Windows
Analysis Report
Halkbank_Ekstre_20220128_081138_756957 (1).exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Halkbank_Ekstre_20220128_081138_756957 (1).exe (PID: 3496 cmdline:
"C:\Users\ user\Deskt op\Halkban k_Ekstre_2 0220128_08 1138_75695 7 (1).exe" MD5: 749AAF49615AA07EDC9755541B213A4A) - powershell.exe (PID: 4744 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" -enc WwBUA GgAcgBlAGE AZABpAG4AZ wAuAFQAaAB yAGUAYQBkA F0AOgA6AFM AbABlAGUAc AAoADIAMAA wADAAMAApA A== MD5: DBA3E6449E97D4E3DF64527EF7012A10) - conhost.exe (PID: 5468 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - Halkbank_Ekstre_20220128_081138_756957 (1).exe (PID: 2328 cmdline:
C:\Users\u ser\Deskto p\Halkbank _Ekstre_20 220128_081 138_756957 (1).exe MD5: 749AAF49615AA07EDC9755541B213A4A)
- cleanup
{"C2 list": ["www.healthonline.store/po6r/"], "decoy": ["jnhuichuangxin.com", "mubashir.art", "extol.design", "doyyindh.xyz", "milanoautoexperts.com", "4thefringe.com", "453511.com", "sellathonautocredit.com", "velgian.com", "6672pk.com", "wodeluzhou.com", "sumiyoshiku-hizaita.xyz", "imoveldeprimeira.com", "dgjssp.com", "endokc.com", "side-clicks.com", "cashndashfinancial.com", "vanhemelryck.info", "agamitrading.com", "woofgang.xyz", "atnetworkinc.com", "malleshtekumatla.com", "com-home.xyz", "buildyourmtg.com", "viairazur.xyz", "drproteaches.com", "amaznsavings.com", "karencharlestonrealtor.com", "bootstrategy.com", "mimtgexpert.com", "sebzvault.com", "brtaclub.com", "gicarellc.com", "annehonorato.com", "rafalgar.com", "bergenyouthorchestra.com", "entrevistasesenciales.com", "thekneedoctors.com", "grosseilemireal.estate", "celestialdrone.art", "bouwdrogerhurenvlaanderen.com", "koppakart.com", "irishykater.quest", "blinglj.com", "editorparmindersingh.com", "klnhanced.quest", "divinebehaviorsolutions.com", "amprope.com", "futuracart.com", "ditrhub.com", "eaoeducationprogramme.com", "smartplumbing.services", "revelandlaceevents.com", "bikedh.xyz", "pacificdevelopmentstudio.com", "palisadesskivacation.com", "happy-pets.xyz", "killyourselfnigger.com", "sonicdrillinginstitute.com", "alibabascientific.com", "sh-leming.com", "aseelrealestate.com", "lohmueller.gmbh", "ngoccompany.com"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Click to see the 24 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
Click to see the 28 entries |
System Summary |
---|
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: frack113: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Avira URL Cloud: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 17_2_0041567B | |
Source: | Code function: | 17_2_004157D7 |
Networking |
---|
Source: | URLs: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00E61539 | |
Source: | Code function: | 0_2_05DB0F18 | |
Source: | Code function: | 0_2_05DB0162 | |
Source: | Code function: | 0_2_05DB0040 | |
Source: | Code function: | 0_2_05DB045B | |
Source: | Code function: | 0_2_05DB0FDA | |
Source: | Code function: | 0_2_05DB6720 | |
Source: | Code function: | 0_2_05DB0950 | |
Source: | Code function: | 0_2_05DB085B | |
Source: | Code function: | 0_2_05DB13D0 | |
Source: | Code function: | 0_2_05E97480 | |
Source: | Code function: | 0_2_05E9B438 | |
Source: | Code function: | 0_2_05E9F628 | |
Source: | Code function: | 0_2_05E9E880 | |
Source: | Code function: | 0_2_05E9E03C | |
Source: | Code function: | 0_2_05E9C4B8 | |
Source: | Code function: | 0_2_05E9B768 | |
Source: | Code function: | 0_2_00E65DE6 | |
Source: | Code function: | 1_2_005B5D68 | |
Source: | Code function: | 1_2_005B1698 | |
Source: | Code function: | 1_2_005B1690 | |
Source: | Code function: | 1_2_005BD78B | |
Source: | Code function: | 1_2_005EC2E8 | |
Source: | Code function: | 1_2_005E94BB | |
Source: | Code function: | 1_2_005E9AF8 | |
Source: | Code function: | 1_2_005EAF10 | |
Source: | Code function: | 1_2_005EA772 | |
Source: | Code function: | 1_2_076C3330 | |
Source: | Code function: | 17_2_0041D052 | |
Source: | Code function: | 17_2_0040102A | |
Source: | Code function: | 17_2_00401030 | |
Source: | Code function: | 17_2_0041B8D3 | |
Source: | Code function: | 17_2_0041C174 | |
Source: | Code function: | 17_2_0041C9FB | |
Source: | Code function: | 17_2_0041C22A | |
Source: | Code function: | 17_2_0041CC5B | |
Source: | Code function: | 17_2_00408C80 | |
Source: | Code function: | 17_2_00402D87 | |
Source: | Code function: | 17_2_00402D90 | |
Source: | Code function: | 17_2_0041C59C | |
Source: | Code function: | 17_2_0041C6C5 | |
Source: | Code function: | 17_2_0041BEC7 | |
Source: | Code function: | 17_2_00402FB0 |
Source: | Code function: | 17_2_004185E0 | |
Source: | Code function: | 17_2_00418690 | |
Source: | Code function: | 17_2_00418710 | |
Source: | Code function: | 17_2_004187C0 | |
Source: | Code function: | 17_2_0041883A | |
Source: | Code function: | 17_2_004185DA | |
Source: | Code function: | 17_2_0041868A | |
Source: | Code function: | 17_2_0041868F | |
Source: | Code function: | 17_2_0041870B |
Source: | Process Stats: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_00E6EE9D | |
Source: | Code function: | 0_2_05DBFD09 | |
Source: | Code function: | 0_2_05DB1CC9 | |
Source: | Code function: | 0_2_05DBFD01 | |
Source: | Code function: | 0_2_05DB0F09 | |
Source: | Code function: | 0_2_05DB61E6 | |
Source: | Code function: | 0_2_05E95E79 | |
Source: | Code function: | 1_2_005BF4C1 | |
Source: | Code function: | 1_2_005E5D36 | |
Source: | Code function: | 17_2_0041D04F | |
Source: | Code function: | 17_2_0041D04F | |
Source: | Code function: | 17_2_0041B838 | |
Source: | Code function: | 17_2_0041B8A2 | |
Source: | Code function: | 17_2_0041B8A2 | |
Source: | Code function: | 17_2_00417129 | |
Source: | Code function: | 17_2_0041D04F | |
Source: | Code function: | 17_2_0041CD8F | |
Source: | Code function: | 17_2_00414D95 | |
Source: | Code function: | 17_2_00415EF3 | |
Source: | Code function: | 17_2_0041B838 |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Key value created or modified: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | RDTSC instruction interceptor: |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 17_2_004088D0 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 17_2_004088D0 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 PowerShell | 1 Registry Run Keys / Startup Folder | 112 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Query Registry | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Disable or Modify Tools | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 21 Virtualization/Sandbox Evasion | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 112 Process Injection | NTDS | 21 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Scheduled Transfer | 13 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 2 Obfuscated Files or Information | Cached Domain Credentials | 1 Remote System Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 11 Software Packing | DCSync | 1 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Timestomp | Proc Filesystem | 112 System Information Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cdn.discordapp.com | 162.159.130.233 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| low | |
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.159.130.233 | cdn.discordapp.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 562454 |
Start date: | 28.01.2022 |
Start time: | 22:12:22 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 49s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Halkbank_Ekstre_20220128_081138_756957 (1).exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@6/7@1/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, www.bing.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, dual-a-0001.a-msedge.net, www-bing-com.dual-a-0001.a-msedge.net, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Execution Graph export aborted for target Halkbank_Ekstre_20220128_081138_756957 (1).exe, PID 3496 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
22:14:15 | API Interceptor | |
22:15:22 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
162.159.130.233 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
cdn.discordapp.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Halkbank_Ekstre_20220128_081138_756957 (1).exe.log
Download File
Process: | C:\Users\user\Desktop\Halkbank_Ekstre_20220128_081138_756957 (1).exe |
File Type: | |
Category: | modified |
Size (bytes): | 936 |
Entropy (8bit): | 5.362425814220162 |
Encrypted: | false |
SSDEEP: | 24:ML9E4Ks2wKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7r1qE4j:MxHKXwYHKhQnoPtHoxHhAHKzvr1qHj |
MD5: | AC79CED5A2CDA485B5FCA7365DDFC804 |
SHA1: | B089977F0BE53E56517AAC414F3DC0B5D2AFE198 |
SHA-256: | A5144269866791DA4939ABCC6C5A97B898655D21807B2F0B5CAA177439FAB481 |
SHA-512: | 300C0BAE54247E706D2B139B1AC0E670D361A6DA6748E12A16E00462A571958A34B9E185B633C6F2AFD089861F0278223AB3E80B6222D893AD1B61C19AE111CE |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12872 |
Entropy (8bit): | 5.532589155084153 |
Encrypted: | false |
SSDEEP: | 192:itHdLvFiW3I9OKxjge/xF9I9LuocX+8M0pSBuJs5mwRGSKoa/tCyulDqgaFa5rz:it95ikI9OAxk9q+RwSBKnkkulGgGIz |
MD5: | D57782985CAE42AD44017C1D0357A773 |
SHA1: | DA1733F5CF096540BA418A67D77E9E93B70EDCEB |
SHA-256: | CC16500C8B60BA9590248DD8252A77F1358377EC62A959701A3BA696EB542825 |
SHA-512: | 3D71A3A2ACA0D76833FB476B0997C64656F42DE9FA2A26C426B6D02B2F723AC7799F678A009DC43ED439D38C21D726EF514190C1650535E40FAFAC8ACB930656 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\Halkbank_Ekstre_20220128_081138_756957 (1).exe |
File Type: | |
Category: | dropped |
Size (bytes): | 17408 |
Entropy (8bit): | 5.491133599595456 |
Encrypted: | false |
SSDEEP: | 384:JtbZLfofbrTmLqLRLvm+P7V5KGQxy3d7OU3YfIDtPP:Jt5AfbjF++hv3QYYfE |
MD5: | 749AAF49615AA07EDC9755541B213A4A |
SHA1: | 8E856CAE4E8D14C7D37F5D8342FC2D30ACFEDE64 |
SHA-256: | D47BD2FF5D90D64D18485203E59A952E485A39F98E3D54258A578B13D9136AE7 |
SHA-512: | A3B731A35B418AB43EFC8D09E2373BB659DC78FA8408FA6EDC6DA66D13E03F13228B6DB22EAB4A47BE96A99C162C09D01565182E3684E61A0FA017E9C7B4F7B7 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\Halkbank_Ekstre_20220128_081138_756957 (1).exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
C:\Users\user\Documents\20220128\PowerShell_transcript.210979.n+7rO7_o.20220128221324.txt
Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1030 |
Entropy (8bit): | 5.220546136298674 |
Encrypted: | false |
SSDEEP: | 24:BxSACG7vBZD0x2DOXUWThCkmJRqtPCWbHjeTKKjX4CIym1ZJXavAnxSAZGx:BZCsvjD0oOzhnmJgtPVbqDYB1Zgv+ZZm |
MD5: | 1305A1F95E59F02A4C0EB838EE1EEABA |
SHA1: | E60EDFDED060D499D762B765BD86E92ACA7D2F68 |
SHA-256: | 6DFA4843285CE411784534A1A2582A28B0BE47CE783B4407D5C4592CA56C8F72 |
SHA-512: | 98E186F9E6CC0A9D5918738E742107153223904F24368F6E8A492B48E6D4EB6D8C53BBB755AF119F2889C9A1E1E7B331C5EE5B43DDBF1C84A7242188EF85BE61 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.491133599595456 |
TrID: |
|
File name: | Halkbank_Ekstre_20220128_081138_756957 (1).exe |
File size: | 17408 |
MD5: | 749aaf49615aa07edc9755541b213a4a |
SHA1: | 8e856cae4e8d14c7d37f5d8342fc2d30acfede64 |
SHA256: | d47bd2ff5d90d64d18485203e59a952e485a39f98e3d54258a578b13d9136ae7 |
SHA512: | a3b731a35b418ab43efc8d09e2373bb659dc78fa8408fa6edc6da66d13e03f13228b6db22eab4a47be96a99c162c09d01565182e3684e61a0fa017e9c7b4f7b7 |
SSDEEP: | 384:JtbZLfofbrTmLqLRLvm+P7V5KGQxy3d7OU3YfIDtPP:Jt5AfbjF++hv3QYYfE |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... ...............0......,......z5... ...@....@.. ....................................@................................ |
Icon Hash: | d0d8ac94aab68cac |
Entrypoint: | 0x40357a |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0xE0201BDD [Fri Feb 25 20:11:09 2089 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3528 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4000 | 0x293c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x8000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x350c | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x1580 | 0x1600 | False | 0.552556818182 | data | 5.41376989339 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x4000 | 0x293c | 0x2a00 | False | 0.447265625 | data | 5.33465826805 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x8000 | 0xc | 0x200 | False | 0.044921875 | data | 0.0815394123432 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x4140 | 0x1200 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 391205461, next used block 36647478 | ||
RT_ICON | 0x5350 | 0xa00 | data | ||
RT_ICON | 0x5d60 | 0x600 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x6370 | 0x30 | data | ||
RT_VERSION | 0x63b0 | 0x38c | PGP symmetric key encrypted data - Plaintext or unencrypted data | ||
RT_MANIFEST | 0x674c | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright (c) 2012-2022 YANDEX LLC. All Rights Reserved. |
Assembly Version | 22.1.0.2517 |
InternalName | Cszji.exe |
FileVersion | 22.1.0.2517 |
CompanyName | YANDEX LLC |
LegalTrademarks | |
Comments | Yandex |
ProductName | Yandex |
ProductVersion | 22.1.0.2517 |
FileDescription | Yandex |
OriginalFilename | Cszji.exe |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 28, 2022 22:14:30.813638926 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:30.813698053 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:30.813781977 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.206742048 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.206774950 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.251158953 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.251312971 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.256405115 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.256417990 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.256688118 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.422004938 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.560879946 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.605885983 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.617537975 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.617604971 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.617641926 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.617671013 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.617676020 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.617696047 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.617710114 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.617753983 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.617789030 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.617799044 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.617808104 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.617844105 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.617855072 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.617878914 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.617921114 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.617929935 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.617959976 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.617989063 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618004084 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618014097 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618046045 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618058920 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618067980 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618099928 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618109941 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618119001 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618145943 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618168116 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618176937 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618207932 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618220091 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618228912 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618262053 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618283033 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618288994 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618319035 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618339062 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618345976 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618374109 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618387938 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618396044 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618427038 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618443966 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618449926 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618480921 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618491888 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618498087 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618529081 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618546009 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618551970 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618581057 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618596077 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618602991 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618653059 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618659019 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618685007 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618715048 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618726969 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618732929 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618771076 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618772030 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618779898 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618808985 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618834019 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.618840933 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.618865967 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.635678053 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.635777950 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.635782003 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.635801077 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.635823011 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.635828972 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.635874033 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.635875940 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.635888100 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.635921955 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.635922909 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.635960102 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.635967970 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.635977030 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.635997057 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.636002064 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.636025906 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.636032104 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.636043072 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.636045933 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.636068106 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.636070967 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.636080027 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.636104107 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.636137009 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.652801037 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.652873039 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.652910948 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.652915955 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.652934074 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.652952909 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.652956963 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.652995110 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653001070 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653009892 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653033018 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653033972 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653067112 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653070927 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653074026 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653080940 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653115988 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653117895 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653157949 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653162003 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653171062 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653203964 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653217077 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653261900 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653270960 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653281927 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653312922 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653321028 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653336048 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653348923 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653386116 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653393984 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653404951 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653431892 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653439999 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653466940 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653486967 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653533936 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653539896 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653549910 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653595924 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653599977 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653609037 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653644085 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653652906 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653666019 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653672934 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653698921 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653723955 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653762102 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653772116 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653781891 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653785944 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653814077 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653821945 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653835058 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653845072 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653873920 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653881073 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653908968 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653924942 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653934002 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.653954029 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.653959990 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654006004 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654014111 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654028893 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654055119 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654062986 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654074907 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654084921 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654119015 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654125929 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654153109 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654165983 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654172897 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654207945 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654216051 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654258966 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654262066 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654272079 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654311895 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654330969 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654381037 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654388905 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654403925 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654428005 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654436111 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654447079 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654455900 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654480934 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654490948 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654499054 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654526949 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654731989 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654771090 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654791117 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654846907 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.654856920 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.654887915 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.657655001 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.657831907 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.673309088 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.673343897 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.673469067 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.673487902 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.673505068 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.673523903 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.673573017 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.673583984 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.673608065 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.673733950 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.673758030 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.673795938 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.673806906 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.673831940 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.673979998 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674000978 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674048901 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.674060106 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674079895 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.674210072 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674232960 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674278021 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.674288988 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674304962 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.674448013 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674468994 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674515009 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.674525023 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674549103 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.674706936 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674736023 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674783945 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.674796104 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674808025 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.674921036 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674942970 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.674993992 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.675005913 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.675029039 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.675142050 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.675164938 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.675201893 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.675214052 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.675240993 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.675359964 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.675381899 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.675420046 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.675430059 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.675446987 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.675601959 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.675625086 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.675673962 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.675684929 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.675697088 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.675833941 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.675856113 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.675898075 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.675909042 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.675932884 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.676018953 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.676063061 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.676085949 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.676130056 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.676139116 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.676162004 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.676197052 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.676311970 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.676333904 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.676387072 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.676395893 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.676417112 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.676527023 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.676677942 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.676701069 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.676763058 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.676772118 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.676799059 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.676858902 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.676908970 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.676933050 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.676995039 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.677004099 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.677128077 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.677150965 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.677201033 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.677212000 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.677243948 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.677248001 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.677371979 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.677398920 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.677448034 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.677459002 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.677488089 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.677961111 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.691194057 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.691239119 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.691293955 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.691314936 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.691332102 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.691337109 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.691391945 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.691400051 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.691457033 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.691462994 CET | 443 | 49761 | 162.159.130.233 | 192.168.2.4 |
Jan 28, 2022 22:14:32.691504002 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Jan 28, 2022 22:14:32.693063021 CET | 49761 | 443 | 192.168.2.4 | 162.159.130.233 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 28, 2022 22:14:30.753871918 CET | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 28, 2022 22:14:30.775060892 CET | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 28, 2022 22:14:30.753871918 CET | 192.168.2.4 | 8.8.8.8 | 0x752 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 28, 2022 22:14:30.775060892 CET | 8.8.8.8 | 192.168.2.4 | 0x752 | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 22:14:30.775060892 CET | 8.8.8.8 | 192.168.2.4 | 0x752 | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 22:14:30.775060892 CET | 8.8.8.8 | 192.168.2.4 | 0x752 | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 22:14:30.775060892 CET | 8.8.8.8 | 192.168.2.4 | 0x752 | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 22:14:30.775060892 CET | 8.8.8.8 | 192.168.2.4 | 0x752 | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49761 | 162.159.130.233 | 443 | C:\Users\user\Desktop\Halkbank_Ekstre_20220128_081138_756957 (1).exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-01-28 21:14:32 UTC | 0 | OUT | |
2022-01-28 21:14:32 UTC | 0 | IN | |
2022-01-28 21:14:32 UTC | 1 | IN | |
2022-01-28 21:14:32 UTC | 1 | IN | |
2022-01-28 21:14:32 UTC | 2 | IN | |
2022-01-28 21:14:32 UTC | 4 | IN | |
2022-01-28 21:14:32 UTC | 5 | IN | |
2022-01-28 21:14:32 UTC | 6 | IN | |
2022-01-28 21:14:32 UTC | 8 | IN | |
2022-01-28 21:14:32 UTC | 9 | IN | |
2022-01-28 21:14:32 UTC | 10 | IN | |
2022-01-28 21:14:32 UTC | 12 | IN | |
2022-01-28 21:14:32 UTC | 13 | IN | |
2022-01-28 21:14:32 UTC | 14 | IN | |
2022-01-28 21:14:32 UTC | 16 | IN | |
2022-01-28 21:14:32 UTC | 17 | IN | |
2022-01-28 21:14:32 UTC | 18 | IN | |
2022-01-28 21:14:32 UTC | 20 | IN | |
2022-01-28 21:14:32 UTC | 21 | IN | |
2022-01-28 21:14:32 UTC | 22 | IN | |
2022-01-28 21:14:32 UTC | 24 | IN | |
2022-01-28 21:14:32 UTC | 25 | IN | |
2022-01-28 21:14:32 UTC | 26 | IN | |
2022-01-28 21:14:32 UTC | 28 | IN | |
2022-01-28 21:14:32 UTC | 29 | IN | |
2022-01-28 21:14:32 UTC | 30 | IN | |
2022-01-28 21:14:32 UTC | 31 | IN | |
2022-01-28 21:14:32 UTC | 33 | IN | |
2022-01-28 21:14:32 UTC | 34 | IN | |
2022-01-28 21:14:32 UTC | 35 | IN | |
2022-01-28 21:14:32 UTC | 37 | IN | |
2022-01-28 21:14:32 UTC | 38 | IN | |
2022-01-28 21:14:32 UTC | 39 | IN | |
2022-01-28 21:14:32 UTC | 41 | IN | |
2022-01-28 21:14:32 UTC | 42 | IN | |
2022-01-28 21:14:32 UTC | 43 | IN | |
2022-01-28 21:14:32 UTC | 45 | IN | |
2022-01-28 21:14:32 UTC | 46 | IN | |
2022-01-28 21:14:32 UTC | 47 | IN | |
2022-01-28 21:14:32 UTC | 49 | IN | |
2022-01-28 21:14:32 UTC | 50 | IN | |
2022-01-28 21:14:32 UTC | 51 | IN | |
2022-01-28 21:14:32 UTC | 53 | IN | |
2022-01-28 21:14:32 UTC | 54 | IN | |
2022-01-28 21:14:32 UTC | 58 | IN | |
2022-01-28 21:14:32 UTC | 62 | IN | |
2022-01-28 21:14:32 UTC | 63 | IN | |
2022-01-28 21:14:32 UTC | 68 | IN | |
2022-01-28 21:14:32 UTC | 72 | IN | |
2022-01-28 21:14:32 UTC | 76 | IN | |
2022-01-28 21:14:32 UTC | 80 | IN | |
2022-01-28 21:14:32 UTC | 84 | IN | |
2022-01-28 21:14:32 UTC | 88 | IN | |
2022-01-28 21:14:32 UTC | 92 | IN | |
2022-01-28 21:14:32 UTC | 95 | IN | |
2022-01-28 21:14:32 UTC | 100 | IN | |
2022-01-28 21:14:32 UTC | 104 | IN | |
2022-01-28 21:14:32 UTC | 108 | IN | |
2022-01-28 21:14:32 UTC | 112 | IN | |
2022-01-28 21:14:32 UTC | 116 | IN | |
2022-01-28 21:14:32 UTC | 120 | IN | |
2022-01-28 21:14:32 UTC | 124 | IN | |
2022-01-28 21:14:32 UTC | 127 | IN | |
2022-01-28 21:14:32 UTC | 132 | IN | |
2022-01-28 21:14:32 UTC | 136 | IN | |
2022-01-28 21:14:32 UTC | 140 | IN | |
2022-01-28 21:14:32 UTC | 144 | IN | |
2022-01-28 21:14:32 UTC | 148 | IN | |
2022-01-28 21:14:32 UTC | 152 | IN | |
2022-01-28 21:14:32 UTC | 156 | IN | |
2022-01-28 21:14:32 UTC | 159 | IN | |
2022-01-28 21:14:32 UTC | 164 | IN | |
2022-01-28 21:14:32 UTC | 168 | IN | |
2022-01-28 21:14:32 UTC | 172 | IN | |
2022-01-28 21:14:32 UTC | 176 | IN | |
2022-01-28 21:14:32 UTC | 180 | IN | |
2022-01-28 21:14:32 UTC | 184 | IN | |
2022-01-28 21:14:32 UTC | 188 | IN | |
2022-01-28 21:14:32 UTC | 192 | IN | |
2022-01-28 21:14:32 UTC | 196 | IN | |
2022-01-28 21:14:32 UTC | 200 | IN | |
2022-01-28 21:14:32 UTC | 204 | IN | |
2022-01-28 21:14:32 UTC | 209 | IN | |
2022-01-28 21:14:32 UTC | 213 | IN | |
2022-01-28 21:14:32 UTC | 216 | IN | |
2022-01-28 21:14:32 UTC | 232 | IN | |
2022-01-28 21:14:32 UTC | 248 | IN | |
2022-01-28 21:14:32 UTC | 264 | IN | |
2022-01-28 21:14:32 UTC | 280 | IN | |
2022-01-28 21:14:32 UTC | 296 | IN | |
2022-01-28 21:14:32 UTC | 312 | IN | |
2022-01-28 21:14:32 UTC | 328 | IN | |
2022-01-28 21:14:32 UTC | 344 | IN | |
2022-01-28 21:14:32 UTC | 360 | IN | |
2022-01-28 21:14:32 UTC | 376 | IN | |
2022-01-28 21:14:32 UTC | 392 | IN | |
2022-01-28 21:14:32 UTC | 408 | IN | |
2022-01-28 21:14:32 UTC | 424 | IN | |
2022-01-28 21:14:32 UTC | 440 | IN | |
2022-01-28 21:14:32 UTC | 456 | IN | |
2022-01-28 21:14:32 UTC | 472 | IN | |
2022-01-28 21:14:32 UTC | 488 | IN | |
2022-01-28 21:14:32 UTC | 504 | IN | |
2022-01-28 21:14:32 UTC | 520 | IN | |
2022-01-28 21:14:32 UTC | 536 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 22:13:17 |
Start date: | 28/01/2022 |
Path: | C:\Users\user\Desktop\Halkbank_Ekstre_20220128_081138_756957 (1).exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x750000 |
File size: | 17408 bytes |
MD5 hash: | 749AAF49615AA07EDC9755541B213A4A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 1 |
Start time: | 22:13:18 |
Start date: | 28/01/2022 |
Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1240000 |
File size: | 430592 bytes |
MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
Target ID: | 2 |
Start time: | 22:13:19 |
Start date: | 28/01/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 17 |
Start time: | 22:15:20 |
Start date: | 28/01/2022 |
Path: | C:\Users\user\Desktop\Halkbank_Ekstre_20220128_081138_756957 (1).exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb50000 |
File size: | 17408 bytes |
MD5 hash: | 749AAF49615AA07EDC9755541B213A4A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Function 05E9B438 Relevance: 4.9, Strings: 3, Instructions: 1115COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9B768 Relevance: 3.0, Strings: 2, Instructions: 507COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9E880 Relevance: 1.8, Strings: 1, Instructions: 518COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E97480 Relevance: 1.6, Strings: 1, Instructions: 331COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB0F18 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9E03C Relevance: .5, Instructions: 544COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB0040 Relevance: .3, Instructions: 255COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9F628 Relevance: .2, Instructions: 217COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB0162 Relevance: .2, Instructions: 204COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9D460 Relevance: 3.0, Strings: 2, Instructions: 525COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBCEE0 Relevance: 2.6, Strings: 2, Instructions: 81COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6E361 Relevance: 1.6, Strings: 1, Instructions: 323COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6F746 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9A900 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBB970 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E97470 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBEEE8 Relevance: .9, Instructions: 892COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DA0658 Relevance: .7, Instructions: 667COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DA1520 Relevance: .6, Instructions: 566COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBEED0 Relevance: .5, Instructions: 540COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBEF91 Relevance: .5, Instructions: 481COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DA0048 Relevance: .4, Instructions: 440COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB8FE0 Relevance: .4, Instructions: 434COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBD598 Relevance: .4, Instructions: 383COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB62B9 Relevance: .4, Instructions: 378COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBC8E0 Relevance: .4, Instructions: 371COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DA1CDD Relevance: .3, Instructions: 344COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6F284 Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E935C0 Relevance: .3, Instructions: 340COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E95FE0 Relevance: .3, Instructions: 340COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB8A48 Relevance: .3, Instructions: 305COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBB390 Relevance: .3, Instructions: 299COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB6168 Relevance: .3, Instructions: 295COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBA078 Relevance: .3, Instructions: 290COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E96448 Relevance: .3, Instructions: 288COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB3354 Relevance: .3, Instructions: 277COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E99C28 Relevance: .3, Instructions: 275COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB8A39 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBC060 Relevance: .3, Instructions: 257COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBAC88 Relevance: .3, Instructions: 251COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9F100 Relevance: .2, Instructions: 236COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB4520 Relevance: .2, Instructions: 234COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB5BE0 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBD587 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DA1699 Relevance: .2, Instructions: 213COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB24C0 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB51E8 Relevance: .2, Instructions: 197COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB7460 Relevance: .2, Instructions: 195COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBB020 Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBE5B8 Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9CAF4 Relevance: .2, Instructions: 176COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E60968 Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E98870 Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9A320 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB9588 Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB5F58 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB21F8 Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E99294 Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E935B1 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E95FD1 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E95880 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBB010 Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB1D28 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB83A8 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB7CFF Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB3ED8 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E60471 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBE3F0 Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB7ED9 Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9A510 Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E60480 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB5AF8 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB2248 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB33E4 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E91690 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBBF28 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E91CE0 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB83E0 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E91988 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E934B0 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9B429 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DA1AB3 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBD030 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB5500 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DA2182 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB8910 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB7BE0 Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E604C0 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E97860 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBE5A8 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB87D0 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6494D Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB44C8 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB3610 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E60870 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB1298 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DA199B Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB3E20 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB88FE Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9D38C Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E923E0 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E64968 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9A50C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E98C10 Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9F5E1 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9859F Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E997A5 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB4F18 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB3958 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E973D8 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBBA61 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBCE28 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6EC60 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E99A50 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBCE38 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6F570 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBEDBB Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9DC6C Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB5ED0 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB60D0 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6F560 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBA541 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB43B0 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E606A9 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB1288 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB4DA8 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBA550 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9A870 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DA2374 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBA619 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6E171 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DA037D Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB33C4 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB33A8 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E60608 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E99660 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBA5D9 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB43C0 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E96FB8 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E97251 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBD4EF Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6F4D0 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E606B8 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6FF60 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6FF50 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E940F8 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DA1505 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBA628 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB8BA5 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6F688 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E99631 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBBBC1 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E60618 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB3968 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6E180 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9AFBF Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E64468 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E991BC Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9AF20 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB79E8 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB4AD0 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E91A08 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB55F0 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9AA44 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E64470 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB86E9 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6F620 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB4460 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E94CC7 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB7DD8 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB5410 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E991B0 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E98A58 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB4450 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB86F8 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB31A0 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E91628 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB7CB0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB59F0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB5600 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB5A98 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBB2B0 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBD500 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB0F10 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9965C Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB9F90 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E94CD8 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB79D7 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6F687 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E96F58 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E91638 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E97600 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E93A10 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB7CC0 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E64010 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB44B8 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB31B0 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBB2C0 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBDA1B Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBDA12 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E92E50 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB5A00 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB7990 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E612D8 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E92E60 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E64020 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9CCF0 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E97300 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9AF88 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9AF78 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9CD00 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E60438 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E98130 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9CCFC Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB3170 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E60B58 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9813C Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E91421 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBBB60 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6128F Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBBB70 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E98140 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB8739 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBB193 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E980F8 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB3138 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E94CA1 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBE580 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB3178 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E612A0 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E92487 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E91430 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB3140 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E93DE9 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB954F Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBBB50 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E60448 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBB260 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBE590 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB1270 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E94CB0 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6E2F0 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E93DF8 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E92498 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E97B18 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E966F0 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB9560 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB4FB0 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6ED20 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB370D Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6E790 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DBA520 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6ED28 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E6E15B Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E61539 Relevance: 17.3, Strings: 12, Instructions: 2266COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05E9C4B8 Relevance: 1.6, Strings: 1, Instructions: 376COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB13D0 Relevance: 1.5, Strings: 1, Instructions: 288COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB6720 Relevance: .4, Instructions: 436COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB085B Relevance: .3, Instructions: 338COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB0950 Relevance: .2, Instructions: 213COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB0FDA Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05DB045B Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 12.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 83 |
Total number of Limit Nodes: | 3 |
Graph
Function 005B5D68 Relevance: .4, Instructions: 378COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B7C60 Relevance: 1.6, Strings: 1, Instructions: 386COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005E12FC Relevance: 1.6, APIs: 1, Instructions: 109COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005EE75C Relevance: 1.6, APIs: 1, Instructions: 108COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 076C6808 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 076C57F4 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 076C01B8 Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005EFBD9 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005E1308 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B6738 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B6728 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B9E89 Relevance: .4, Instructions: 408COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B37C0 Relevance: .4, Instructions: 402COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B7508 Relevance: .4, Instructions: 401COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BDE50 Relevance: .4, Instructions: 399COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B8208 Relevance: .3, Instructions: 346COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B67B0 Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B8B68 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BCB47 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B6E50 Relevance: .2, Instructions: 173COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B6E40 Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B8B54 Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B7C51 Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B51C8 Relevance: .1, Instructions: 139COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B9BA2 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BFE28 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B51B9 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B6AD8 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BA134 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B4A48 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B3CE0 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B86B8 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B3CD0 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B6680 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BFE18 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B528F Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B8670 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B81F7 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CFD005 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CFD01D Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B8EE0 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B66C8 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B8EF0 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B5D58 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B666F Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 2.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 1.6% |
Total number of Nodes: | 1639 |
Total number of Limit Nodes: | 45 |
Graph
Function 0041868F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
Control-flow Graph
C-Code - Quality: 23% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418690 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
Control-flow Graph
C-Code - Quality: 37% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041870B Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418710 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004188B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004188F0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004157D7 Relevance: 6.4, Strings: 5, Instructions: 123COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004088D0 Relevance: .1, Instructions: 92COMMON
C-Code - Quality: 90% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041567B Relevance: .0, Instructions: 14COMMON
C-Code - Quality: 16% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |