E03C0C5641F8E06C7D90611F74D420B0C4B9B2E289B363D176874 |
SHA-512: | B4EFD6E6E11929ABEF05178A78641F7969E95380F6E39C02E0274344BF3A0EDB1FB12DC87769BC7000AA026CDC2B0699818F0C483514BC45758799BE7C1A8772 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1406464 |
Entropy (8bit): | 6.04270904996347 |
Encrypted: | false |
SSDEEP: | 24576:F3gVPDISuVwVlWo9R6msK1snHwK8A7USlQn6524O5hG:F3MPMSuVwVwIUdrQKb7USgGu |
MD5: | 288187598BA5069F4211E8253C177011 |
SHA1: | 727638AC8B242C79501BCA1DCD88BC4B3DF0B544 |
SHA-256: | 352E0DD5F80E03C0C5641F8E06C7D90611F74D420B0C4B9B2E289B363D176874 |
SHA-512: | B4EFD6E6E11929ABEF05178A78641F7969E95380F6E39C02E0274344BF3A0EDB1FB12DC87769BC7000AA026CDC2B0699818F0C483514BC45758799BE7C1A8772 |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/26/24-19:13:32.153245 | TCP | 2018856 | ET TROJAN Windows executable base64 encoded | 443 | 61410 | 52.239.247.100 | 192.168.11.20 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 19:12:56.319217920 CEST | 49677 | 80 | 192.168.11.20 | 23.221.227.46 |
Apr 26, 2024 19:12:56.319219112 CEST | 49676 | 80 | 192.168.11.20 | 23.221.227.46 |
Apr 26, 2024 19:12:56.319219112 CEST | 49675 | 80 | 192.168.11.20 | 23.221.227.46 |
Apr 26, 2024 19:13:05.924432993 CEST | 49675 | 80 | 192.168.11.20 | 23.221.227.46 |
Apr 26, 2024 19:13:05.924432993 CEST | 49677 | 80 | 192.168.11.20 | 23.221.227.46 |
Apr 26, 2024 19:13:05.924449921 CEST | 49676 | 80 | 192.168.11.20 | 23.221.227.46 |
Apr 26, 2024 19:13:09.425679922 CEST | 55989 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.425736904 CEST | 443 | 55989 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.425841093 CEST | 56351 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.425889015 CEST | 443 | 56351 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.425911903 CEST | 55989 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.426039934 CEST | 56351 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.426094055 CEST | 55989 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.426120043 CEST | 443 | 55989 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.426136017 CEST | 56351 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.426151037 CEST | 443 | 56351 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.720840931 CEST | 443 | 56351 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.721194983 CEST | 56351 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.721251965 CEST | 443 | 56351 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.724348068 CEST | 443 | 56351 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.724627018 CEST | 56351 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.725682020 CEST | 56351 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.725925922 CEST | 443 | 56351 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.729640961 CEST | 443 | 55989 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.729990005 CEST | 55989 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.730015993 CEST | 443 | 55989 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.732497931 CEST | 443 | 55989 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.732721090 CEST | 55989 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.733699083 CEST | 55989 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.734034061 CEST | 443 | 55989 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.776866913 CEST | 55989 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.776866913 CEST | 56351 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.776895046 CEST | 443 | 55989 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.776906967 CEST | 443 | 56351 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:09.823765993 CEST | 55989 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:09.823766947 CEST | 56351 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:19.696911097 CEST | 443 | 56351 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:19.697017908 CEST | 443 | 56351 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:19.697192907 CEST | 56351 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:19.723443985 CEST | 443 | 55989 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:19.723506927 CEST | 443 | 55989 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:19.723661900 CEST | 55989 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:20.856833935 CEST | 55989 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:20.856833935 CEST | 56351 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:13:20.856853008 CEST | 443 | 55989 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:13:20.856857061 CEST | 443 | 56351 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:09.380182981 CEST | 58042 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:09.380203009 CEST | 443 | 58042 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:09.380376101 CEST | 61204 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:09.380376101 CEST | 58042 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:09.380383968 CEST | 443 | 61204 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:09.380572081 CEST | 61204 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:09.380670071 CEST | 58042 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:09.380676985 CEST | 443 | 58042 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:09.380723000 CEST | 61204 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:09.380726099 CEST | 443 | 61204 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:09.648981094 CEST | 443 | 61204 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:09.649332047 CEST | 61204 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:09.649341106 CEST | 443 | 61204 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:09.649709940 CEST | 443 | 61204 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:09.650103092 CEST | 61204 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:09.650206089 CEST | 443 | 61204 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:09.665780067 CEST | 443 | 58042 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:09.666129112 CEST | 58042 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:09.666136980 CEST | 443 | 58042 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:09.666547060 CEST | 443 | 58042 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:09.666939020 CEST | 58042 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:09.667037964 CEST | 443 | 58042 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:09.691811085 CEST | 61204 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:09.707437992 CEST | 58042 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:19.651562929 CEST | 443 | 61204 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:19.651648045 CEST | 443 | 61204 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:19.651781082 CEST | 61204 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:19.694477081 CEST | 443 | 58042 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:19.694533110 CEST | 443 | 58042 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:19.694668055 CEST | 58042 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:22.156572104 CEST | 58042 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:22.156586885 CEST | 443 | 58042 | 172.253.122.106 | 192.168.11.20 |
Apr 26, 2024 19:14:22.156621933 CEST | 61204 | 443 | 192.168.11.20 | 172.253.122.106 |
Apr 26, 2024 19:14:22.156630039 CEST | 443 | 61204 | 172.253.122.106 | 192.168.11.20 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 19:13:04.758086920 CEST | 58553 | 1900 | 192.168.11.20 | 239.255.255.250 |
Apr 26, 2024 19:13:05.769562960 CEST | 58553 | 1900 | 192.168.11.20 | 239.255.255.250 |
Apr 26, 2024 19:13:06.769603014 CEST | 58553 | 1900 | 192.168.11.20 | 239.255.255.250 |
Apr 26, 2024 19:13:07.779503107 CEST | 58553 | 1900 | 192.168.11.20 | 239.255.255.250 |
Apr 26, 2024 19:13:09.324703932 CEST | 49588 | 53 | 192.168.11.20 | 1.1.1.1 |
Apr 26, 2024 19:13:09.424624920 CEST | 53 | 49588 | 1.1.1.1 | 192.168.11.20 |
Apr 26, 2024 19:13:31.341454029 CEST | 53277 | 53 | 192.168.11.20 | 1.1.1.1 |
Apr 26, 2024 19:13:31.441395044 CEST | 53 | 53277 | 1.1.1.1 | 192.168.11.20 |
Apr 26, 2024 19:13:47.198474884 CEST | 63207 | 53 | 192.168.11.20 | 1.1.1.1 |
Apr 26, 2024 19:13:47.298721075 CEST | 53 | 63207 | 1.1.1.1 | 192.168.11.20 |
Apr 26, 2024 19:14:23.698230982 CEST | 62282 | 53 | 192.168.11.20 | 1.1.1.1 |
Apr 26, 2024 19:14:24.528075933 CEST | 56066 | 53 | 192.168.11.20 | 1.1.1.1 |
Apr 26, 2024 19:14:24.755023956 CEST | 138 | 138 | 192.168.11.20 | 192.168.11.255 |
Apr 26, 2024 19:14:25.964354992 CEST | 59315 | 53 | 192.168.11.20 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 19:13:09.324703932 CEST | 192.168.11.20 | 1.1.1.1 | 0x9e28 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 19:13:31.341454029 CEST | 192.168.11.20 | 1.1.1.1 | 0xcff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 19:13:47.198474884 CEST | 192.168.11.20 | 1.1.1.1 | 0xdf9a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 19:14:23.698230982 CEST | 192.168.11.20 | 1.1.1.1 | 0x852e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 19:14:24.528075933 CEST | 192.168.11.20 | 1.1.1.1 | 0x378b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 19:14:25.964354992 CEST | 192.168.11.20 | 1.1.1.1 | 0x1419 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 19:13:09.424624920 CEST | 1.1.1.1 | 192.168.11.20 | 0x9e28 | No error (0) | 172.253.122.106 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:09.424624920 CEST | 1.1.1.1 | 192.168.11.20 | 0x9e28 | No error (0) | 172.253.122.103 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:09.424624920 CEST | 1.1.1.1 | 192.168.11.20 | 0x9e28 | No error (0) | 172.253.122.104 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:09.424624920 CEST | 1.1.1.1 | 192.168.11.20 | 0x9e28 | No error (0) | 172.253.122.105 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:09.424624920 CEST | 1.1.1.1 | 192.168.11.20 | 0x9e28 | No error (0) | 172.253.122.147 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:09.424624920 CEST | 1.1.1.1 | 192.168.11.20 | 0x9e28 | No error (0) | 172.253.122.99 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:31.441395044 CEST | 1.1.1.1 | 192.168.11.20 | 0xcff | No error (0) | 142.251.111.105 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:31.441395044 CEST | 1.1.1.1 | 192.168.11.20 | 0xcff | No error (0) | 142.251.111.147 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:31.441395044 CEST | 1.1.1.1 | 192.168.11.20 | 0xcff | No error (0) | 142.251.111.106 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:31.441395044 CEST | 1.1.1.1 | 192.168.11.20 | 0xcff | No error (0) | 142.251.111.99 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:31.441395044 CEST | 1.1.1.1 | 192.168.11.20 | 0xcff | No error (0) | 142.251.111.103 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:31.441395044 CEST | 1.1.1.1 | 192.168.11.20 | 0xcff | No error (0) | 142.251.111.104 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:47.298721075 CEST | 1.1.1.1 | 192.168.11.20 | 0xdf9a | No error (0) | 172.253.115.103 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:47.298721075 CEST | 1.1.1.1 | 192.168.11.20 | 0xdf9a | No error (0) | 172.253.115.147 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:47.298721075 CEST | 1.1.1.1 | 192.168.11.20 | 0xdf9a | No error (0) | 172.253.115.104 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:47.298721075 CEST | 1.1.1.1 | 192.168.11.20 | 0xdf9a | No error (0) | 172.253.115.106 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:47.298721075 CEST | 1.1.1.1 | 192.168.11.20 | 0xdf9a | No error (0) | 172.253.115.105 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:13:47.298721075 CEST | 1.1.1.1 | 192.168.11.20 | 0xdf9a | No error (0) | 172.253.115.99 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:14:23.801891088 CEST | 1.1.1.1 | 192.168.11.20 | 0x852e | No error (0) | www-mcafeee-r53.awsconsumer.mcafee.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 19:14:23.801891088 CEST | 1.1.1.1 | 192.168.11.20 | 0x852e | No error (0) | www.mcafee.com.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 19:14:24.644062996 CEST | 1.1.1.1 | 192.168.11.20 | 0x378b | No error (0) | download.nai.com.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 19:14:26.082303047 CEST | 1.1.1.1 | 192.168.11.20 | 0x1419 | No error (0) | downloadcenter.trellix.com.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 19:13:02 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b8080000 |
File size: | 2'509'656 bytes |
MD5 hash: | 464953824E644F10FFDC9E093FD18F94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 19:13:03 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b8080000 |
File size: | 2'509'656 bytes |
MD5 hash: | 464953824E644F10FFDC9E093FD18F94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 19:13:05 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b8080000 |
File size: | 2'509'656 bytes |
MD5 hash: | 464953824E644F10FFDC9E093FD18F94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 5 |
Start time: | 19:13:32 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b8080000 |
File size: | 2'509'656 bytes |
MD5 hash: | 464953824E644F10FFDC9E093FD18F94 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 19:13:32 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b8080000 |
File size: | 2'509'656 bytes |
MD5 hash: | 464953824E644F10FFDC9E093FD18F94 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 8 |
Start time: | 19:13:37 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b8080000 |
File size: | 2'509'656 bytes |
MD5 hash: | 464953824E644F10FFDC9E093FD18F94 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 9 |
Start time: | 19:13:37 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b8080000 |
File size: | 2'509'656 bytes |
MD5 hash: | 464953824E644F10FFDC9E093FD18F94 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 11 |
Start time: | 19:14:22 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Downloads\McAfeeStinger.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6acb80000 |
File size: | 1'406'464 bytes |
MD5 hash: | 288187598BA5069F4211E8253C177011 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 12 |
Start time: | 19:14:23 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Downloads\McAfeeStinger.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6acb80000 |
File size: | 1'406'464 bytes |
MD5 hash: | 288187598BA5069F4211E8253C177011 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 5.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 17.7% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 189 |
Graph
Function 00007FF6ACBDE39B Relevance: 120.9, APIs: 70, Strings: 9, Instructions: 2363COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC27B20 Relevance: 72.4, APIs: 33, Strings: 7, Instructions: 2393COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBB1AAA Relevance: 49.9, APIs: 17, Strings: 11, Instructions: 859windowthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBE22D1 Relevance: 41.4, APIs: 18, Strings: 8, Instructions: 2363COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBBAC44 Relevance: 37.3, APIs: 13, Strings: 11, Instructions: 1330COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBB2AA0 Relevance: 31.0, APIs: 9, Strings: 10, Instructions: 2533COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC198DB Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 316networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBD24D8 Relevance: 12.8, APIs: 3, Strings: 4, Instructions: 2279COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBEDBBE Relevance: 9.6, APIs: 3, Strings: 3, Instructions: 634COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC0BA80 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 545COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBBF264 Relevance: 9.1, APIs: 6, Instructions: 102filenativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBA80DB Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 258networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC078B1 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 727registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC3A124 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC3A374 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 310networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBBEB35 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 307filenativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC1BEF0 Relevance: 4.6, APIs: 3, Instructions: 66filenativesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBD9DC6 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 183windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBF5CF4 Relevance: 58.5, APIs: 30, Strings: 3, Instructions: 710COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBDA72C Relevance: 40.8, APIs: 17, Strings: 6, Instructions: 597encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBF5D06 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 285encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4649 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 165libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4616 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 164libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC46FE Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4705 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC46FA Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4713 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC470C Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4721 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC471A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC472F Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4728 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4677 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC477C Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4744 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4736 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC473D Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4752 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC474B Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4760 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4759 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC476E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4775 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4767 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 163libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC467B Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 162libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBDE522 Relevance: 22.9, APIs: 14, Strings: 1, Instructions: 387COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBDE532 Relevance: 22.9, APIs: 14, Strings: 1, Instructions: 386COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBF70F2 Relevance: 20.2, APIs: 9, Strings: 4, Instructions: 742COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBD081C Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 194COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC0DDCD Relevance: 12.9, APIs: 4, Strings: 4, Instructions: 949COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC0F4F2 Relevance: 12.8, APIs: 4, Strings: 3, Instructions: 567COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBA5182 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 181networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4404 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBEE7A7 Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 349COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACB818CF Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 311COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBF0232 Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 184COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC4CA70 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 326COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC1B240 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 101networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC4DEB Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 237COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBBAAAD Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 115COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC30380 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC27290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBEE818 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 74COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBEF3A3 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 225COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC174C4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 121COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBAEC0F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBEEE26 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 165COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC32A60 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBF0761 Relevance: 143.1, APIs: 74, Strings: 7, Instructions: 1307COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC2E310 Relevance: 26.8, APIs: 14, Strings: 1, Instructions: 528COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC224A0 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 425COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBE8FB9 Relevance: 17.9, APIs: 2, Strings: 9, Instructions: 1398COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC04DA0 Relevance: 14.7, APIs: 4, Strings: 5, Instructions: 1239COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC32C50 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 162COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBB0666 Relevance: 8.0, APIs: 4, Strings: 1, Instructions: 469COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBA6230 Relevance: 7.9, APIs: 3, Strings: 2, Instructions: 390COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC4A5E0 Relevance: 4.8, APIs: 2, Strings: 1, Instructions: 273COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC22390 Relevance: 4.6, APIs: 3, Instructions: 67filenativesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBDA278 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBBE77D Relevance: 3.1, APIs: 2, Instructions: 55filenativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACB82B10 Relevance: .6, Instructions: 553COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC1EA00 Relevance: .2, Instructions: 233COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC21000 Relevance: .2, Instructions: 208COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC12D10 Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC18DB1 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC18CB9 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC2E9E0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 280COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC0C4C3 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 208encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC4507D Relevance: 10.8, APIs: 2, Strings: 5, Instructions: 313COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC32230 Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 209COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC22BB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC32A80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBDCDAA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBAE2DD Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 311COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBF0843 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 253COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC20850 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 281windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC26E90 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 217COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC384D1 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC1B050 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC1ACF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 63libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBEA282 Relevance: 7.9, APIs: 4, Strings: 1, Instructions: 374COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBEA540 Relevance: 7.8, APIs: 4, Strings: 1, Instructions: 331COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBBE1EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC266E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 131COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC269C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 130COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBC2ECD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC1AC80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC1CCD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC42944 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 199COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBF2355 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 133COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACC02648 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 129COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6ACBAEAAE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |