Windows
Analysis Report
uGfpJynSWM
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- uGfpJynSWM.exe (PID: 6360 cmdline:
"C:\Users\ user\Deskt op\uGfpJyn SWM.exe" MD5: EB84AEEF20EA974BF207DD6DF8446567) - cvtres.exe (PID: 6392 cmdline:
C:\Windows \Microsoft .NET\Frame work\v4.0. 30319\cvtr es.exe MD5: C09985AE74F0882F208D75DE27770DFA)
- cleanup
{"C2 url": ["https://t.me/korstonsales", "https://climatejustice.social/@ffoleg94"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
Windows_Trojan_Vidar_114258d5 | unknown | unknown |
| |
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
Windows_Trojan_Vidar_114258d5 | unknown | unknown |
| |
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
Click to see the 14 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
Windows_Trojan_Vidar_114258d5 | unknown | unknown |
| |
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
Windows_Trojan_Vidar_114258d5 | unknown | unknown |
| |
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
Click to see the 23 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Code function: | 1_2_0040B7EC | |
Source: | Code function: | 1_2_0040E80D | |
Source: | Code function: | 1_2_0040E3F0 | |
Source: | Code function: | 1_2_0040E575 | |
Source: | Code function: | 1_2_0040E5CE |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_0041208D | |
Source: | Code function: | 1_2_0040C955 | |
Source: | Code function: | 1_2_00411117 | |
Source: | Code function: | 1_2_004101E9 | |
Source: | Code function: | 1_2_004162AB | |
Source: | Code function: | 1_2_00408B15 | |
Source: | Code function: | 1_2_0041048F | |
Source: | Code function: | 1_2_0040954D | |
Source: | Code function: | 1_2_00411DA6 |
Source: | Code function: | 1_2_00409ADF |
Source: | Code function: | 0_2_013BE430 | |
Source: | Code function: | 0_2_013BE800 | |
Source: | Code function: | 0_2_013BD728 | |
Source: | Code function: | 0_2_013BD71E |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | Code function: | 1_2_0040A1C1 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 1_2_004166F5 |
Source: | Binary or memory string: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_013B2550 | |
Source: | Code function: | 0_2_013B29F0 | |
Source: | Code function: | 0_2_013B1C10 | |
Source: | Code function: | 0_2_013B0448 | |
Source: | Code function: | 0_2_013BC88F | |
Source: | Code function: | 0_2_013B9330 | |
Source: | Code function: | 0_2_013BEB10 | |
Source: | Code function: | 0_2_013B2F70 | |
Source: | Code function: | 0_2_013BA680 | |
Source: | Code function: | 0_2_013B3EC0 | |
Source: | Code function: | 0_2_013B5928 | |
Source: | Code function: | 0_2_013B5918 | |
Source: | Code function: | 0_2_013B29E0 | |
Source: | Code function: | 0_2_013B5C30 | |
Source: | Code function: | 0_2_013B5C20 | |
Source: | Code function: | 0_2_013B907E | |
Source: | Code function: | 0_2_013B90A8 | |
Source: | Code function: | 0_2_013B64A8 | |
Source: | Code function: | 0_2_013B6498 | |
Source: | Code function: | 0_2_013BC89C | |
Source: | Code function: | 0_2_013B1088 | |
Source: | Code function: | 0_2_013B6F31 | |
Source: | Code function: | 0_2_013BAB29 | |
Source: | Code function: | 0_2_013BAB1A | |
Source: | Code function: | 0_2_013B6F48 | |
Source: | Code function: | 0_2_013B5FD8 | |
Source: | Code function: | 0_2_013B5FC8 | |
Source: | Code function: | 0_2_013B0FC0 | |
Source: | Code function: | 0_2_013B6230 | |
Source: | Code function: | 0_2_013BCE06 | |
Source: | Code function: | 0_2_013BA671 | |
Source: | Code function: | 0_2_013BCE6A | |
Source: | Code function: | 0_2_013B6AA9 | |
Source: | Code function: | 0_2_013BAA85 | |
Source: | Code function: | 1_2_0042C072 | |
Source: | Code function: | 1_2_0040781A | |
Source: | Code function: | 1_2_0042B085 | |
Source: | Code function: | 1_2_004320B0 | |
Source: | Code function: | 1_2_0042B8B8 | |
Source: | Code function: | 1_2_0041E960 | |
Source: | Code function: | 1_2_00419970 | |
Source: | Code function: | 1_2_0040593E | |
Source: | Code function: | 1_2_0040513E | |
Source: | Code function: | 1_2_004062D9 | |
Source: | Code function: | 1_2_00431B5F | |
Source: | Code function: | 1_2_0041BB33 | |
Source: | Code function: | 1_2_004334C4 | |
Source: | Code function: | 1_2_0042BC8A | |
Source: | Code function: | 1_2_0042B51A | |
Source: | Code function: | 1_2_0040665A | |
Source: | Code function: | 1_2_0043160E | |
Source: | Code function: | 1_2_0041C6DE | |
Source: | Code function: | 1_2_0043278C |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Static file information: | |||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 1_2_00415A22 |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_013B131F | |
Source: | Code function: | 0_2_013B1240 | |
Source: | Code function: | 0_2_013B1282 | |
Source: | Code function: | 0_2_013B126B | |
Source: | Code function: | 0_2_013B1A67 | |
Source: | Code function: | 0_2_013B1A50 | |
Source: | Code function: | 0_2_013B12AD | |
Source: | Code function: | 0_2_013B1A9A | |
Source: | Code function: | 0_2_013B1296 | |
Source: | Code function: | 0_2_013B12EF | |
Source: | Code function: | 0_2_013B12D8 | |
Source: | Code function: | 0_2_013B12C4 | |
Source: | Code function: | 1_2_00420887 | |
Source: | Code function: | 1_2_00427358 |
Source: | Code function: | 1_2_0041899F |
Source: | Static PE information: |
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Icon embedded in binary file: |
Source: | Code function: | 1_2_0041899F |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 1_2_00414F0E |
Source: | Code function: | 1_2_0041208D | |
Source: | Code function: | 1_2_0040C955 | |
Source: | Code function: | 1_2_00411117 | |
Source: | Code function: | 1_2_004101E9 | |
Source: | Code function: | 1_2_004162AB | |
Source: | Code function: | 1_2_00408B15 | |
Source: | Code function: | 1_2_0041048F | |
Source: | Code function: | 1_2_0040954D | |
Source: | Code function: | 1_2_00411DA6 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 1_2_00409ADF |
Source: | API call chain: | graph_1-22798 | ||
Source: | API call chain: | graph_1-23054 | ||
Source: | API call chain: | graph_1-23052 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | Code function: | 0_2_013BE628 |
Source: | Code function: | 1_2_00423890 |
Source: | Code function: | 1_2_0041899F |
Source: | Code function: | 1_2_00414C66 |
Source: | Process queried: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 1_2_00423890 | |
Source: | Code function: | 1_2_0041DA9B | |
Source: | Code function: | 1_2_00428C1D |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 1_2_0042E8D7 | |
Source: | Code function: | 1_2_0042A969 | |
Source: | Code function: | 1_2_0041593C | |
Source: | Code function: | 1_2_0042E9B1 | |
Source: | Code function: | 1_2_0042A249 | |
Source: | Code function: | 1_2_0042AA5E | |
Source: | Code function: | 1_2_00429283 | |
Source: | Code function: | 1_2_0042AB60 | |
Source: | Code function: | 1_2_0042AB05 | |
Source: | Code function: | 1_2_00421BE1 | |
Source: | Code function: | 1_2_0042AD31 | |
Source: | Code function: | 1_2_0042A537 | |
Source: | Code function: | 1_2_004295ED | |
Source: | Code function: | 1_2_0042ADF1 | |
Source: | Code function: | 1_2_0042AE58 | |
Source: | Code function: | 1_2_00422ED2 | |
Source: | Code function: | 1_2_0042AE94 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_00415890 |
Source: | Code function: | 1_2_00415890 |
Source: | Code function: | 1_2_0040BE20 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 11 Native API | Path Interception | 312 Process Injection | 11 Masquerading | 1 Input Capture | 2 System Time Discovery | Remote Services | 1 Screen Capture | Exfiltration Over Other Network Medium | 21 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 131 Security Software Discovery | Remote Desktop Protocol | 1 Input Capture | Exfiltration Over Bluetooth | 2 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 31 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 1 Archive Collected Data | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 312 Process Injection | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 13 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Account Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 4 Obfuscated Files or Information | Cached Domain Credentials | 1 System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 3 Software Packing | DCSync | 1 Remote System Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 2 File and Directory Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 24 System Information Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
68% | Virustotal | Browse | ||
31% | Metadefender | Browse | ||
81% | ReversingLabs | ByteCode-MSIL.Trojan.AgentTesla | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/AD.GenSteal.nsaqr | Download File | ||
100% | Avira | TR/AD.GenSteal.nsaqr | Download File | ||
100% | Avira | TR/AD.GenSteal.nsaqr | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/AD.GenSteal.nsaqr | Download File | ||
100% | Avira | TR/AD.GenSteal.nsaqr | Download File | ||
100% | Avira | TR/AD.GenSteal.nsaqr | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
t.me | 149.154.167.99 | true | false | high | |
climatejustice.social | 167.86.107.75 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false | high | |||
true |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false | high | |||
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.159.249.4 | unknown | Russian Federation | 44676 | VMAGE-ASRU | false | |
167.86.107.75 | climatejustice.social | Germany | 51167 | CONTABODE | true | |
149.154.167.99 | t.me | United Kingdom | 62041 | TELEGRAMRU | false |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 679146 |
Start date and time: 05/08/202210:48:11 | 2022-08-05 10:48:11 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | uGfpJynSWM (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@3/1@2/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 23.211.4.86, 23.211.6.115
- Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
10:49:12 | API Interceptor | |
10:49:38 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
45.159.249.4 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
167.86.107.75 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
149.154.167.99 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
t.me | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
climatejustice.social | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
VMAGE-ASRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
CONTABODE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Users\user\Desktop\uGfpJynSWM.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 226 |
Entropy (8bit): | 5.3467126928258955 |
Encrypted: | false |
SSDEEP: | 6:Q3La/xw5DLIP12MUAvvR+uTL2LDY3U21v:Q3La/KDLI4MWuPk21v |
MD5: | DD8B7A943A5D834CEEAB90A6BBBF4781 |
SHA1: | 2BED8D47DF1C0FF76B40811E5F11298BD2D06389 |
SHA-256: | E1D0A304B16BE51AE361E392A678D887AB0B76630B42A12D252EDC0484F0333B |
SHA-512: | 24167174EA259CAF57F65B9B9B9C113DD944FC957DB444C2F66BC656EC2E6565EFE4B4354660A5BE85CE4847434B3BDD4F7E05A9E9D61F4CC99FF0284DAA1C87 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.77740759573974 |
TrID: |
|
File name: | uGfpJynSWM.exe |
File size: | 374960 |
MD5: | eb84aeef20ea974bf207dd6df8446567 |
SHA1: | 624a1e8510a1d7f3ff05693c30d724f19aaf5a1a |
SHA256: | 9f532c8749bc71b3fc723d42f86300ae5a583515817da2aad40c858f163d01f8 |
SHA512: | b2cf0b9aaacfc8e2fd6c517c0e49ff977b44097904cdf84a7d2a8324fc9525d0937442bf433e9a442e46914caf529b3e37d86097a36a761291e13c100aa30d3a |
SSDEEP: | 6144:wZJyvX/Kbhi5cqHYUAze34brlMoiGmWMG7u7isZaozdV4vMqmKEVDA:UJyvki3HYeMrlvKG7QiWbV4vMqmKF |
TLSH: | 7784F09D3681758FC446FEF59AB01D145620BC6B0717C243E8B73A7C9A3D28BDE811AE |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z.b..............0..............)... ...@....@.. ..............................BQ....`................................ |
Icon Hash: | 0f4d494919151b03 |
Entrypoint: | 0x45298e |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x62D65AB0 [Tue Jul 19 07:18:08 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Signature Valid: | false |
Signature Issuer: | CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 58F27306512AAEE9028766C21733D912 |
Thumbprint SHA-1: | DB4336A6DC808C8F6A4944FA8E8D6A9E703F8915 |
Thumbprint SHA-256: | C2DCD22E0E7CB9619DF76810B301291CF07A18DF244C05D059A8BA2137E34CFE |
Serial: | 0970EF4BAD5CC44A1C2BC3D96401674C |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x52940 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x54000 | 0x848e | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x59400 | 0x24b0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x5e000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x528ec | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x50994 | 0x50a00 | False | 0.9173994670542636 | data | 7.888541504684198 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x54000 | 0x848e | 0x8600 | False | 0.285185401119403 | data | 5.202876902230195 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x5e000 | 0xc | 0x200 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x541d8 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x54640 | 0x10a8 | data | ||
RT_ICON | 0x556e8 | 0x25a8 | data | ||
RT_ICON | 0x57c90 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 | ||
RT_GROUP_ICON | 0x5beb8 | 0x3e | data | ||
RT_VERSION | 0x5bef8 | 0x3ac | data | ||
RT_MANIFEST | 0x5c2a4 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 5, 2022 10:49:17.171144009 CEST | 49765 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:17.171211958 CEST | 443 | 49765 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:17.171312094 CEST | 49765 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:17.193044901 CEST | 49765 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:17.193099022 CEST | 443 | 49765 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:17.262348890 CEST | 443 | 49765 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:17.262528896 CEST | 49765 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:17.581129074 CEST | 49765 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:17.581168890 CEST | 443 | 49765 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:17.581739902 CEST | 443 | 49765 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:17.582654953 CEST | 49765 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:17.585340977 CEST | 49765 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:17.627368927 CEST | 443 | 49765 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:17.636874914 CEST | 443 | 49765 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:17.636929035 CEST | 443 | 49765 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:17.636996984 CEST | 443 | 49765 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:17.637042046 CEST | 443 | 49765 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:17.637079954 CEST | 49765 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:17.637162924 CEST | 49765 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:17.646790028 CEST | 49765 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:17.646811008 CEST | 443 | 49765 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:17.822324038 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.822375059 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:17.822464943 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.823045969 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.823062897 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:17.881386042 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:17.881527901 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.889517069 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.889543056 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:17.889785051 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:17.889859915 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.891252995 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.931379080 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:17.989860058 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:17.989950895 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:17.989989042 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:17.990004063 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.990036011 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:17.990055084 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.990101099 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:17.990103006 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.990138054 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.990145922 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:17.990194082 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.990240097 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:17.990247965 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.990252018 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.990319014 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.990926981 CEST | 49766 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:17.990952015 CEST | 443 | 49766 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:18.076406002 CEST | 49767 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:49:21.101856947 CEST | 49767 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:49:27.102472067 CEST | 49767 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:49:39.262178898 CEST | 49768 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:39.262228966 CEST | 443 | 49768 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:39.262325048 CEST | 49768 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:39.262857914 CEST | 49768 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:39.262883902 CEST | 443 | 49768 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:39.320316076 CEST | 443 | 49768 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:39.320477009 CEST | 49768 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:39.323276997 CEST | 49768 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:39.323291063 CEST | 443 | 49768 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:39.327929020 CEST | 49768 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:39.327943087 CEST | 443 | 49768 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:39.388520956 CEST | 443 | 49768 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:39.388573885 CEST | 443 | 49768 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:39.388657093 CEST | 443 | 49768 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:39.388684988 CEST | 443 | 49768 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:39.388708115 CEST | 49768 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:39.388721943 CEST | 49768 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:39.388786077 CEST | 49768 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:39.392898083 CEST | 49768 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:49:39.392926931 CEST | 443 | 49768 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:49:39.409035921 CEST | 49769 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:39.409100056 CEST | 443 | 49769 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:39.409226894 CEST | 49769 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:39.409776926 CEST | 49769 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:39.409800053 CEST | 443 | 49769 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:39.455121040 CEST | 443 | 49769 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:39.457098007 CEST | 49769 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:39.457684994 CEST | 49769 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:39.457705975 CEST | 443 | 49769 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:39.463613033 CEST | 49769 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:39.463638067 CEST | 443 | 49769 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:39.582288027 CEST | 443 | 49769 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:39.582314968 CEST | 443 | 49769 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:39.582376957 CEST | 443 | 49769 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:39.582446098 CEST | 49769 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:39.582518101 CEST | 443 | 49769 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:39.582587957 CEST | 49769 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:39.582602978 CEST | 443 | 49769 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:39.582655907 CEST | 49769 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:39.582688093 CEST | 49769 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:39.583306074 CEST | 49769 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:49:39.583337069 CEST | 443 | 49769 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:49:39.600704908 CEST | 49770 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:49:42.588087082 CEST | 49770 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:49:48.588609934 CEST | 49770 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:50:00.857614994 CEST | 49786 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:00.857666969 CEST | 443 | 49786 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:00.857789993 CEST | 49786 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:00.858506918 CEST | 49786 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:00.858522892 CEST | 443 | 49786 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:00.917665958 CEST | 443 | 49786 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:00.917768955 CEST | 49786 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:00.918248892 CEST | 49786 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:00.918258905 CEST | 443 | 49786 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:00.963068962 CEST | 49786 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:00.963099003 CEST | 443 | 49786 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:01.002574921 CEST | 443 | 49786 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:01.002677917 CEST | 443 | 49786 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:01.002718925 CEST | 49786 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:01.002734900 CEST | 443 | 49786 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:01.002758980 CEST | 443 | 49786 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:01.002769947 CEST | 49786 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:01.002790928 CEST | 49786 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:01.002810955 CEST | 49786 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:01.002818108 CEST | 443 | 49786 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:01.002854109 CEST | 49786 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:01.002885103 CEST | 443 | 49786 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:01.002928019 CEST | 49786 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:01.003129959 CEST | 49786 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:01.003148079 CEST | 443 | 49786 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:01.016935110 CEST | 49787 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:01.017002106 CEST | 443 | 49787 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:01.017138004 CEST | 49787 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:01.017698050 CEST | 49787 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:01.017721891 CEST | 443 | 49787 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:01.065365076 CEST | 443 | 49787 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:01.065444946 CEST | 49787 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:01.065948963 CEST | 49787 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:01.065965891 CEST | 443 | 49787 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:01.080034018 CEST | 49787 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:01.080068111 CEST | 443 | 49787 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:01.231920004 CEST | 443 | 49787 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:01.231950998 CEST | 443 | 49787 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:01.232009888 CEST | 443 | 49787 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:01.232088089 CEST | 49787 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:01.232104063 CEST | 443 | 49787 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:01.232125998 CEST | 443 | 49787 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:01.232145071 CEST | 49787 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:01.232198954 CEST | 49787 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:01.242476940 CEST | 49787 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:01.242512941 CEST | 443 | 49787 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:01.262342930 CEST | 49788 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:50:04.355597973 CEST | 49788 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:50:10.356084108 CEST | 49788 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:50:22.499862909 CEST | 49801 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:22.499911070 CEST | 443 | 49801 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:22.500017881 CEST | 49801 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:22.500943899 CEST | 49801 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:22.500965118 CEST | 443 | 49801 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:22.559720039 CEST | 443 | 49801 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:22.563486099 CEST | 49801 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:22.563986063 CEST | 49801 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:22.563997984 CEST | 443 | 49801 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:22.568381071 CEST | 49801 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:22.568402052 CEST | 443 | 49801 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:22.654177904 CEST | 443 | 49801 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:22.654242992 CEST | 443 | 49801 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:22.654376030 CEST | 443 | 49801 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:22.654377937 CEST | 49801 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:22.654464960 CEST | 49801 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:22.655678988 CEST | 49801 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:22.655699015 CEST | 443 | 49801 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:22.674810886 CEST | 49802 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:22.674860001 CEST | 443 | 49802 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:22.674976110 CEST | 49802 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:22.675597906 CEST | 49802 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:22.675628901 CEST | 443 | 49802 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:22.722220898 CEST | 443 | 49802 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:22.722506046 CEST | 49802 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:22.722961903 CEST | 49802 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:22.722980022 CEST | 443 | 49802 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:22.727132082 CEST | 49802 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:22.727150917 CEST | 443 | 49802 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:22.857398033 CEST | 443 | 49802 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:22.857456923 CEST | 443 | 49802 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:22.857494116 CEST | 443 | 49802 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:22.859236002 CEST | 49802 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:22.859266043 CEST | 443 | 49802 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:22.859282017 CEST | 443 | 49802 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:22.859389067 CEST | 49802 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:22.861351967 CEST | 49802 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:22.861370087 CEST | 443 | 49802 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:22.876609087 CEST | 49804 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:50:25.982403994 CEST | 49804 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:50:31.998555899 CEST | 49804 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:50:44.119946957 CEST | 49854 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:44.119992018 CEST | 443 | 49854 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:44.120143890 CEST | 49854 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:44.120920897 CEST | 49854 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:44.120933056 CEST | 443 | 49854 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:44.176810980 CEST | 443 | 49854 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:44.176940918 CEST | 49854 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:44.177670002 CEST | 49854 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:44.177689075 CEST | 443 | 49854 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:44.197926044 CEST | 49854 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:44.197945118 CEST | 443 | 49854 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:44.244199038 CEST | 443 | 49854 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:44.244241953 CEST | 443 | 49854 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:44.244283915 CEST | 443 | 49854 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:44.244322062 CEST | 49854 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:44.244355917 CEST | 443 | 49854 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:44.244373083 CEST | 49854 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:44.244379997 CEST | 443 | 49854 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:44.244432926 CEST | 49854 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:44.244473934 CEST | 49854 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:44.244761944 CEST | 49854 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:50:44.244791985 CEST | 443 | 49854 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:50:44.273916960 CEST | 49855 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:44.273956060 CEST | 443 | 49855 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:44.274086952 CEST | 49855 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:44.286598921 CEST | 49855 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:44.286621094 CEST | 443 | 49855 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:44.334139109 CEST | 443 | 49855 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:44.336725950 CEST | 49855 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:44.337399006 CEST | 49855 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:44.337408066 CEST | 443 | 49855 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:44.349813938 CEST | 49855 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:44.349834919 CEST | 443 | 49855 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:44.463104010 CEST | 443 | 49855 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:44.463155031 CEST | 443 | 49855 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:44.463193893 CEST | 443 | 49855 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:44.463303089 CEST | 49855 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:44.463330984 CEST | 443 | 49855 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:44.463371992 CEST | 443 | 49855 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:44.463383913 CEST | 49855 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:44.463409901 CEST | 49855 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:44.463452101 CEST | 49855 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:44.463455915 CEST | 443 | 49855 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:44.463490009 CEST | 49855 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:44.463535070 CEST | 443 | 49855 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:44.464889050 CEST | 49855 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:44.468607903 CEST | 49855 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:50:44.468637943 CEST | 443 | 49855 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:50:44.493881941 CEST | 49856 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:50:47.499902010 CEST | 49856 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:50:53.516074896 CEST | 49856 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:51:05.645737886 CEST | 49883 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:51:05.645791054 CEST | 443 | 49883 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:51:05.645893097 CEST | 49883 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:51:05.646495104 CEST | 49883 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:51:05.646507025 CEST | 443 | 49883 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:51:05.702419043 CEST | 443 | 49883 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:51:05.707700014 CEST | 49883 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:51:05.708374023 CEST | 49883 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:51:05.708384991 CEST | 443 | 49883 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:51:05.713063955 CEST | 49883 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:51:05.713073969 CEST | 443 | 49883 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:51:05.776869059 CEST | 443 | 49883 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:51:05.776925087 CEST | 443 | 49883 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:51:05.776971102 CEST | 443 | 49883 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:51:05.777228117 CEST | 443 | 49883 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:51:05.777987003 CEST | 49883 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:51:05.778371096 CEST | 49883 | 443 | 192.168.2.7 | 149.154.167.99 |
Aug 5, 2022 10:51:05.778393030 CEST | 443 | 49883 | 149.154.167.99 | 192.168.2.7 |
Aug 5, 2022 10:51:05.799880028 CEST | 49884 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:51:05.799920082 CEST | 443 | 49884 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:51:05.800045013 CEST | 49884 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:51:05.800621986 CEST | 49884 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:51:05.800642967 CEST | 443 | 49884 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:51:05.844991922 CEST | 443 | 49884 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:51:05.859198093 CEST | 49884 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:51:05.865519047 CEST | 49884 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:51:05.865540028 CEST | 443 | 49884 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:51:05.871738911 CEST | 49884 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:51:05.871756077 CEST | 443 | 49884 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:51:05.977401972 CEST | 443 | 49884 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:51:05.977436066 CEST | 443 | 49884 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:51:05.977457047 CEST | 443 | 49884 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:51:05.977559090 CEST | 49884 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:51:05.977579117 CEST | 443 | 49884 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:51:05.977623940 CEST | 49884 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:51:05.977632046 CEST | 443 | 49884 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:51:05.977642059 CEST | 49884 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:51:05.977696896 CEST | 49884 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:51:05.978152990 CEST | 49884 | 443 | 192.168.2.7 | 167.86.107.75 |
Aug 5, 2022 10:51:05.978167057 CEST | 443 | 49884 | 167.86.107.75 | 192.168.2.7 |
Aug 5, 2022 10:51:06.006800890 CEST | 49886 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:51:09.017041922 CEST | 49886 | 80 | 192.168.2.7 | 45.159.249.4 |
Aug 5, 2022 10:51:15.017640114 CEST | 49886 | 80 | 192.168.2.7 | 45.159.249.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 5, 2022 10:49:17.122176886 CEST | 60335 | 53 | 192.168.2.7 | 8.8.8.8 |
Aug 5, 2022 10:49:17.141352892 CEST | 53 | 60335 | 8.8.8.8 | 192.168.2.7 |
Aug 5, 2022 10:49:17.786555052 CEST | 60978 | 53 | 192.168.2.7 | 8.8.8.8 |
Aug 5, 2022 10:49:17.805754900 CEST | 53 | 60978 | 8.8.8.8 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 5, 2022 10:49:17.122176886 CEST | 192.168.2.7 | 8.8.8.8 | 0xc715 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 10:49:17.786555052 CEST | 192.168.2.7 | 8.8.8.8 | 0xd64a | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 5, 2022 10:49:17.141352892 CEST | 8.8.8.8 | 192.168.2.7 | 0xc715 | No error (0) | 149.154.167.99 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 10:49:17.805754900 CEST | 8.8.8.8 | 192.168.2.7 | 0xd64a | No error (0) | 167.86.107.75 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.7 | 49765 | 149.154.167.99 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 08:49:17 UTC | 0 | OUT | |
2022-08-05 08:49:17 UTC | 0 | IN | |
2022-08-05 08:49:17 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.7 | 49766 | 167.86.107.75 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 08:49:17 UTC | 9 | OUT | |
2022-08-05 08:49:17 UTC | 10 | IN | |
2022-08-05 08:49:17 UTC | 11 | IN | |
2022-08-05 08:49:17 UTC | 26 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.7 | 49883 | 149.154.167.99 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 08:51:05 UTC | 188 | OUT | |
2022-08-05 08:51:05 UTC | 188 | IN | |
2022-08-05 08:51:05 UTC | 188 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.7 | 49884 | 167.86.107.75 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 08:51:05 UTC | 197 | OUT | |
2022-08-05 08:51:05 UTC | 198 | IN | |
2022-08-05 08:51:05 UTC | 200 | IN | |
2022-08-05 08:51:05 UTC | 214 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.7 | 49768 | 149.154.167.99 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 08:49:39 UTC | 37 | OUT | |
2022-08-05 08:49:39 UTC | 37 | IN | |
2022-08-05 08:49:39 UTC | 37 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.7 | 49769 | 167.86.107.75 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 08:49:39 UTC | 47 | OUT | |
2022-08-05 08:49:39 UTC | 47 | IN | |
2022-08-05 08:49:39 UTC | 49 | IN | |
2022-08-05 08:49:39 UTC | 63 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.7 | 49786 | 149.154.167.99 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 08:50:00 UTC | 75 | OUT | |
2022-08-05 08:50:00 UTC | 75 | IN | |
2022-08-05 08:50:00 UTC | 75 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.7 | 49787 | 167.86.107.75 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 08:50:01 UTC | 84 | OUT | |
2022-08-05 08:50:01 UTC | 85 | IN | |
2022-08-05 08:50:01 UTC | 87 | IN | |
2022-08-05 08:50:01 UTC | 101 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.7 | 49801 | 149.154.167.99 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 08:50:22 UTC | 112 | OUT | |
2022-08-05 08:50:22 UTC | 112 | IN | |
2022-08-05 08:50:22 UTC | 113 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.7 | 49802 | 167.86.107.75 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 08:50:22 UTC | 122 | OUT | |
2022-08-05 08:50:22 UTC | 123 | IN | |
2022-08-05 08:50:22 UTC | 125 | IN | |
2022-08-05 08:50:22 UTC | 139 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.7 | 49854 | 149.154.167.99 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 08:50:44 UTC | 150 | OUT | |
2022-08-05 08:50:44 UTC | 150 | IN | |
2022-08-05 08:50:44 UTC | 150 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.7 | 49855 | 167.86.107.75 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 08:50:44 UTC | 160 | OUT | |
2022-08-05 08:50:44 UTC | 160 | IN | |
2022-08-05 08:50:44 UTC | 162 | IN | |
2022-08-05 08:50:44 UTC | 176 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:49:10 |
Start date: | 05/08/2022 |
Path: | C:\Users\user\Desktop\uGfpJynSWM.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x830000 |
File size: | 374960 bytes |
MD5 hash: | EB84AEEF20EA974BF207DD6DF8446567 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 1 |
Start time: | 10:49:12 |
Start date: | 05/08/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb0000 |
File size: | 43176 bytes |
MD5 hash: | C09985AE74F0882F208D75DE27770DFA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Execution Graph
Execution Coverage: | 23.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 26.5% |
Total number of Nodes: | 113 |
Total number of Limit Nodes: | 5 |
Graph
Function 013B29F0 Relevance: 6.4, Strings: 5, Instructions: 171COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B29E0 Relevance: 6.4, Strings: 5, Instructions: 166COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BC88F Relevance: 3.0, Strings: 2, Instructions: 502COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BC89C Relevance: 2.9, Strings: 2, Instructions: 448COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B3EC0 Relevance: 2.8, Strings: 2, Instructions: 296COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BE628 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B2550 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B6AA9 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BA671 Relevance: .3, Instructions: 301COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BA680 Relevance: .3, Instructions: 301COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BAA85 Relevance: .3, Instructions: 281COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BAB29 Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BAB1A Relevance: .3, Instructions: 255COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B9330 Relevance: .3, Instructions: 254COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B1C10 Relevance: .2, Instructions: 248COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BEB10 Relevance: .2, Instructions: 230COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BCE6A Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BCE06 Relevance: .2, Instructions: 162COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B2F70 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B0448 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B9FB8 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B9FC0 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B9D41 Relevance: 1.6, APIs: 1, Instructions: 102memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B9D48 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BE9F8 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B9B28 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B9B30 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BE728 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B1088 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B0FC0 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B5C30 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B5C20 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B907E Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B90A8 Relevance: .2, Instructions: 168COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD71E Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B6230 Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B5928 Relevance: .2, Instructions: 162COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B5918 Relevance: .2, Instructions: 157COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BE430 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BE800 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD728 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B5FC8 Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B6498 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B5FD8 Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B64A8 Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B6F31 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013B6F48 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 9.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 6.2% |
Total number of Nodes: | 1648 |
Total number of Limit Nodes: | 24 |
Graph
Function 0040B7EC Relevance: 52.9, APIs: 27, Strings: 3, Instructions: 430stringsleepmemoryCOMMON
Control-flow Graph
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A1C1 Relevance: 30.3, APIs: 12, Strings: 5, Instructions: 566networkfileCOMMON
Control-flow Graph
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414C66 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 184memoryCOMMON
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BE20 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414F0E Relevance: 3.0, APIs: 2, Instructions: 24COMMON
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418B05 Relevance: 227.1, APIs: 151, Instructions: 633libraryloaderCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042604E Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
Control-flow Graph
C-Code - Quality: 56% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041537D Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57registryCOMMON
Control-flow Graph
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401000 Relevance: 9.1, APIs: 6, Instructions: 55memoryCOMMON
Control-flow Graph
C-Code - Quality: 32% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E24D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 78% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004044A3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041462B Relevance: 3.0, APIs: 2, Instructions: 44COMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042637A Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041208D Relevance: 70.3, APIs: 34, Strings: 6, Instructions: 344filestringCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040954D Relevance: 66.9, APIs: 35, Strings: 3, Instructions: 351stringfileCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411DA6 Relevance: 59.7, APIs: 31, Strings: 3, Instructions: 199stringfileCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409ADF Relevance: 56.3, APIs: 17, Strings: 15, Instructions: 284stringCOMMON
C-Code - Quality: 35% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C955 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 149stringfileCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408B15 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 115filestringmemoryCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004101E9 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 177fileCOMMON
C-Code - Quality: 57% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004166F5 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 129windowCOMMON
C-Code - Quality: 17% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411117 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 120filestringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041048F Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 135fileCOMMON
C-Code - Quality: 25% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041593C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 78memoryCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040781A Relevance: 14.4, APIs: 3, Strings: 5, Instructions: 399timeCOMMONCrypto
C-Code - Quality: 89% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C6DE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 441COMMONCrypto
C-Code - Quality: 96% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 32% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A969 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 31% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004162AB Relevance: 4.6, APIs: 3, Instructions: 66fileCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428C1D Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D87A Relevance: 159.7, APIs: 78, Strings: 13, Instructions: 414stringnetworkmemoryCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AFB3 Relevance: 145.7, APIs: 58, Strings: 25, Instructions: 464stringmemoryCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EC59 Relevance: 70.3, APIs: 39, Strings: 1, Instructions: 281stringmemoryfileCOMMON
C-Code - Quality: 36% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FB18 Relevance: 65.0, APIs: 34, Strings: 3, Instructions: 235stringmemoryfileCOMMON
C-Code - Quality: 34% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411867 Relevance: 63.3, APIs: 33, Strings: 3, Instructions: 332stringregistryCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F094 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 185stringmemoryfileCOMMON
C-Code - Quality: 59% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004133B9 Relevance: 40.5, APIs: 12, Strings: 11, Instructions: 252stringmemoryCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413159 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 104stringCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415007 Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 123registrystringCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412D3C Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 162stringCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BC80 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 63stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040878A Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 236stringCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041001C Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 131stringmemoryfileCOMMON
C-Code - Quality: 51% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F6A9 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 131stringmemoryfileCOMMON
C-Code - Quality: 51% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F346 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 129stringmemoryfileCOMMON
C-Code - Quality: 27% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D708 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 124networkfilesleepCOMMON
C-Code - Quality: 48% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412FC2 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 105libraryloaderstringCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 25% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F505 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 119stringmemoryfileCOMMON
C-Code - Quality: 47% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FE87 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 118stringmemoryfileCOMMON
C-Code - Quality: 25% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ACB9 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 228stringnetworkCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407E8D Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 253filetimeCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408464 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 122stringCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409404 Relevance: 18.1, APIs: 12, Instructions: 114COMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DE3A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 91networkmemoryfileCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BDB5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 170fileCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409E88 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160stringCOMMON
C-Code - Quality: 77% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004112D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98memorystringCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041527A Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49registryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414F5B Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49registryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004151AA Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 45memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425DD8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DFD3 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E6CB Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 110memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E874 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106memoryCOMMON
C-Code - Quality: 57% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A9FD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 98stringCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 22% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D694 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38stringnetworkCOMMON
C-Code - Quality: 67% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413EC2 Relevance: 7.6, APIs: 5, Instructions: 140COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 57% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422891 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
C-Code - Quality: 30% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D711 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C21B Relevance: 6.1, APIs: 4, Instructions: 98timeCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415E43 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38stringCOMMON
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416388 Relevance: 6.0, APIs: 4, Instructions: 34fileCOMMON
C-Code - Quality: 30% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040440A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040453E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042260A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420A11 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMONLIBRARYCODE
C-Code - Quality: 48% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |