Windows Analysis Report YdACOWCggQ.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: NanoCore |
---|
{"Version": "1.2.2.0", "Mutex": "c213d282-998c-4a04-8f80-944681ca", "Group": "nano stub", "Domain1": "ezeani.duckdns.org", "Domain2": "194.5.98.48", "Port": 8338, "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Click to see the 54 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Click to see the 65 entries |
Sigma Overview |
---|
AV Detection: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
E-Banking Fraud: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
System Summary: |
---|
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments | Show sources |
Source: | Author: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth, Christian Burkard: |
Sigma detected: Possible Applocker Bypass | Show sources |
Source: | Author: juju4: |
Stealing of Sensitive Information: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Remote Access Functionality: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for dropped file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0019A2DF | |
Source: | Code function: | 0_2_001AAFB9 | |
Source: | Code function: | 0_2_001B9FD3 | |
Source: | Code function: | 8_2_0086399B | |
Source: | Code function: | 8_2_0087BCB3 | |
Source: | Code function: | 8_2_00882408 | |
Source: | Code function: | 8_2_0087280D | |
Source: | Code function: | 8_2_008A8877 | |
Source: | Code function: | 8_2_0088CAE7 | |
Source: | Code function: | 8_2_00861A73 | |
Source: | Code function: | 8_2_0088DE7C | |
Source: | Code function: | 8_2_0087BF17 |
Networking: |
---|
Uses dynamic DNS services | Show sources |
Source: | DNS query: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | IP Address: |
Source: | TCP traffic: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | Code function: | 8_2_00872285 |
Source: | Code function: | 8_2_008742E1 |
Source: | Code function: | 8_2_0088A0FC |
Source: | Code function: | 8_2_0089D8E9 |
Source: | Binary or memory string: |
Source: | Code function: | 8_2_008AC7D6 |
E-Banking Fraud: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_001A626D | |
Source: | Code function: | 0_2_001983C0 | |
Source: | Code function: | 0_2_001BC0B0 | |
Source: | Code function: | 0_2_001930FC | |
Source: | Code function: | 0_2_001B0113 | |
Source: | Code function: | 0_2_001A33D3 | |
Source: | Code function: | 0_2_001AF3CA | |
Source: | Code function: | 0_2_0019E510 | |
Source: | Code function: | 0_2_001BC55E | |
Source: | Code function: | 0_2_001B0548 | |
Source: | Code function: | 0_2_0019F5C5 | |
Source: | Code function: | 0_2_001C0654 | |
Source: | Code function: | 0_2_001A364E | |
Source: | Code function: | 0_2_00192692 | |
Source: | Code function: | 0_2_001A66A2 | |
Source: | Code function: | 0_2_001A589E | |
Source: | Code function: | 0_2_001AF8C6 | |
Source: | Code function: | 0_2_001A397F | |
Source: | Code function: | 0_2_0019E973 | |
Source: | Code function: | 0_2_0019DADD | |
Source: | Code function: | 0_2_0019BAD1 | |
Source: | Code function: | 0_2_001B3CBA | |
Source: | Code function: | 0_2_001A6CDB | |
Source: | Code function: | 0_2_001AFCDE | |
Source: | Code function: | 0_2_00195D7E | |
Source: | Code function: | 0_2_00193EAD | |
Source: | Code function: | 0_2_001B3EE9 | |
Source: | Code function: | 0_2_0019DF12 | |
Source: | Code function: | 8_2_008335F0 | |
Source: | Code function: | 8_2_008398F0 | |
Source: | Code function: | 8_2_00842136 | |
Source: | Code function: | 8_2_0084A137 | |
Source: | Code function: | 8_2_0085427D | |
Source: | Code function: | 8_2_0087F3A6 | |
Source: | Code function: | 8_2_008398F0 | |
Source: | Code function: | 8_2_00842508 | |
Source: | Code function: | 8_2_0087655F | |
Source: | Code function: | 8_2_00843721 | |
Source: | Code function: | 8_2_0083F730 | |
Source: | Code function: | 8_2_0085088F | |
Source: | Code function: | 8_2_0084C8CE | |
Source: | Code function: | 8_2_008428F0 | |
Source: | Code function: | 8_2_00841903 | |
Source: | Code function: | 8_2_0087EAD5 | |
Source: | Code function: | 8_2_008AEA2B | |
Source: | Code function: | 8_2_00853BA1 | |
Source: | Code function: | 8_2_00841D98 | |
Source: | Code function: | 8_2_00850DE0 | |
Source: | Code function: | 8_2_00872D2D | |
Source: | Code function: | 8_2_0087CE8D | |
Source: | Code function: | 8_2_00874EB7 | |
Source: | Code function: | 8_2_00851F2C | |
Source: | Code function: | 14_2_036AE471 | |
Source: | Code function: | 14_2_036AE480 | |
Source: | Code function: | 14_2_036ABBD4 |
Source: | Code function: | 8_2_00876219 |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Dropped File: | ||
Source: | Dropped File: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 8_2_008633A3 |
Source: | Code function: | 0_2_00196FC6 |
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_00196D06 |
Source: | Code function: | 0_2_001A963A |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 8_2_008633A3 | |
Source: | Code function: | 8_2_00894AEB |
Source: | File created: | Jump to behavior |
Source: | Code function: | 8_2_0089E0F6 |
Source: | Code function: | 8_2_0088D606 |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 8_2_00863EC5 |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Command line argument: | 0_2_001ACBB8 | |
Source: | Command line argument: | 0_2_001ACBB8 | |
Source: | Command line argument: | 0_2_001ACBB8 |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_001AE349 | |
Source: | Code function: | 0_2_001AD88E | |
Source: | Code function: | 8_2_0085D541 | |
Source: | Code function: | 8_2_00846BE8 | |
Source: | Code function: | 14_2_036A9EBE |
Source: | Code function: | 8_2_0083EE30 |
Source: | File created: | Jump to behavior |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Persistence and Installation Behavior: |
---|
Drops PE files with a suspicious file extension | Show sources |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules | Show sources |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Code function: | 8_2_008AA2EA | |
Source: | Code function: | 8_2_008643FF |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM autoit script | Show sources |
Source: | File source: |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_001AD353 |
Source: | Code function: | 0_2_0019A2DF | |
Source: | Code function: | 0_2_001AAFB9 | |
Source: | Code function: | 0_2_001B9FD3 | |
Source: | Code function: | 8_2_0086399B | |
Source: | Code function: | 8_2_0087BCB3 | |
Source: | Code function: | 8_2_00882408 | |
Source: | Code function: | 8_2_0087280D | |
Source: | Code function: | 8_2_008A8877 | |
Source: | Code function: | 8_2_0088CAE7 | |
Source: | Code function: | 8_2_00861A73 | |
Source: | Code function: | 8_2_0088DE7C | |
Source: | Code function: | 8_2_0087BF17 |
Source: | Code function: | 8_2_0083EE30 |
Source: | Code function: | 0_2_001B6AF3 |
Source: | Code function: | 0_2_001AE4F5 |
Source: | Code function: | 0_2_001BACA1 |
Source: | Code function: | 8_2_0088A35D |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_001AE643 | |
Source: | Code function: | 0_2_001AE4F5 | |
Source: | Code function: | 0_2_001AE7FB | |
Source: | Code function: | 0_2_001B7BE1 | |
Source: | Code function: | 8_2_0084F170 | |
Source: | Code function: | 8_2_0084A128 | |
Source: | Code function: | 8_2_00847CCD |
HIPS / PFW / Operating System Protection Evasion: |
---|
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior |
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 8_2_008643FF |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 8_2_00866C61 |
Source: | Code function: | 8_2_0083D7A0 |
Source: | Code function: | 8_2_00863321 |
Source: | Code function: | 8_2_0087602A |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_001A9D99 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_001AE34B |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_001ACBB8 |
Source: | Code function: | 8_2_0084E284 |
Source: | Code function: | 8_2_008A2BF9 |
Source: | Code function: | 0_2_0019A995 |
Stealing of Sensitive Information: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Remote Access Functionality: |
---|
Detected Nanocore Rat | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 8_2_0089C06C | |
Source: | Code function: | 8_2_008A65D3 | |
Source: | Code function: | 8_2_00894EFB |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts2 | Native API1 | DLL Side-Loading1 | Exploitation for Privilege Escalation1 | Disable or Modify Tools11 | Input Capture31 | System Time Discovery2 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Command and Scripting Interpreter2 | Valid Accounts2 | DLL Side-Loading1 | Deobfuscate/Decode Files or Information11 | LSASS Memory | Account Discovery1 | Remote Desktop Protocol | Input Capture31 | Exfiltration Over Bluetooth | Encrypted Channel1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Scheduled Task/Job1 | Scheduled Task/Job1 | Valid Accounts2 | Obfuscated Files or Information2 | Security Account Manager | File and Directory Discovery2 | SMB/Windows Admin Shares | Clipboard Data2 | Automated Exfiltration | Non-Standard Port1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Access Token Manipulation21 | Software Packing12 | NTDS | System Information Discovery36 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Remote Access Software1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Process Injection312 | DLL Side-Loading1 | LSA Secrets | Query Registry1 | SSH | Keylogging | Data Transfer Size Limits | Non-Application Layer Protocol1 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Scheduled Task/Job1 | Masquerading11 | Cached Domain Credentials | Security Software Discovery121 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Application Layer Protocol21 | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Valid Accounts2 | DCSync | Virtualization/Sandbox Evasion31 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Virtualization/Sandbox Evasion31 | Proc Filesystem | Process Discovery3 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Access Token Manipulation21 | /etc/passwd and /etc/shadow | Application Window Discovery11 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Process Injection312 | Network Sniffing | System Owner/User Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Hidden Files and Directories1 | Input Capture | Permission Groups Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
35% | Virustotal | Browse |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
27% | Virustotal | Browse | ||
32% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/NanoCore.fadte | Download File | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ezeani.duckdns.org | 194.5.98.48 | true | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 501907 |
Start date: | 13.10.2021 |
Start time: | 11:58:25 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 14m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | YdACOWCggQ.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 34 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@10/36@23/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
11:59:55 | Autostart | |
12:00:00 | Task Scheduler | |
12:00:00 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
194.5.98.48 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ezeani.duckdns.org | Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DANILENKODE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\RegSvcs.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
C:\Users\user\33920049\mmuiqlcvwo.pif | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 5.6047097806645825 |
Encrypted: | false |
SSDEEP: | 12:o9RRQXCGiB+IGihOZEkUYz8laDkucQq1wA3RT8jTW:oPRuCh8OEZEdwkucZ1w2T8jS |
MD5: | 3A48081CF7D4D709399A376B3A8AADF2 |
SHA1: | E0D7DDAA464FC3565D92DF4ECC7BD30286D519CA |
SHA-256: | 7EBB903522348C2326DFFBC66B5D20C8E7C120C4D7CEE15640CAE5187C5741C0 |
SHA-512: | 4B0077AD1E29FC4C7703B7525167ABB1A80E409D7E4685EA977689B3DE12CF5CFA02BB843D62E1EA391F18FF4C609D66262116E01B52C59616E3A266F0E40726 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 416786 |
Entropy (8bit): | 4.0000117868606 |
Encrypted: | false |
SSDEEP: | 6144:vq8GcfPnL6mYkonW8inBO9SEmDafe/kgtwIf:vecfPemYZWJs9NmDaW8gmG |
MD5: | 1E44C5E2D839F53AC114916DFA41912B |
SHA1: | 9B67ABC94E2959683B5D784C8B076D6171AF7237 |
SHA-256: | 0FB93824D410F1E4BA2B233F405027D042EDF2E729FA34A41BE910B50ED99416 |
SHA-512: | 14895D2F67585415D7D25807BBA20F6AA8C142E8DD3483ED8E10F4280820CD0849EE828E3134BEAF4A90FB8E41C9C524DF01547330DFD3928470B3EEB95946A1 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 605 |
Entropy (8bit): | 5.421101092464615 |
Encrypted: | false |
SSDEEP: | 12:/wP7JBvQ76cFT1DeNWO+9EjcJujbW/e8Rz9ZoPgIA6+1mpkfwLD:/gJBQzF0NWlvmEeYBmgI7+1qLD |
MD5: | AE35EB6B3B57EEB5BED5821AA2E6D92D |
SHA1: | 9D8C94DEF5AE1D05D727E19EFF0A55917094DD67 |
SHA-256: | 565B05521D79388A417C7210739CFC5EB4F8E41E50D0D76D6710FE7533FF4B98 |
SHA-512: | 7A1F352907FA7D9BA4B414331EF15B9CDE5949744CA7BB47EF5AE68D03391512E80308DF06B82B4FF54746C3A06EF9A2E590CE7331BC9107EB66CE257F73FB63 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 510 |
Entropy (8bit): | 5.395393519734533 |
Encrypted: | false |
SSDEEP: | 12:gIhpZX8zRyjfRafC1Pmu/r6V7w5TSKocSZVjjkrK+zlEVBIy:gIhpV89ESeFp2xVjAG+zl0BF |
MD5: | 152ACD87F50B620928B85D1F6EA00588 |
SHA1: | 5A704ED20090C635BC28A71A343FFF741F482D06 |
SHA-256: | B8F8B30B8BFDFE6E4EBA9D663264F8DE1FEC9A94B1530E0DC13001953324DDEE |
SHA-512: | CB312CF46E681121EF1B75F723405FC5A0C243AD44E027F115DDF578E8B639B080127FA133FE69D3367983CEA1677879276F3BABD89B5DD904F5528545E4C6E2 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 628 |
Entropy (8bit): | 5.539990812470243 |
Encrypted: | false |
SSDEEP: | 12:WEMHRgaG7Oq6Rypby91dT2XV8vyy9SqSOQn9KtzFwTPSMJw7PYV7xy:DMx1G7SRyRE1dSFtyYZiGTPSMq7PK1y |
MD5: | 7F801B2F630068DE6D4B7F9358261246 |
SHA1: | 9F1FA78880CC820B11BF4F50FAF02B47E717F0B8 |
SHA-256: | 2BDC81B1E28470666DB0FB6E23AA590C4B9CA2E251170DEB506FAD164B8ADD4A |
SHA-512: | 5C0CAD366569BD1B221ADD033A111A2A5B17A117CB199BA3DBCDE4BFD6F2038815E8EFED40FADCA9D805A63CEC0CC8BD12CF6F50C1BD57F9AFC991E5F25AEAA5 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 574 |
Entropy (8bit): | 5.3882957771470705 |
Encrypted: | false |
SSDEEP: | 12:IynViaAcFBLGDlBRqNZJC2Q/nrsAF6eCyh3kOIiEuP8G:WcfMYw2OrMd+3kOpEPG |
MD5: | 9F6E0D61C826AC091CD857D118713477 |
SHA1: | 327C7FD7ED8AA08C09C104FFC7BA15894C25424A |
SHA-256: | 44269193851D3CEA2ABBADCD4DF83DEF02397189A74E239D0719D9D2F69BA8FC |
SHA-512: | 63038CB3D42BA8A0C20957F2D67719217FE00A6A85EDB18C837F4779160AE65B32F3D7BEA9814CCD02CB90CF92B8027C20D2524647C66CC36B31B9FC45C98D1B |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 565 |
Entropy (8bit): | 5.568775268532097 |
Encrypted: | false |
SSDEEP: | 12:puQF5w4r+LqEcY2/ioIPKtpzzFgOv+7rg0/ScUocADn2:wQ3rrDwoIymO2YrcyAa |
MD5: | A36CB4828F8264BF744ABAA2F8842B53 |
SHA1: | 1E0B2BF80891B29BD078129A90364B14ED95EE57 |
SHA-256: | 1F7F52165714243C75171CCDA40E5E0C66F8B6EEE59C2F224B9C5033A7D32FE0 |
SHA-512: | 4032EA58CFB0B2A1B333D306A43AF6F1BE6FF8342F09F22AFC6072F601C903174D8CBA893C71984AC7814548B27C6B3CC4FFF5C046408E96C96397CD4003B057 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 593 |
Entropy (8bit): | 5.516485008605424 |
Encrypted: | false |
SSDEEP: | 12:Xo6hrLh4fvDosoUkZajbPcdHcOgRsSHesaKEQWSTdoT6rQpWvn:X5rL6/oEbPcFcOgG6esafShz6Wvn |
MD5: | 4050A7160604551C4CB625F60086536C |
SHA1: | 4110CAFA390AE23E74DC5B110CE98F0C3B342CF2 |
SHA-256: | 8AE0F3572F5B03EFA9C93C88E62F61DF4C59341817BD5E883E7B0D48A82B2346 |
SHA-512: | 75335BDE6AE3B4D4DA060FB425E02965B62CB6DCBB52EEA6F52CC071AFA8ADBD0176687230123F850FB6D097ED36357ED283C2707ED15006E5719AA24CD5883B |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 570 |
Entropy (8bit): | 5.5477291315599615 |
Encrypted: | false |
SSDEEP: | 12:/kIF2BqahGlKUEq4YCQeFq20TD6QlfkL8GCuKLB6wWem+HixRnoQ84qsK84:sIlEdltFb93L8Gwqe/0oHP84 |
MD5: | B8B1C71088CA6B30B3029554CE05CEF8 |
SHA1: | 67D1C180AA7C8B079819F9013828827947456D29 |
SHA-256: | A5FC7DBE940C698DE68E900516AE4EA33BC7B7AB2435C0D5B74E9E474A58A09E |
SHA-512: | C262AC053268459F8800BF3F7BD219E0C0DFA063D12D1EF96D563EE60F337C99AA0FC69496A535975A0B682AA732C0C1741D2748D4ED783E2C2E0D0ECA65D01F |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 545 |
Entropy (8bit): | 5.527751285637128 |
Encrypted: | false |
SSDEEP: | 12:enqYhOyfzX8x2nPPegEhlSDu30ExDkHHiD/Gn0:uqYhpfAxSGhlSy30ExKH6O0 |
MD5: | A7864C4D1F211A09CB7BCDB60FC1BB9C |
SHA1: | 06CD14C958FA5C0870C3148BCD874208D6EBA192 |
SHA-256: | D3BEFD3CD87AA43091B2043616C0D57B5DD5C86A9BBB933BC7F1CE359FDF2848 |
SHA-512: | 3659FAB569E5D7FF8F509EF2B0B2385EBD80114CD1ED782B19A440131FAB50EB6AB489A9A274503BB08751B5173E97E81B8931047DC1F6B7C440558B80AB34F2 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 151163464 |
Entropy (8bit): | 7.076418205558757 |
Encrypted: | false |
SSDEEP: | 49152:EcAALhfk8v8UOvPpDnYZVOCzhK2BE1Mnu8oQLpzEwE5AhbaSpqX+FST+CJtIJlz6:A |
MD5: | 66D7B16F566AD4D6F73CD6083C7B1D51 |
SHA1: | C71715B2546908A05A28A91555534F04BDF11432 |
SHA-256: | 440D3B688F65BD11C021206C50D7B7C4A75C7BA66BD2E1AA4137ABE65D41079A |
SHA-512: | 7EE084C1DA1AABE2F7FCC084B4A9C5A9E5CFB86FB4FD45BC6EE08CD3E67FE41380D8FA0F0F312EC50198DC50CE230E36127EF5931ED455D9CE61EFBD43E1A0CA |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 581 |
Entropy (8bit): | 5.484135377500105 |
Encrypted: | false |
SSDEEP: | |
MD5: | 97DB150F517B42A67914B55B9FCC0855 |
SHA1: | 53FA78E1F13BB71038D02D9C8911415B5C2912C5 |
SHA-256: | D4FC9603286BC88744BDA31D71B8464EA7CAB510244B3C21128774513302BFC8 |
SHA-512: | 545A19B01D8423099C1CB414B4754E10C7C1A98ABA50BBEB7330B82843BEA877DB761156CA6B306EC4A67954CAF1E9C0493E0722BB6345B19CD8678E6A7BD532 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 582 |
Entropy (8bit): | 5.508024577075607 |
Encrypted: | false |
SSDEEP: | |
MD5: | DCC53F5459120236A9DD260CBCC7CFFF |
SHA1: | 4039FCA91DD943A269B6180906E347F44E26AD45 |
SHA-256: | 2DD6BC5BC770D576565692E8D014611ECE5614A615B83832756959163EDA3329 |
SHA-512: | AAF0B1864FA1353C8BE403BA257FC86E963AA1C5C6343CD83AC9B47F4D4AD0C4DFF12589C17E4BD0DB6F626C8446332BBFE87819E2ED37709DC1DCD59909D54A |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 551 |
Entropy (8bit): | 5.404238302840432 |
Encrypted: | false |
SSDEEP: | |
MD5: | 239B0A24A1A86CDB9E336BAFB9671B60 |
SHA1: | D604B815B4C5FC72E38700E060016980CD3F013C |
SHA-256: | F71F990B573AA4CC7724769C08F9EF0FD5E3897FDEB567966323E1AA5C7AAF84 |
SHA-512: | 8214623D1FAE28F7BE93CF1F762DF3BE8475331613FA1949B643D6A739FD5EA705789499E91D1A8CBD25FA8159F0450681EB2D3977B9B698B89D1332245DBE57 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 566 |
Entropy (8bit): | 5.3766864975280875 |
Encrypted: | false |
SSDEEP: | |
MD5: | D60ADFE8CC5346DF0C2C5A191039AFB7 |
SHA1: | B2760A6B3E71AA9441F771A31FA7CAB80DDB792C |
SHA-256: | 4D5CB8CFF9DCC0F1536CAE9299295B4422F49B8377FDAA9057427AE40D74EB8B |
SHA-512: | F7CD8F6FE84970944955343E5699BDFDB05174E9CEEB3AFE2ADA12B2F2BBED4B945E8B2D16B9B7AD1A796C37DA991E3B81F284076170805CD45665873411A767 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 549 |
Entropy (8bit): | 5.509794522095491 |
Encrypted: | false |
SSDEEP: | |
MD5: | F25CE49283A8CBCDAE2F3D447B00DE0B |
SHA1: | 5ED22433392F6FBD1804EF94473CF465837575AD |
SHA-256: | C6B4F1EA2A48D13050C20A3D4CC3614909E694B494037432610053DA675FC627 |
SHA-512: | 2FAEBF76B5DDD7505BBBAD4B6ED730667BBCE856C10FD476E28607B0C41E409FC661360F39607D38F5E54AA5CB6B27403E9F54A3BD918AA127FB7AF55C0094D4 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 529 |
Entropy (8bit): | 5.417334677129549 |
Encrypted: | false |
SSDEEP: | |
MD5: | B8D1527AD41B6877D1B63609604A2114 |
SHA1: | 831D9DB5D7ED05A8397EE8A3E34C35C3DC769CE0 |
SHA-256: | 86DAACE3C786D9AA8BBDBDA09F69456A0260A20E5AB4CFE9A02628A73A9E0AA4 |
SHA-512: | 15DFC12B02F3D8F10A1785BD192C1DB146B7CDF12AA1B1CBC30700F24DCFEAF333A117221C45BF65225B249F88A3506C77F57B2667DD50A851DAFD32DB604D7C |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 608 |
Entropy (8bit): | 5.599021625489054 |
Encrypted: | false |
SSDEEP: | |
MD5: | 909355BA1B2ADA7E01CB81E2899B6B96 |
SHA1: | 98ED232FB52CB179C60C6988480BB28D5B247263 |
SHA-256: | 8ED9F9F9295D32C849D9939BEB83763955BC0C6925793FADB4A0A0735378338A |
SHA-512: | C15AD4E028A05CD34F0C22B4DE80B61A12B901DE4994083C9717C9B4F3BBC1CF29431894ADFE3B7FEC934642741AD9A4226FC9EA6A2B3DA91D351387A2F61BF2 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 548 |
Entropy (8bit): | 5.47877878102614 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1A4DB14134A67966C903508FF04DCB28 |
SHA1: | 612D22CDCF9CA81EBB295642346E3F0F9214D522 |
SHA-256: | 9C66FABC8AC533B56109E3BA00591892A18B30831DE74B933532C5727E0F4AC7 |
SHA-512: | 3B3588CC2686AE47E1AA66DB11D2EBB662D0C8F99DA8049BC1D560289D9A06E194266260D918D515B3470C7684DD85FD989050BE63CEBF731D89A6761102EDEF |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 777456 |
Entropy (8bit): | 6.353934532007735 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8E699954F6B5D64683412CC560938507 |
SHA1: | 8CA6708B0F158EACCE3AC28B23C23ED42C168C29 |
SHA-256: | C9A2399CC1CE6F71DB9DA2F16E6C025BF6CB0F4345B427F21449CF927D627A40 |
SHA-512: | 13035106149C8D336189B4A6BDAF25E10AC0B027BAEA963B3EC66A815A572426B2E9485258447CF1362802A0F03A2AA257B276057590663161D9D55D5B737B02 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: | |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57578 |
Entropy (8bit): | 5.578086176536263 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5DC5D3365BAE36FC41072D92D22F69CB |
SHA1: | 91CE48060DCCCC9806AFB9979A3A1759041036DF |
SHA-256: | 067820A70679BC812C16421E4F759533DD91D8124ED36966436601B1F2013C94 |
SHA-512: | CE2119181FCBDA7C1B08068F918C7282DEFC8AD951E129458BB75F6CC9EC4CA105482B5F4AAC4C16E425736FA45DA790D10B4ED9346A93B23B4F4F713A912A85 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 522 |
Entropy (8bit): | 5.3732701590754415 |
Encrypted: | false |
SSDEEP: | |
MD5: | 84DFE2A08AFBC32793395799841D38E4 |
SHA1: | 1E040C2A1032335F15C39C60A01343A58889B5DC |
SHA-256: | AC294F23A91818659CFC3210CB058D3D9C7DDA4EF9D4CD933269C8428DED3AC5 |
SHA-512: | 9B6B65C14499CCEB0FE8276CF33CE9B92091A7D1EB2BE8DE4497F7B418B57B70675BCF706425630D9210DF7EB1328E443F4D2F08B0CBD088DA579EAF086CE915 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 545 |
Entropy (8bit): | 5.5258847043058905 |
Encrypted: | false |
SSDEEP: | |
MD5: | B98459F0500F47B7B583B0C519CCF3CB |
SHA1: | 5D8012DB878B3F72B7A5736525F587330F988A96 |
SHA-256: | E52F7062BE09E0B5653629D3E3738EF2B514BA971CFA25EED7BE051466EE0E26 |
SHA-512: | C136360F2444CBB26A4DC20B7BBE04F1040D2F796D75FCE5274F612DB869E4943C7687E7AC457C705C5925545641A891E7CE242BAA2E7A993F9849F891E8D465 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 540 |
Entropy (8bit): | 5.547551481633137 |
Encrypted: | false |
SSDEEP: | |
MD5: | BA57AA240C24091DC77E1E2EF7A99C10 |
SHA1: | A013814DFDF3086EA88DBAA42D1D5269CE08DC0D |
SHA-256: | 619C6857EA9C69C098E3AC990BE2B99B25EC1A75821081EAD723C9EF6F718FB2 |
SHA-512: | 498B2133DDF75BB946A763216E8E757E902F7E6AEF565DB689B02B0A02526455EADAD1C1642924E7A611537428CF2D79B8314A7A05E041963F4D9328C61C4168 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 535 |
Entropy (8bit): | 5.501943056038449 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5F2BBE62D3EB28228186CD6964305381 |
SHA1: | 46E019DA6F7ECE17D7500B963C80FF076B3B449C |
SHA-256: | 68C1BA695059F1E975FA07FF00BF77FD3B6E56EA4940E9E4AB5F7AA0FA33416E |
SHA-512: | 2F5AD3C6E6602C9980C530CD9380FEAB3CCDF1C2D836174F25EBF30C924D08FB958235B27C016CF2A0EEC51BACF50DAC685546778B893567AE3B51A89BEE1A4B |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 554 |
Entropy (8bit): | 5.451419215130869 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9D55DE9BCF880293EFC22A6EDF63D727 |
SHA1: | 91BFA94E624F6A6C9891922931A650F3BDF014AF |
SHA-256: | 2EF84FFD76915FDBBAF0CC328B1AD11F7F0967D295AC7077F68C44F2DA67B75F |
SHA-512: | 3303BDC222A120225D36B48C6DCB24388FEEB8BC90A5FC84D8174C9CE487645D9435B31482E5D64057B52727ACC5EAF782E4B07D74FC29B32314F361186DE9EE |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 559 |
Entropy (8bit): | 5.441373794856656 |
Encrypted: | false |
SSDEEP: | |
MD5: | E887844DDB3C6BC8C9BA7ABF0963B162 |
SHA1: | 5B1955F3EC2985EDA50632650FB71150AD311794 |
SHA-256: | 4E47AFF41CBC53A8C36A9F3446DB8EFCF8B4BADD7808F7B58D57BB6F4082CA1F |
SHA-512: | 5F856E4D003D5822FEC6CB2A4F633259073D3BDDA70C475449213247B69DB68429BBC487B6DEFB016984FDD539599C00AE54DC941E686A115DEB0C0FCF9ECB1B |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 604 |
Entropy (8bit): | 5.5485404237595715 |
Encrypted: | false |
SSDEEP: | |
MD5: | CEE5E8C575EC77654A20CB99615CEBF6 |
SHA1: | D43519CD61E556D88080FF2640150B2BBE34AE7D |
SHA-256: | 2A4C2DF427A70334733E5CB06304BFF74499D6850AE736F82B06A52B0D850D61 |
SHA-512: | 573E6B89DC25A143F133993435C60719439EF51409199F433DFD12E772A4222F2DF8EEBDC155A42C102C17440A88B37B20F7BE698F368E34B174F0BD490BA0E8 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\YdACOWCggQ.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 518 |
Entropy (8bit): | 5.459797846755074 |
Encrypted: | false |
SSDEEP: | |
MD5: | 32834BAFB3B1871301A6BA9BEF2C5687 |
SHA1: | 786CD933E49C5657480DB1485B0609F8DFEC11CE |
SHA-256: | DF899EAC1B5F6515CBDA8B816319FF0F89D7FF9E4FBDAEC52C75E1505105CD95 |
SHA-512: | A3864E623BA6AD918138D3BFA27F8F2E7AFC4F2005BA7DB655D1798CEBB5CAFDBF06D44929364CF363AEFD3F7B4AB48C37B75B3548CA711E5C6B3AB68CEC1714 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\AppData\Local\Temp\RegSvcs.exe |
File Type: | |
Category: | modified |
Size (bytes): | 142 |
Entropy (8bit): | 5.090621108356562 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8C0458BB9EA02D50565175E38D577E35 |
SHA1: | F0B50702CD6470F3C17D637908F83212FDBDB2F2 |
SHA-256: | C578E86DB701B9AFA3626E804CF434F9D32272FF59FB32FA9A51835E5A148B53 |
SHA-512: | 804A47494D9A462FFA6F39759480700ECBE5A7F3A15EC3A6330176ED9C04695D2684BF6BF85AB86286D52E7B727436D0BB2E8DA96E20D47740B5CE3F856B5D0F |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\33920049\mmuiqlcvwo.pif |
File Type: | |
Category: | modified |
Size (bytes): | 45152 |
Entropy (8bit): | 6.149629800481177 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2867A3817C9245F7CF518524DFD18F28 |
SHA1: | D7BA2A111CEDD5BF523224B3F1CFE58EEC7C2FDC |
SHA-256: | 43026DCFF238F20CFF0419924486DEE45178119CFDD0D366B79D67D950A9BF50 |
SHA-512: | 7D3D3DBB42B7966644D716AA9CBC75327B2ACB02E43C61F1DAD4AFE5521F9FE248B33347DFE15B637FB33EB97CDB322BCAEAE08BAE3F2FD863A9AD9B3A4D6B42 |
Malicious: | true |
Antivirus: | |
Joe Sandbox View: |
|
Preview: |
|
Process: | C:\Users\user\AppData\Local\Temp\RegSvcs.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1311 |
Entropy (8bit): | 5.120237537969728 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9CC9B31561289BF47DDBEF114BE4B6FA |
SHA1: | C901987D5F8BBAD7231B7EE4A65ADB93BB0F56A5 |
SHA-256: | 984AA44429B06B17C290376A8D741A2DAE62FE6F38EEBBF434A0781230686097 |
SHA-512: | 075F148FDD9187FDD6BA56D1CD3D81641FE8D8F9FBA903F98B307463B4BCDC77556B542CFD73C9BC2C34D364245D5B8080DE69DC968DE9070D44FE180741D4FC |
Malicious: | true |
Preview: |
|
Process: | C:\Users\user\AppData\Local\Temp\RegSvcs.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 76413EBF84A4F46D01F8C8CE608686D8 |
SHA1: | 8B1633D1647DDB8EB542F3E046FA47C734A7CAA3 |
SHA-256: | 0CE3B1E05B72CFCD8DE944495B2A4CF5EF3B10B99D6D0D998A3BE6A042287639 |
SHA-512: | 0B9923CE31C74E61A831CCBD3E8C6B79FE78FF7627EABA940D04E00C28A06094EC68E5BC2AEE389854A843DBAC9BD30C74F9E589B861C2441BBDFD18E39E289E |
Malicious: | true |
Preview: |
|
Process: | C:\Users\user\AppData\Local\Temp\RegSvcs.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 48 |
Entropy (8bit): | 4.556127542695029 |
Encrypted: | false |
SSDEEP: | |
MD5: | 71C86F4534ED6EA4C1E9A785F2EB0A92 |
SHA1: | D065F0540580FC2E0ACD365784FD5A60F8235829 |
SHA-256: | DBC475B81DC4AACF70235516B8FB463D4FB170C3E72E647C0BA2A30D3B9EC4E3 |
SHA-512: | 6D97D624C0A2B3D3B8D51A4F2502B8874E59E29538AD0477F1DE32FEEDAE38890F68532B591EEF0FA0DB23CD4929890DB256ACB8E4B73F6F790BB11C13473688 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\33920049\mmuiqlcvwo.pif |
File Type: | |
Category: | dropped |
Size (bytes): | 95 |
Entropy (8bit): | 5.071141961542051 |
Encrypted: | false |
SSDEEP: | |
MD5: | E241BA8C7BF12A7128E7C0AD28348930 |
SHA1: | ACFC821D16BAB7535369917F41BB21ADA15E3BC0 |
SHA-256: | 0B64183C8B6E30C78D7EB1997E3686A1CE832B3CB0092F09CA76BA5FD5EE0B9C |
SHA-512: | 26A78974A6794751B052B58EB01C3BF9030E1116050C24A86326E31F1F11E1289860AC915F055B13F29AF3D0BED1E73CE9C5EAFC1196DD1C9CACA9C2E5602376 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\AppData\Local\Temp\RegSvcs.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 215 |
Entropy (8bit): | 4.911407397013505 |
Encrypted: | false |
SSDEEP: | |
MD5: | 623152A30E4F18810EB8E046163DB399 |
SHA1: | 5D640A976A0544E2DDA22E9DF362F455A05CFF2A |
SHA-256: | 4CA51BAF6F994B93FE9E1FDA754A4AE74277360C750C04B630DA3DEC33E65FEA |
SHA-512: | 1AD53476A05769502FF0BCA9E042273237804B63873B0D5E0613936B91766A444FCA600FD68AFB1EF2EA2973242CF1A0FF617522D719F2FA63DF074E118F370B |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.832162830296474 |
TrID: |
|
File name: | YdACOWCggQ.exe |
File size: | 1073384 |
MD5: | b866823e1f8f4a52376bd108c457dd78 |
SHA1: | fe99849ec27630463080445337798eeba8000a02 |
SHA256: | ebe1bb18a77cf0b34d3ad06919a9adfff2aa69cfafa5b96b670534b890e3e2a8 |
SHA512: | fd1732ca7dc310395581d835ea3df1e7ad664c75c9c7f68ba55c0b2e521383a0c8781b490f7cc05428d6e534b356a585bf11b57e57808cc37ea08dabf4a09e13 |
SSDEEP: | 24576:rAOcZEhU3Pv6cxzVQ5WP1TKyENXWPI1sDx52gWbh9dlfQ:tEicRPwZ1sDxIrtG |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...,...._......._..'...._f.'...._..'.. |
File Icon |
---|
Icon Hash: | b491b4ecd336fb5b |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x41e1f9 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5E7C7DC7 [Thu Mar 26 10:02:47 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | fcf1390e9ce472c7270447fc5c61a0c1 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007FE558994C1Fh |
jmp 00007FE558994613h |
cmp ecx, dword ptr [0043D668h] |
jne 00007FE558994785h |
ret |
jmp 00007FE558994D95h |
ret |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 00433068h |
mov dword ptr [ecx], 00434284h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007FE558987B91h |
mov dword ptr [esi], 00434290h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 00434298h |
mov dword ptr [ecx], 00434290h |
ret |
lea eax, dword ptr [ecx+04h] |
mov dword ptr [ecx], 00434278h |
push eax |
call 00007FE55899792Dh |
pop ecx |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 00434278h |
push eax |
call 00007FE558997916h |
test byte ptr [ebp+08h], 00000001h |
pop ecx |
je 00007FE55899478Ch |
push 0000000Ch |
push esi |
call 00007FE558993D4Fh |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
push ebp |
mov ebp, esp |
sub esp, 0Ch |
lea ecx, dword ptr [ebp-0Ch] |
call 00007FE5589946EEh |
push 0043A410h |
lea eax, dword ptr [ebp-0Ch] |
push eax |
call 00007FE558997015h |
int3 |
push ebp |
mov ebp, esp |
sub esp, 0Ch |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x3b540 | 0x34 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3b574 | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x62000 | 0x4c28 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x67000 | 0x210c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x397d0 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x34218 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x32000 | 0x260 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x3aaec | 0x120 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x30581 | 0x30600 | False | 0.589268410853 | data | 6.70021125825 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x32000 | 0xa332 | 0xa400 | False | 0.455030487805 | data | 5.23888424127 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x3d000 | 0x238b0 | 0x1200 | False | 0.368272569444 | data | 3.83993526939 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.gfids | 0x61000 | 0xe8 | 0x200 | False | 0.333984375 | data | 2.12166381533 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x62000 | 0x4c28 | 0x4e00 | False | 0.602263621795 | data | 6.36874241417 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x67000 | 0x210c | 0x2200 | False | 0.786534926471 | data | 6.61038519378 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
PNG | 0x62524 | 0xb45 | PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced | English | United States |
PNG | 0x6306c | 0x15a9 | PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced | English | United States |
RT_ICON | 0x64618 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 134243974, next used block 1626799870 | ||
RT_DIALOG | 0x64900 | 0x286 | data | English | United States |
RT_DIALOG | 0x64b88 | 0x13a | data | English | United States |
RT_DIALOG | 0x64cc4 | 0xec | data | English | United States |
RT_DIALOG | 0x64db0 | 0x12e | data | English | United States |
RT_DIALOG | 0x64ee0 | 0x338 | data | English | United States |
RT_DIALOG | 0x65218 | 0x252 | data | English | United States |
RT_STRING | 0x6546c | 0x1e2 | data | English | United States |
RT_STRING | 0x65650 | 0x1cc | data | English | United States |
RT_STRING | 0x6581c | 0x1b8 | data | English | United States |
RT_STRING | 0x659d4 | 0x146 | Hitachi SH big-endian COFF object file, not stripped, 17152 sections, symbol offset=0x73006500 | English | United States |
RT_STRING | 0x65b1c | 0x446 | data | English | United States |
RT_STRING | 0x65f64 | 0x166 | data | English | United States |
RT_STRING | 0x660cc | 0x152 | data | English | United States |
RT_STRING | 0x66220 | 0x10a | data | English | United States |
RT_STRING | 0x6632c | 0xbc | data | English | United States |
RT_STRING | 0x663e8 | 0xd6 | data | English | United States |
RT_GROUP_ICON | 0x664c0 | 0x14 | data | ||
RT_MANIFEST | 0x664d4 | 0x753 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, DecodePointer |
gdiplus.dll | GdiplusShutdown, GdiplusStartup, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipFree, GdipAlloc |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
10/13/21-12:00:04.635221 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 60501 | 8.8.8.8 | 192.168.2.7 |
10/13/21-12:00:04.720504 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 60501 | 8.8.8.8 | 192.168.2.7 |
10/13/21-12:00:16.594375 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 51837 | 8.8.8.8 | 192.168.2.7 |
10/13/21-12:00:37.676948 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 63668 | 8.8.8.8 | 192.168.2.7 |
10/13/21-12:00:48.500016 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 60338 | 8.8.8.8 | 192.168.2.7 |
10/13/21-12:01:20.355715 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 50860 | 8.8.8.8 | 192.168.2.7 |
10/13/21-12:01:46.346307 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 59730 | 8.8.8.8 | 192.168.2.7 |
10/13/21-12:01:51.665856 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 59310 | 8.8.8.8 | 192.168.2.7 |
10/13/21-12:02:12.493659 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 64296 | 8.8.8.8 | 192.168.2.7 |
10/13/21-12:02:17.809141 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 56680 | 8.8.8.8 | 192.168.2.7 |
10/13/21-12:02:23.162203 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 58820 | 8.8.8.8 | 192.168.2.7 |
10/13/21-12:02:44.037075 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 60983 | 8.8.8.8 | 192.168.2.7 |
10/13/21-12:03:25.959416 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 61457 | 8.8.8.8 | 192.168.2.7 |
10/13/21-12:03:46.660830 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 58367 | 8.8.8.8 | 192.168.2.7 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2021 12:00:05.576698065 CEST | 49750 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:05.618726969 CEST | 8338 | 49750 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:06.140115023 CEST | 49750 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:06.182529926 CEST | 8338 | 49750 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:06.687081099 CEST | 49750 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:06.730057001 CEST | 8338 | 49750 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:11.069850922 CEST | 49751 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:11.112042904 CEST | 8338 | 49751 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:11.624927044 CEST | 49751 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:11.668311119 CEST | 8338 | 49751 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:12.171859026 CEST | 49751 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:12.214086056 CEST | 8338 | 49751 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:16.636693001 CEST | 49752 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:16.679898977 CEST | 8338 | 49752 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:17.187891960 CEST | 49752 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:17.231374979 CEST | 8338 | 49752 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:17.734885931 CEST | 49752 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:17.777971983 CEST | 8338 | 49752 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:21.784370899 CEST | 49753 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:21.827416897 CEST | 8338 | 49753 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:22.329132080 CEST | 49753 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:22.375300884 CEST | 8338 | 49753 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:22.875890970 CEST | 49753 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:22.921202898 CEST | 8338 | 49753 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:26.924595118 CEST | 49754 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:26.968862057 CEST | 8338 | 49754 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:27.470041037 CEST | 49754 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:27.513340950 CEST | 8338 | 49754 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:28.016961098 CEST | 49754 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:28.060928106 CEST | 8338 | 49754 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:32.066013098 CEST | 49759 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:32.108972073 CEST | 8338 | 49759 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:32.611144066 CEST | 49759 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:32.654954910 CEST | 8338 | 49759 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:33.158401966 CEST | 49759 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:33.201641083 CEST | 8338 | 49759 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:37.678064108 CEST | 49761 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:37.720103979 CEST | 8338 | 49761 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:38.221244097 CEST | 49761 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:38.263303995 CEST | 8338 | 49761 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:38.767951965 CEST | 49761 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:38.810178041 CEST | 8338 | 49761 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:42.893822908 CEST | 49767 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:42.936599970 CEST | 8338 | 49767 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:43.612030029 CEST | 49767 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:43.655189991 CEST | 8338 | 49767 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:44.299602032 CEST | 49767 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:44.341643095 CEST | 8338 | 49767 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:48.501244068 CEST | 49769 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:48.544317961 CEST | 8338 | 49769 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:49.049973965 CEST | 49769 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:49.093189001 CEST | 8338 | 49769 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:49.596935034 CEST | 49769 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:49.640307903 CEST | 8338 | 49769 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:53.646163940 CEST | 49770 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:53.692306995 CEST | 8338 | 49770 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:54.206747055 CEST | 49770 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:54.250010967 CEST | 8338 | 49770 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:54.753608942 CEST | 49770 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:54.797038078 CEST | 8338 | 49770 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:59.179687977 CEST | 49771 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:59.223104954 CEST | 8338 | 49771 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:00:59.738486052 CEST | 49771 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:00:59.781730890 CEST | 8338 | 49771 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:00.285316944 CEST | 49771 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:00.328739882 CEST | 8338 | 49771 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:04.333800077 CEST | 49774 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:04.378735065 CEST | 8338 | 49774 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:04.910712004 CEST | 49774 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:04.953919888 CEST | 8338 | 49774 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:05.504760027 CEST | 49774 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:05.548650026 CEST | 8338 | 49774 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:09.633774996 CEST | 49803 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:09.675630093 CEST | 8338 | 49803 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:10.176783085 CEST | 49803 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:10.219882011 CEST | 8338 | 49803 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:10.724113941 CEST | 49803 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:10.766130924 CEST | 8338 | 49803 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:15.048734903 CEST | 49810 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:15.090912104 CEST | 8338 | 49810 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:15.599139929 CEST | 49810 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:15.645664930 CEST | 8338 | 49810 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:16.147871971 CEST | 49810 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:16.190046072 CEST | 8338 | 49810 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:20.357832909 CEST | 49813 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:20.399966002 CEST | 8338 | 49813 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:20.912126064 CEST | 49813 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:20.954238892 CEST | 8338 | 49813 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:21.459018946 CEST | 49813 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:21.501517057 CEST | 8338 | 49813 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:25.507765055 CEST | 49814 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:25.550457954 CEST | 8338 | 49814 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:26.053189993 CEST | 49814 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:26.096246958 CEST | 8338 | 49814 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:26.600882053 CEST | 49814 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:26.645090103 CEST | 8338 | 49814 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:30.681299925 CEST | 49837 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:30.724416971 CEST | 8338 | 49837 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:31.225433111 CEST | 49837 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:31.268765926 CEST | 8338 | 49837 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:31.772404909 CEST | 49837 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:31.815530062 CEST | 8338 | 49837 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:35.822279930 CEST | 49842 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:35.865361929 CEST | 8338 | 49842 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:36.366554976 CEST | 49842 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:36.409733057 CEST | 8338 | 49842 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:36.913386106 CEST | 49842 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:36.956727028 CEST | 8338 | 49842 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:41.031743050 CEST | 49843 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:41.075189114 CEST | 8338 | 49843 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:41.586195946 CEST | 49843 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:41.630553961 CEST | 8338 | 49843 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:42.132766962 CEST | 49843 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:42.177167892 CEST | 8338 | 49843 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:46.348254919 CEST | 49844 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:46.391438007 CEST | 8338 | 49844 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:46.898680925 CEST | 49844 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:46.941874027 CEST | 8338 | 49844 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:47.445916891 CEST | 49844 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:47.489125967 CEST | 8338 | 49844 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:51.679239988 CEST | 49845 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:51.722491026 CEST | 8338 | 49845 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:52.227286100 CEST | 49845 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:52.270422935 CEST | 8338 | 49845 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:52.774152040 CEST | 49845 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:52.817307949 CEST | 8338 | 49845 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:56.828818083 CEST | 49862 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:56.872134924 CEST | 8338 | 49862 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:57.376842022 CEST | 49862 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:57.420485020 CEST | 8338 | 49862 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:01:57.934889078 CEST | 49862 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:01:57.978081942 CEST | 8338 | 49862 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:01.995521069 CEST | 49871 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:02.037914038 CEST | 8338 | 49871 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:02.542654991 CEST | 49871 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:02.584815025 CEST | 8338 | 49871 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:03.096052885 CEST | 49871 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:03.138467073 CEST | 8338 | 49871 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:07.145071030 CEST | 49872 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:07.187125921 CEST | 8338 | 49872 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:07.690269947 CEST | 49872 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:07.732306957 CEST | 8338 | 49872 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:08.237327099 CEST | 49872 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:08.279476881 CEST | 8338 | 49872 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:12.495131016 CEST | 49873 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:12.537189960 CEST | 8338 | 49873 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:13.050035954 CEST | 49873 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:13.092128992 CEST | 8338 | 49873 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:13.597282887 CEST | 49873 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:13.639588118 CEST | 8338 | 49873 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:17.821381092 CEST | 49874 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:17.863836050 CEST | 8338 | 49874 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:18.379252911 CEST | 49874 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:18.421348095 CEST | 8338 | 49874 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:18.925539970 CEST | 49874 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:18.969427109 CEST | 8338 | 49874 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:23.164589882 CEST | 49875 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:23.206796885 CEST | 8338 | 49875 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:23.722978115 CEST | 49875 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:23.765311003 CEST | 8338 | 49875 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:24.269876957 CEST | 49875 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:24.312139988 CEST | 8338 | 49875 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:28.336330891 CEST | 49876 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:28.379657984 CEST | 8338 | 49876 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:28.895127058 CEST | 49876 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:28.937880993 CEST | 8338 | 49876 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:29.442064047 CEST | 49876 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:29.484177113 CEST | 8338 | 49876 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:33.541191101 CEST | 49877 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:33.584619045 CEST | 8338 | 49877 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:34.098737955 CEST | 49877 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:34.140904903 CEST | 8338 | 49877 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:34.645579100 CEST | 49877 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:34.687805891 CEST | 8338 | 49877 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:38.695743084 CEST | 49878 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:38.737955093 CEST | 8338 | 49878 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:39.239753008 CEST | 49878 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:39.283065081 CEST | 8338 | 49878 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:39.802371025 CEST | 49878 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:39.844444990 CEST | 8338 | 49878 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:44.038543940 CEST | 49879 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:44.080873013 CEST | 8338 | 49879 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:44.585650921 CEST | 49879 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:44.627707958 CEST | 8338 | 49879 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:45.130836964 CEST | 49879 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:45.172883034 CEST | 8338 | 49879 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:49.403508902 CEST | 49880 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:49.446952105 CEST | 8338 | 49880 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:49.959563971 CEST | 49880 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:50.006011009 CEST | 8338 | 49880 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:50.531493902 CEST | 49880 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:50.574743032 CEST | 8338 | 49880 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:54.682069063 CEST | 49881 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:54.725364923 CEST | 8338 | 49881 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:55.225474119 CEST | 49881 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:55.268837929 CEST | 8338 | 49881 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:55.773116112 CEST | 49881 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:55.819073915 CEST | 8338 | 49881 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:02:59.837376118 CEST | 49882 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:02:59.880587101 CEST | 8338 | 49882 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:00.382214069 CEST | 49882 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:00.425373077 CEST | 8338 | 49882 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:00.929069042 CEST | 49882 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:00.972331047 CEST | 8338 | 49882 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:04.980384111 CEST | 49883 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:05.023725986 CEST | 8338 | 49883 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:05.533467054 CEST | 49883 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:05.576646090 CEST | 8338 | 49883 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:06.085978031 CEST | 49883 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:06.129247904 CEST | 8338 | 49883 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:10.142997026 CEST | 49884 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:10.186216116 CEST | 8338 | 49884 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:10.697097063 CEST | 49884 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:10.740314007 CEST | 8338 | 49884 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:11.243129015 CEST | 49884 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:11.286302090 CEST | 8338 | 49884 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:15.378891945 CEST | 49885 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:15.430392027 CEST | 8338 | 49885 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:15.945976019 CEST | 49885 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:15.989090919 CEST | 8338 | 49885 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:16.493043900 CEST | 49885 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:16.536217928 CEST | 8338 | 49885 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:20.663908005 CEST | 49886 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:20.709228992 CEST | 8338 | 49886 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:21.212074041 CEST | 49886 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:21.255321026 CEST | 8338 | 49886 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:21.758959055 CEST | 49886 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:21.802119017 CEST | 8338 | 49886 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:25.960961103 CEST | 49887 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:26.005583048 CEST | 8338 | 49887 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:26.509443045 CEST | 49887 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:26.552582979 CEST | 8338 | 49887 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:27.056265116 CEST | 49887 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:27.099555969 CEST | 8338 | 49887 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:31.122327089 CEST | 49888 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:31.164597034 CEST | 8338 | 49888 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:31.666060925 CEST | 49888 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:31.708296061 CEST | 8338 | 49888 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:32.213167906 CEST | 49888 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:32.255372047 CEST | 8338 | 49888 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:36.260996103 CEST | 49889 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:36.303255081 CEST | 8338 | 49889 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:36.807200909 CEST | 49889 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:36.849201918 CEST | 8338 | 49889 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:37.354068995 CEST | 49889 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:37.396158934 CEST | 8338 | 49889 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:41.402499914 CEST | 49890 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:41.444822073 CEST | 8338 | 49890 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:41.948237896 CEST | 49890 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:41.990536928 CEST | 8338 | 49890 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:42.495872974 CEST | 49890 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:42.537987947 CEST | 8338 | 49890 | 194.5.98.48 | 192.168.2.7 |
Oct 13, 2021 12:03:46.661705017 CEST | 49891 | 8338 | 192.168.2.7 | 194.5.98.48 |
Oct 13, 2021 12:03:46.703533888 CEST | 8338 | 49891 | 194.5.98.48 | 192.168.2.7 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2021 12:00:03.515513897 CEST | 60501 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:00:04.606597900 CEST | 60501 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:00:04.635221004 CEST | 53 | 60501 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:00:04.720504045 CEST | 53 | 60501 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:00:11.043402910 CEST | 53775 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:00:11.059782028 CEST | 53 | 53775 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:00:16.482105017 CEST | 51837 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:00:16.594374895 CEST | 53 | 51837 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:00:37.563050985 CEST | 63668 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:00:37.676948071 CEST | 53 | 63668 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:00:42.873667002 CEST | 58739 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:00:42.891959906 CEST | 53 | 58739 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:00:48.388473034 CEST | 60338 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:00:48.500015974 CEST | 53 | 60338 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:01:09.613409042 CEST | 54911 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:01:09.632004023 CEST | 53 | 54911 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:01:14.884824991 CEST | 49958 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:01:14.903381109 CEST | 53 | 49958 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:01:20.244256973 CEST | 50860 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:01:20.355715036 CEST | 53 | 50860 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:01:41.013844013 CEST | 50452 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:01:41.030483007 CEST | 53 | 50452 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:01:46.232563019 CEST | 59730 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:01:46.346307039 CEST | 53 | 59730 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:01:51.553874016 CEST | 59310 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:01:51.665855885 CEST | 53 | 59310 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:02:12.380646944 CEST | 64296 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:02:12.493659019 CEST | 53 | 64296 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:02:17.695481062 CEST | 56680 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:02:17.809140921 CEST | 53 | 56680 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:02:23.050698996 CEST | 58820 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:02:23.162203074 CEST | 53 | 58820 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:02:43.923697948 CEST | 60983 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:02:44.037075043 CEST | 53 | 60983 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:02:49.381719112 CEST | 49247 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:02:49.401587009 CEST | 53 | 49247 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:02:54.662554026 CEST | 52286 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:02:54.679204941 CEST | 53 | 52286 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:03:15.359188080 CEST | 56064 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:03:15.377491951 CEST | 53 | 56064 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:03:20.644177914 CEST | 63744 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:03:20.662653923 CEST | 53 | 63744 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:03:25.845478058 CEST | 61457 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:03:25.959415913 CEST | 53 | 61457 | 8.8.8.8 | 192.168.2.7 |
Oct 13, 2021 12:03:46.546413898 CEST | 58367 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 13, 2021 12:03:46.660830021 CEST | 53 | 58367 | 8.8.8.8 | 192.168.2.7 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Oct 13, 2021 12:00:03.515513897 CEST | 192.168.2.7 | 8.8.8.8 | 0xd9c5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:00:04.606597900 CEST | 192.168.2.7 | 8.8.8.8 | 0xd9c5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:00:11.043402910 CEST | 192.168.2.7 | 8.8.8.8 | 0xc01a | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:00:16.482105017 CEST | 192.168.2.7 | 8.8.8.8 | 0x1731 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:00:37.563050985 CEST | 192.168.2.7 | 8.8.8.8 | 0x8ee5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:00:42.873667002 CEST | 192.168.2.7 | 8.8.8.8 | 0x3dea | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:00:48.388473034 CEST | 192.168.2.7 | 8.8.8.8 | 0x1e7c | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:01:09.613409042 CEST | 192.168.2.7 | 8.8.8.8 | 0x2b6d | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:01:14.884824991 CEST | 192.168.2.7 | 8.8.8.8 | 0x6eee | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:01:20.244256973 CEST | 192.168.2.7 | 8.8.8.8 | 0xf63b | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:01:41.013844013 CEST | 192.168.2.7 | 8.8.8.8 | 0xf900 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:01:46.232563019 CEST | 192.168.2.7 | 8.8.8.8 | 0x4098 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:01:51.553874016 CEST | 192.168.2.7 | 8.8.8.8 | 0xa2c3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:02:12.380646944 CEST | 192.168.2.7 | 8.8.8.8 | 0x52ba | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:02:17.695481062 CEST | 192.168.2.7 | 8.8.8.8 | 0x23f | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:02:23.050698996 CEST | 192.168.2.7 | 8.8.8.8 | 0x37a0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:02:43.923697948 CEST | 192.168.2.7 | 8.8.8.8 | 0xcf15 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:02:49.381719112 CEST | 192.168.2.7 | 8.8.8.8 | 0x3871 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:02:54.662554026 CEST | 192.168.2.7 | 8.8.8.8 | 0x2eff | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:03:15.359188080 CEST | 192.168.2.7 | 8.8.8.8 | 0x5838 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:03:20.644177914 CEST | 192.168.2.7 | 8.8.8.8 | 0x715a | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:03:25.845478058 CEST | 192.168.2.7 | 8.8.8.8 | 0xcc67 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:03:46.546413898 CEST | 192.168.2.7 | 8.8.8.8 | 0xbd14 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Oct 13, 2021 12:00:04.635221004 CEST | 8.8.8.8 | 192.168.2.7 | 0xd9c5 | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:00:04.720504045 CEST | 8.8.8.8 | 192.168.2.7 | 0xd9c5 | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:00:11.059782028 CEST | 8.8.8.8 | 192.168.2.7 | 0xc01a | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:00:16.594374895 CEST | 8.8.8.8 | 192.168.2.7 | 0x1731 | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:00:37.676948071 CEST | 8.8.8.8 | 192.168.2.7 | 0x8ee5 | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:00:42.891959906 CEST | 8.8.8.8 | 192.168.2.7 | 0x3dea | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:00:48.500015974 CEST | 8.8.8.8 | 192.168.2.7 | 0x1e7c | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:01:09.632004023 CEST | 8.8.8.8 | 192.168.2.7 | 0x2b6d | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:01:14.903381109 CEST | 8.8.8.8 | 192.168.2.7 | 0x6eee | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:01:20.355715036 CEST | 8.8.8.8 | 192.168.2.7 | 0xf63b | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:01:41.030483007 CEST | 8.8.8.8 | 192.168.2.7 | 0xf900 | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:01:46.346307039 CEST | 8.8.8.8 | 192.168.2.7 | 0x4098 | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:01:51.665855885 CEST | 8.8.8.8 | 192.168.2.7 | 0xa2c3 | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:02:12.493659019 CEST | 8.8.8.8 | 192.168.2.7 | 0x52ba | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:02:17.809140921 CEST | 8.8.8.8 | 192.168.2.7 | 0x23f | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:02:23.162203074 CEST | 8.8.8.8 | 192.168.2.7 | 0x37a0 | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:02:44.037075043 CEST | 8.8.8.8 | 192.168.2.7 | 0xcf15 | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:02:49.401587009 CEST | 8.8.8.8 | 192.168.2.7 | 0x3871 | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:02:54.679204941 CEST | 8.8.8.8 | 192.168.2.7 | 0x2eff | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:03:15.377491951 CEST | 8.8.8.8 | 192.168.2.7 | 0x5838 | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:03:20.662653923 CEST | 8.8.8.8 | 192.168.2.7 | 0x715a | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:03:25.959415913 CEST | 8.8.8.8 | 192.168.2.7 | 0xcc67 | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:03:46.660830021 CEST | 8.8.8.8 | 192.168.2.7 | 0xbd14 | No error (0) | 194.5.98.48 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 11:59:30 |
Start date: | 13/10/2021 |
Path: | C:\Users\user\Desktop\YdACOWCggQ.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x190000 |
File size: | 1073384 bytes |
MD5 hash: | B866823E1F8F4A52376BD108C457DD78 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 11:59:49 |
Start date: | 13/10/2021 |
Path: | C:\Users\user\33920049\mmuiqlcvwo.pif |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x830000 |
File size: | 777456 bytes |
MD5 hash: | 8E699954F6B5D64683412CC560938507 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 11:59:55 |
Start date: | 13/10/2021 |
Path: | C:\Users\user\AppData\Local\Temp\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe80000 |
File size: | 45152 bytes |
MD5 hash: | 2867A3817C9245F7CF518524DFD18F28 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: | |
Reputation: | high |
General |
---|
Start time: | 11:59:59 |
Start date: | 13/10/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1190000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:59:59 |
Start date: | 13/10/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff774ee0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:00:00 |
Start date: | 13/10/2021 |
Path: | C:\Users\user\AppData\Local\Temp\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbe0000 |
File size: | 45152 bytes |
MD5 hash: | 2867A3817C9245F7CF518524DFD18F28 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 12:00:01 |
Start date: | 13/10/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff774ee0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 001ACBB8, Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 199filesleeptimeCOMMON
C-Code - Quality: 17% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A963A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 92memorywindowCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019A2DF, Relevance: 7.6, APIs: 5, Instructions: 108fileCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B6AF3, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AE643, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A626D, Relevance: .3, Instructions: 325COMMONCrypto
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019FD49, Relevance: 51.1, APIs: 22, Strings: 7, Instructions: 314libraryfileloaderCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AB4C7, Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 438windowfileCOMMON
C-Code - Quality: 49% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AC190, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B95A5, Relevance: 9.2, APIs: 6, Instructions: 216COMMON
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AA388, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 25% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019964A, Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
C-Code - Quality: 59% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A04F5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
C-Code - Quality: 71% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00199C34, Relevance: 4.6, APIs: 3, Instructions: 96fileCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00199EF2, Relevance: 4.6, APIs: 3, Instructions: 56COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B9AA7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001BA873, Relevance: 3.2, APIs: 2, Instructions: 168COMMON
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00191382, Relevance: 3.1, APIs: 2, Instructions: 96COMMON
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019137D, Relevance: 3.1, APIs: 2, Instructions: 94COMMON
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001BA6B2, Relevance: 3.1, APIs: 2, Instructions: 91COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00199528, Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00199A7E, Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00199B57, Relevance: 3.1, APIs: 2, Instructions: 54COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00199903, Relevance: 3.1, APIs: 2, Instructions: 52COMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B7B78, Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A0574, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019A12F, Relevance: 3.0, APIs: 2, Instructions: 30COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001ACB57, Relevance: 3.0, APIs: 2, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00199E18, Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00199E7F, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A938E, Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A9B08, Relevance: 3.0, APIs: 2, Instructions: 22comCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B1726, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001912B2, Relevance: 3.0, APIs: 2, Instructions: 11COMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00191973, Relevance: 1.8, APIs: 1, Instructions: 285COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001981C4, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A2A7F, Relevance: 1.6, APIs: 1, Instructions: 90COMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A9EEF, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019910B, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AC6FF, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
C-Code - Quality: 80% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00195A1D, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B7A8A, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001994DA, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019A1B1, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A02E8, Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A95CF, Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00199745, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AC9FE, Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD1BF, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD1A4, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD1DD, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD1C9, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD205, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD23E, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD234, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD7DA, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD1D8, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
C-Code - Quality: 22% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD1F6, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
C-Code - Quality: 22% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD1EC, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
C-Code - Quality: 22% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD200, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
C-Code - Quality: 22% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD22F, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
C-Code - Quality: 22% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AD225, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
C-Code - Quality: 22% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00199BD6, Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A9A8D, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 001AAFB9, Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 289timewindowfileCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00196FC6, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 299fileCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001930FC, Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 605COMMONCrypto
C-Code - Quality: 84% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001BC55E, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONCrypto
C-Code - Quality: 68% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00192692, Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 783COMMONCrypto
C-Code - Quality: 93% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B7BE1, Relevance: 4.6, APIs: 3, Instructions: 78COMMON
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A9D99, Relevance: 3.0, APIs: 2, Instructions: 46COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00196D06, Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019A995, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001BACA1, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A589E, Relevance: .8, Instructions: 800COMMONCrypto
C-Code - Quality: 96% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A6CDB, Relevance: .8, Instructions: 773COMMONCrypto
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019E973, Relevance: .7, Instructions: 694COMMONCrypto
C-Code - Quality: 70% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A66A2, Relevance: .5, Instructions: 509COMMONCrypto
C-Code - Quality: 88% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019BAD1, Relevance: .4, Instructions: 449COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B0113, Relevance: .3, Instructions: 345COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B0548, Relevance: .3, Instructions: 341COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AFCDE, Relevance: .3, Instructions: 331COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AF8C6, Relevance: .3, Instructions: 323COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019DF12, Relevance: .3, Instructions: 318COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A364E, Relevance: .3, Instructions: 263COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B3EE9, Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A397F, Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B3CBA, Relevance: .2, Instructions: 214COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019DADD, Relevance: .2, Instructions: 190COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019E510, Relevance: .2, Instructions: 154COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019F5C5, Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A33D3, Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00195D7E, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001BB784, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AC343, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 80windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B8422, Relevance: 15.1, APIs: 10, Instructions: 54COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AA3E1, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99windowCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00199268, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137fileCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A06E0, Relevance: 12.1, APIs: 8, Instructions: 117timeCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001BE2ED, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 52% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A88BF, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 124memoryCOMMON
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 43% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001BB506, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B1694, Relevance: 10.6, APIs: 7, Instructions: 60COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A0910, Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A8BE2, Relevance: 9.1, APIs: 6, Instructions: 86COMMON
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B8516, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B6B78, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019E7E3, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B7389, Relevance: 7.6, APIs: 5, Instructions: 129COMMON
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001BABA6, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B859A, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A03C7, Relevance: 7.5, APIs: 5, Instructions: 44COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001BB461, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B75DB, Relevance: 7.5, APIs: 5, Instructions: 30COMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B8749, Relevance: 6.3, APIs: 4, Instructions: 305COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001BB5EA, Relevance: 6.1, APIs: 4, Instructions: 110COMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AA4F8, Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B1A89, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
C-Code - Quality: 20% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B15E6, Relevance: 6.0, APIs: 4, Instructions: 14COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 17% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00197570, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 20% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A04BA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 008398F0, Relevance: 33.9, APIs: 21, Instructions: 2413COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0087BCB3, Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 178filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083D7A0, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 138windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083EE30, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0086399B, Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0084F170, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00833C50, Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 238COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00839430, Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089AB4D, Relevance: 40.7, APIs: 17, Strings: 6, Instructions: 415registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008404E0, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 56windowregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008403E0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00831340, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 129timewindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00897377, Relevance: 12.3, APIs: 8, Instructions: 267COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083E700, Relevance: 10.7, APIs: 7, Instructions: 157COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083E6C0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00887760, Relevance: 9.2, APIs: 6, Instructions: 217COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008406E0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0084F4A4, Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008414F7, Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A5031, Relevance: 4.9, APIs: 3, Instructions: 390COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00897629, Relevance: 4.8, APIs: 3, Instructions: 337COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0085A943, Relevance: 4.7, APIs: 3, Instructions: 224COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00859B01, Relevance: 4.7, APIs: 3, Instructions: 201COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008449DA, Relevance: 4.7, APIs: 3, Instructions: 160COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00833868, Relevance: 4.7, APIs: 3, Instructions: 154COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A52BA, Relevance: 4.6, APIs: 3, Instructions: 141COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0086297C, Relevance: 4.6, APIs: 3, Instructions: 58COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083FE20, Relevance: 4.6, APIs: 3, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00839769, Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00832AB0, Relevance: 3.5, APIs: 2, Instructions: 463COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083B1F0, Relevance: 3.3, APIs: 2, Instructions: 258COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083C440, Relevance: 3.2, APIs: 2, Instructions: 156COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00896C11, Relevance: 3.1, APIs: 2, Instructions: 130COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083BFD0, Relevance: 3.1, APIs: 2, Instructions: 93COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083D8B0, Relevance: 3.1, APIs: 2, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00833C80, Relevance: 3.1, APIs: 2, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088E400, Relevance: 3.1, APIs: 2, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008407A0, Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008316A0, Relevance: 3.0, APIs: 2, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00844966, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083F260, Relevance: 3.0, APIs: 2, Instructions: 20COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00833D20, Relevance: 2.6, APIs: 2, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089F94D, Relevance: 1.7, APIs: 1, Instructions: 196COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083B650, Relevance: 1.6, APIs: 1, Instructions: 117COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089B5B4, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00833130, Relevance: 1.6, APIs: 1, Instructions: 104COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088C71D, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008329B0, Relevance: 1.6, APIs: 1, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008331B0, Relevance: 1.6, APIs: 1, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083E1B0, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00840C1C, Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0087C02F, Relevance: 1.6, APIs: 1, Instructions: 92COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00839190, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089F356, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088C98D, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088E492, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0084F597, Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00833B40, Relevance: 1.6, APIs: 1, Instructions: 52fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00833250, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0087C141, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00844B96, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089FD26, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0085A142, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0085D326, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083ECD0, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00873C1D, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00858748, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083D9C0, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0083E270, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0086397D, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008448E2, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A261D, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 008643FF, Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 133keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00876219, Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 234processCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008633A3, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86shutdownCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0087602A, Relevance: 16.7, APIs: 11, Instructions: 182COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088A0FC, Relevance: 16.6, APIs: 11, Instructions: 120clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089C06C, Relevance: 9.2, APIs: 6, Instructions: 231comCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00882408, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128filesleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008AA2EA, Relevance: 7.6, APIs: 5, Instructions: 71windowCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0084A128, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089E0F6, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 263comCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008894D6, Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 490filewindowcomCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008890AA, Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 291windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00886529, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 291windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008641CD, Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089910A, Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 253windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008905C5, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A2095, Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 377timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089138A, Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 294windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00861329, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0086000A, Relevance: 21.1, APIs: 14, Instructions: 134filecommemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088516A, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 115windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00863478, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 84networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008885C8, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00863044, Relevance: 16.6, APIs: 11, Instructions: 122COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00884262, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 271libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A10AB, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 157windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00878524, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0086401B, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00886151, Relevance: 13.7, APIs: 9, Instructions: 164COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008710EC, Relevance: 13.6, APIs: 9, Instructions: 142COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00839400, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0087B415, Relevance: 12.1, APIs: 8, Instructions: 102fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00877273, Relevance: 10.7, APIs: 7, Instructions: 210COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008601F8, Relevance: 9.3, APIs: 6, Instructions: 255COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088558B, Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008850DD, Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088526F, Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00863187, Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088551D, Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00877199, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0087B5C7, Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008450DB, Relevance: 9.0, APIs: 6, Instructions: 29threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008783D9, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008912A0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008AD3C9, Relevance: 7.6, APIs: 5, Instructions: 120sleepCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088C3AE, Relevance: 7.6, APIs: 5, Instructions: 118COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008794AE, Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00885071, Relevance: 7.6, APIs: 5, Instructions: 78COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008770BF, Relevance: 7.6, APIs: 5, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008450CF, Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A8357, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 228comCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00866528, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008611F9, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0086122B, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0086125D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A812C, Relevance: 6.2, APIs: 4, Instructions: 176COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0084407F, Relevance: 6.1, APIs: 4, Instructions: 130COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088D19C, Relevance: 6.1, APIs: 4, Instructions: 103fileCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00880311, Relevance: 6.1, APIs: 4, Instructions: 102COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008793FE, Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A4345, Relevance: 6.1, APIs: 4, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008AA224, Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00860165, Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00877215, Relevance: 6.0, APIs: 4, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00866406, Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0084506D, Relevance: 6.0, APIs: 4, Instructions: 16threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00896362, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181shareCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008782B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00881297, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008724F3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089907F, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00886069, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0086704A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |